. Q: What can we do with sandboxing to use code safely? Is this the future or just a stop gap.
MH: the managed environment is all about this - you will get software from lots of places, some will be more or less trusted. This doesn't really help with unmanaged code (there probably is no good story there), but managed code is the future direction.
JH: we need to do more - particularly with respect to specifying what resoruces an assembly can consume. HS: stuff like strong naming is another important aspect to addressing the issue.
Q: Following on, what can we do to manage code
JH: First, you have to have security in depth - firewalls, stopping call-out, process/machine security and isolation is all part of it.
MH: Isolation is important. For example, he's locked down his wife's computer to the point where she just can't do much. The issue is how can we do this without annoying them.
HS: Defense in depth is a good thing - but the problem does not have to be solved only on the client.
JG: Sandboxing is great, but it is not enough. With the newer threat models, you need to think about dependencies between components and you need to be familiar with the compoennts being created. You have to think about this in more engineering terms - it's more than just 'making it work'. EG: a bridge out of balsa wood - it might work, but it's not robust.
Q: Will there ever be a time when everything is secure and unified?
JH: "At MS we're well down the road' but we need to do more. We need to develop models that model our social intereactions.
JG: we have some great opportuniees, thanks to Moores law, to help us. We have type-safe languages by C# that help. Web services, with detailed interface contrants - we're on a road to a better future.
HS: He had a conversation with Vint Cert, and they agreed that had we known then what we know now, the Internet would have been architecte differently.Look at cards, you can't get a car today without seatbelts, air bags, etc. IPV6 is an example of this moving forward.
CE: The firewall is just a band-aid - we shouldl not just always accept anonymous connections - anynoymus should probably not be the default
Q: Key management - it's hard - what can be done?
HS: Amazed we have not done more to adopt PKI. There are scaling issues but there should be better PKI. MOD: key maangement is not somethign you can just code - you have to design the ceremonies too (key exchange). There needs to be multiple cert levels (one for a simple web site, 2nd to buy something, 3rd for bank-bank). Need to balance the interaction against the key pretection. The level of automation can be an issue.
Q:Does VM technology provde a way forward?
JG: yes, but it's hard too - not a good user experience. SEE is possibly a better approach.
Q:What is being done to improve thigns? MH: MS is going to product a security cert for devs. This is in the early days, so no details, but it's coming.
Q. How much effort is beign put into Security?
JG: Jason started by pointing out that it's MS's goal to never have to take an entire team offline again. It was a remediation, but should not be needed again. Having said that, things are still not good enough and 'steady state' has not been achived yete. MS is overspending on resources - but that's probably ok!
MH: Secuirty adds around 12% to the overall project timescaales - but security is not extra, it's part of doing the job.
Q: Will we evver have security untill MS manufactures hardware (smart cards) and make this ubiquitious. A: not sure - what about the UI? It's possibly not the full answer. Q: What would make networks more secure - if you could have it? JH: Hardware is not the only issue - we have the software tools to secuiryt systems today. JG: There's not too much at the chip leve - but NGSCB is MS's wish list - but it will take a while. Offload processing is also something that needs to be looked at - crypto offload is available today. Q: what about the ISPs? Smart cards, biometrics are all wonderful, but until the ISPs stop disallowing spammers, and virus infected systems onto their networks we're still in a bad situation. A: there's more to do. It was an interesting session - more for the brutal honesty and total lack of marketing fluff. I'm convinced that the transcript of this session should be published.