In his keynote address at the RSA Conference Europe 2006 in Nice, France, Microsoft's Security Technology Unit corporate-vice president Ben Fathi described some of the Redmond, Wash.-based vendor's investments to enable a "trust ecosystem," pointing to security advancements in the forthcoming release of Windows Vista as an opportunity for the industry to become more proactive in its aim to provide users with a safer computing experience.
Specifically, Fathi announced milestones toward this goal, including the availability of Certificate Lifecycle Manager beta 2, a digital certificate and smart cards management solution; the general availability of Windows Defender, a free anti-spyware solution; and the availability of the Sender ID Framework specification for e-mail authentication under Microsoft's Open Specification Promise (OSP).
"As threats continue to evolve and computing advances, we need an environment that engenders trust and accountability," Fathi said in a statement. "To help protect customers and ensure the long-term success of the computing ecosystem, the industry must embrace change and innovation."
Fathi said the security industry must build more innovative security solutions than it did in the past to help protect customers. He described how Microsoft improved the security, reliability and integrity of the Windows kernel through technologies such as Kernel Patch Protection in 64-bit environments, including Windows Vista, to provide greater stability, protection and defense against malicious threats.
According to a Microsoft statement, Kernel Patch Protection "raises the bar for security and provides an opportunity for the security industry to extend this work by designing next-generation security solutions."
However, Natalie Lambert, security analyst with Forrester Research in Cambridge, Mass., said some big security vendors are "up in arms" about the technology. "Kernel Patch Protection locks down the kernel to protect it from hackers. But security vendors' solutions today run at the kernel driver level to monitor system calls, to help protect against zero-day attacks," she said. "With the lock-down, many other products will not work and other vendors will have to re-architect their products."
Fathi said Microsoft is committed to working with security partners to provide the kernel functionality they need, beyond what is available today in Windows XP and Windows Vista, without bypassing Kernel Patch Protection.
To illustrate how the evolving threat landscape requires new thinking about how to make operating systems more secure and reliable, Fathi cited findings in the recently-released Microsoft Security Intelligence report, which found that threats against consumers and businesses are becoming more targeted and motivated by financial gain, with backdoor Trojans and bots continuing to make up a significant percentage of the malicious software detected by the firm's anti-malware offerings.
Lambert agreed that threats are becoming more targeted. "In general, it's no longer about creating a virus that will get your name into the papers," Lambert said. "Malicious software can now be targeted at an organization to gain some type of competitive advantage or financial information." When malicious code is used against competitors, it's because the party sending out the malicious code "knows something about the different people in the organization and target them specifically," she explained. "They know which AV (anti-virus) you have and they are really going after whatever they can in a very targeted manner to get very specific information."
Lambert said that Forrester is able to gauge what is on clients' minds by the questions they submit to analysts. "I get a lot of questions from our user base talking about these targeted threats. They care about it and they are concerned, and they want to know the type of solutions they should be using to mitigate these threats," she said.
Ideal solutions should go beyond point products, and should include anti- virus, anti-spyware and anti-malware
