IMPROVING THE TECHNOLOGY
Although everyone could agree on the need to improve the technology of secure systems at numerous levels, the best solutions to the problems were debatable.
HEIM: Let me share some customer frustration. At the end of the day, we haven’t solved many of even the most basic problems. We’re still relying on passwords, which have been around as long as mankind. We still have significant problems with the buffer overflows and other remnants of C programming. We still haven’t gotten beyond signatures for identifying malicious code, even though researchers have been promising algorithms and other advances for two decades plus now. So we’re looking at these evolving threats but we haven’t fixed the basics yet. And honestly, what I’m being asked to do, as a customer, is keep buying more band-aids. Put a band-aid on top of a band-aid; buy many, many bandaids. There’s a strong economic model involved in selling those. But I don’t see anybody trying to fix the underlying problems with any degree of focus.
SHERSTOBITOFF: I mean, you can fix the password situation. You can patch all the time. But here’s the thing. Because hacking is for profit, hackers will take every effort to find fresh vulnerabilities. And because there are organized groups of hackers here -- I mean, they have their own quality assurance and all of that -- they’re still going to be one step ahead. So that’s why technology still needs to be there to circumvent those attacks, even though the foundations of securing operating systems also needs to improve in parallel with it. We can’t do without either one.
LIPNER: I think you make a great point, Patrick, about things still not being where they need to be. What we’re advocating for the community—not just as a Microsoft initiative—is the notion of end-to-end trust, which really has two aspects. One aspect is, yes, you have to do the basics. You have to drive out the buffer overruns. You have to eliminate the vulnerabilities. You have to chase out cross-site scripting and so on. And those are frankly hard things to do because of the technological legacy that we have. They’re not going to be achieved overnight. The other aspect is that we have to make some fundamental changes around accountability. We need to get rid of passwords. I mean, we’ve been saying that for, I don’t know, 10 or 20 years?
DIFFIE: I disagree with it. I don’t think we should get rid of passwords. I think they should work somewhat differently …
LIPNER: We need stronger authentication. We need to get to the point where users authenticate in a way that doesn’t put a premium on personally identifiable information, and where users can know whom they’re dealing with. Because a lot of the spam and a lot of the hokey web sites are about fooling users. That’s partly a matter of users and training. But a lot of it is a matter of the technology. We ought to be building the technology so that users are presented with an environment that they can trust and understand. And they shouldn’t have to click through 38 levels of SSL dialogue to get it.