I am attending RSA Conference 2006 in San Jose this week. Here are some of my thoughts during the first day. Let me know if you would like to learn more about any of the topics below, or anything related to Microsoft and security. E-mail me your questions and I will do my best to address them this week. Or, SoundOff with your own comments at the bottom of the page.
Tuesday morning I was treated to Bill Gates' annual RSA address. My colleagues in the news department were disappointed that Bill did not make a big "newsy" announcement. Rather his address centered on the still rather vague topic of identity management and the reiteration of how great Vista and Longhorn will be. So, how long will I need to hear about Vista and Longhorn before the novelty of it wears off?
Identity management is an exciting subject though. Hopefully I won't be feeling the same way at next year's RSA about identify management as I do today about Vista and Longhorn. So far, I'm not impressed with Microsoft's strategy. I attended one session on Microsoft's identity and access plans. The session was labeled basic, but it dragged basic down into the realm of product promo. Buy more Microsoft products and you can achieve federated identity. I hate to be cynical, but that is what I got out of it. Very little about the needed Active Directory back end, very little about the hardware requirements, very little about how this would be implemented. Overall, it gave me very little hope we would see federated identity in the near future.
Speaking of Vista
At the keynote there were binders provided by Microsoft on everyone's seats. Along with some other stuff, the binders contained CDs with information and demonstrations on new products, particularly Rights Management Server and Certificate Management Server. Then, as I flipped to the back there was a page on Vista beta -- and no CD. I began to wonder if this thing would ever get shipped. It didn't matter that in the not-so-fine print it said I could pick up the CD at Microsoft's booth. Just my initial reaction to that missing CD was enough of a statement.
During Gates' presentation, he handed off demo duties to product manager Howard Ting. Ting proceeded to present a hypothetical situation in which Microsoft's identity management products could quickly solve the access problems of an employee who had lost his wallet, cell phone and laptop. Ting described the employee utilizing an "old laptop" as a replacement for the lost laptop. "As you can see, it is running Windows Vista," he said. At this point the audience burst into laughter. Ting froze, not realizing the humor in his statement.
Only in Microsoft's world do old laptops run products that have yet to be released.
Microsoft's literary no-nos and a "concept" car
Gates' descriptions of security vulnerabilities: "like long strings being inputted when they are not expected" and "code being inputted when an integer string is expected." Why would he feel the need to explain buffer overflows and SQL injections to a room full of security professionals? I guess these are officially bad words in the Microsoft lexicon.
Auto shows often feature concept vehicles: futuristic cars that never actually see production, though elements of the designs might eventually appear in an actual car. Watching some of the demos during the keynote reminded me of watching concept cars spinning on a platform: Nice to look at, but am I ever going to get to drive one?
For the here and now, a demonstration by Vista product manager Austin Wilson in which he described some of the new features of Internet Explorer 7. Among them, that IE 7 will only have access to the IE 7 portion of the Registry and it will only be able to install files in the temporary Internet folders. If you've spent your whole computing life in the Microsoft world, this is great news. If you've been exposed to any other system, your reaction to this can only be: "well, duh."
Tonight's top ten
Gates wasn't the only keynote. After RSA CEO Art Coviello spoke, Sun Microsystems' CEO Scott McNealy took the stage prepared to do his best David Letterman impersonation. The subject: top ten security systems administrator nightmares. How many of the ten do you think were digs at Microsoft? Half. Drum roll, please.
- You've had to get a patch for a patch.
- Blue Screen of Death (Mr. McNealy has never seen one himself).
- Company policy: Root-level access for everyone.
- You just got a new job and it's in an all-Windows shop.
- You've worn out all the Control, Alt and Delete keys.
Then there was the decades-old controversy over who invented the Internet. No, Al. Gore was not in attendance, but McNealy actually uttered the phrase: "We (Sun) invented open source." If interested, visit my colleagues at SearchOpenSource.com to find out if this is true.
Read Ben's blog of day two here.