I am in San Francisco’s Moscone Center at the RSA Conference, perhaps the biggest "dog and pony" of the security world. Bill Gates’ keynote is coming up, so I am trying to scoop all my press buddies by blogging this in real-time (okay, it’s not really real-time, but we won’t get into that).

For about a week now, folks have been asking me and pondering what Mr. Gates will say during this particular keynote. I’ve been saying he will just repeat what Steve Ballmer and other Microsoft folks have been saying for six months. Plus, I am always a little nervous that some obnoxious security person is going to do something we’ll all regret later (no pies, please).

[Sidenote: Mike Assante, CSO of AEP just got a fantastic award. An inspiring speech as well. Congratulations, Mike]

Here we go.

Title: Raising the Security Bar
"The Davos Doodle" – Bill Gates writes important notes while sitting next to Tony Blair, PM of U.K. The press got the notes and mistakenly believed they were from Mr. Blair. Hilarious take off on what the notes said "remind Melinda to record 24," " hungry – need cheeseburger," and "new password: BillG1234". Pretty funny.

Slide 1: Computers are cool, security is a challenge.

Slide 2: Microsoft Security Focus – Technology Investments; Prescriptive Guidance; Industry Leadership.

Slide 3: Choice Quote: "Gartner said 75% of vulnerabilities occur at the application layer. That’s code written by our customers." Hmmm, I’m not sure that is what Gartner meant (even though the number is a red herring anyway). Part of the problem with security at the application layer is that we aren’t sure what the layer actually is. (In some respects it doesn’t matter, since a compromise is a compromise).

Slide 4: Technology slides – including Updating, Isolation, Authorization and Access Control, and Protection from Internet-enabled social engineering.

Slide 5: Updates must reduce "encompassed fixes," increase compatibility, and provide broader pre-release testing.

Quote: "Typically, we’ll have over ten thousand desktops when testing, and hundreds and thousands of servers."

Slide 6: More on Updating – announcing a clean, single one-update center and scanner for Microsoft Update. Auto Update for consumers, Windows Update Services for SMB’s, and SMS for enterprises (new!).

Potential impact on Patch Management solutions. Third-Party Patch Management solutions must provide heterogeneous support for technology (non-MS apps) and flexibility in deployment.

Slide 7: Host Isolation – Windows XP SP2; Win2K3 SP1; MS Windows AntiSpyware; Software Restriction policies (group policies).

Win2k3 SP1 includes built-in quarantine capability.

Video: Holland and Knight

Slide 8: XPSP2 – included IE 6.0 SP2 capabilities.

Slide 9: Microsoft AntiSpyware provides "over 50 different places" (later we found out it appears to be 59 points) where we’ve added capability for real-time detection. Acquired a company called Giant late last year.

"we get about a half million reports a day through SpyNet" to create signatures. Half the users in the AntiSpyware beta participate in the network.

AntiSpyware capability will be available at no additional charge to Windows users – blocking, scanning, and removal capabilities. Free to all Windows licensees.

Impact: companies like Webroot, which just received over $100 million in venture capital funding, have their work cut out for them. Since spyware is a client-oriented problem (as opposed to patches that are necessary for all systems), and the opportunity for heterogeneous support is limited, this will be a challenge for them. Add to that two facts: 1) Spyware as a problem is still fairly nascent; and 2) Microsoft already has a beta on the streets.

SpyNet research center at Microsoft (www.spynet.com) – three million participants in a "majority rules" with further analysis process.
(Spoofing spynet: might be interesting to see what happens if a spyware distributor downloads MS AS and accepts its own spyware over and over.)

Slide (I don’t know): Announce IE 7.0 available to WinXP SP2 licensees (new!).

Network Isolation – IPSec capability will create isolated networks using IPSec to control connections and create various zones of trust.

Perimeter Isolation – ISA Server 2k4 (new!); Exchange Server; and Sybari Antigen are key components.

"We are on a path to deliver antivirus capability broadly to consumers by the end of this year." This sounds like the confirmation of speculation that the antivirus space needs a new cash cow.

Microsoft digital identity management capabilities provide more certificate management capability. Ships with Win2k3 SP1. Microsoft’s Identity Integration Server 2003 provides more provisioning and authorization capabilities for directory management.

Windows Server "r2" will have "federated identity management" to share certificates via chain of trust across domains. It is not clear whether this will support non-MS domains.

Access Control: Rights Management Server SP1 will provide persistent information protection, new lockbox business scenarios, and other enhancements. (Josue Fontanez, Senior Product Manager, SBTU)