Forum latest

Vista security questioned
Written by Daniel   
Wednesday, 07 February 2007 09:41
Microsoft Vision Raises Questions
FEBRUARY 7, 2007 | SAN FRANCISCO -- RSA Conference -- Microsoft's top dogs in security offered their vision of the future of enterprise security in their keynote address here yesterday. But some attendees left the address scratching their heads, wondering about the efficacy of some key building blocks in the software giant's strategy.

In their presentation, company chairman Bill Gates and chief resource and strategy officer Craig Mundie described a "trustworthy computing" environment built on IPSec, digital certificates, and IP Version 6. The company also unveiled its initial implementations of Enhanced Validation SSL and CardSpace, a means of storing data from tokens of authentication on a PC.

But many of these key components of Microsoft's strategy are unproven, and in some cases they are downright controversial, observers note. IPSec, for example, has been criticized for its potential to serve as a carrier for future malware.

SSL VPNs are more secure than IPSec when the remote user's machine is connected to the network, said Dino Dai Zovi, a researcher with Matasano Security, in an interview last year. (See Holes Remain in SSL VPNs.)

"With an IPSec VPN, the remote user's machine is fully connected to the remote network," Dai Zovi said. "Worms and other malware can connect directly to hosts on the corporate network over the VPN link. With an SSL VPN, software running on the remote user's machine does not have direct access to the corporate network."... More

Comment in the Forums 

Don't Click Here Don't Click Here Either