Bill Gates throws down gauntlet on Web security

Very interesting to watch the Webcast of Bill Gates at the RSA Conference in San Francisco last night (UK time), during which he called for a major change in the way the IT industry works in order to bear online crime.

In an interesting reversal of Microsoft's we-can-do-it-ourselves strategy, Gates and Craig Mundie, his security guru called for a common standard for computer security technology and agreed that the traditional practice of "building walls and moats" to fortify networks isn't really good enough these days.

Coming in the wake of the Vista launch last week, this is an interesting change of strategy - although I'm sure Microsoft's PR peeps would argue otherwise.

Basically Gates is opening the doors to third party companies to develop a new generation of `trustworthy computing' applications that will allow people to use PCs and other Internet-connected devices without worrying too much about security.

Central to this strategy is the concept of a device offering a certificate in parallel with, or replacement of, a password.

Gates and Mundie also said he wants to develop an initiative with third party companies to fight the problem of phishing.

According to Mundie, it is like the industry has been in the medieval ages of computer protection,

"We put bigger walls, wider moats, and drawbridges. What we didn't see was the airplane and the missile coming at us," he explained.

"We could continue to invest in the fortress mentality, but most would agree that the castle is pretty porous - people are leaving and others need to get in," he said.

So where will this lead? Good question. My best guess is that Microsoft has some plans to upgrade Vista with new security facilities - developed in partnership with third party vendors - which we should see later in the year.

The fact that Vista's sales appeal will be boosted by all of this is, of course, quite coincidental...