Linked by Thom Holwerda on Wed 3rd May 2006 15:53 UTC, submitted by Allen Nixon
Windows Microsoft has shelved plans to include built-in support for RSA Security's tokens in Windows Vista, even though the company has been testing out the authentication technology for almost two years. In February 2004, Microsoft Chairman Bill Gates said that Windows would be able to support easy integration with RSA's popular SecurID tokens. That meant businesses would find it far easier to deploy a two-factor authentication system for logging on to networks and applications. However, almost two years after the SecurID beta-testing program kicked off, RSA's chief executive, Art Coviello, disclosed that Windows Vista will not natively support the technology.
Order by: Score:
Today...
by Tuishimi on Wed 3rd May 2006 16:17 UTC
Tuishimi
Member since:
2005-07-06

...Microsoft announced that they will no longer support the following technologies in their operating system, as was previously announced:

A file system
Device drivers
A scheduler

Even tho' they announced these technologies 20 years ago with Windows 1.0, they have not been able to get it to work with the latest installment of Windows, Vista.

An official at Microsoft was quoted as saying "We WILL release Vista on schedule... well, the latest schedule anyway, 3rd quarter in the year 2011 but unfortunately you will not be able to save your work (or load any data for that matter), print or use your mouse, or be able to run more than one application at a time. This will be the safest, fastest and most reliable Windows EVER!"

Reply Score: 5

Hm.
by smitty_one_each on Wed 3rd May 2006 17:16 UTC
smitty_one_each
Member since:
2005-07-07

"It has gone slowly, and it has gone slowly for a number of reasons," Coviello said. "Microsoft has given us source code so we can replace the Microsoft logon screen. However, it is not yet native to the operating system. So it still requires some work at the desktop, which slows down the adoption rate."

I'm just curious how much of that slowness is due to copyright/trademark/patent concerns.
Not to minimize the technical issues, but I would be unsurprised to learn that this is an example of the wrongheaded legal system again failing to promote innovation and better end-user products.

Reply Score: 3

ApproachingZero
Member since:
2005-11-10

Just keep choppin' and cuttin' and you'll get it out the door eventually, Bill.

This is the problem I have with people who defend Microsoft (usually in contrast to Apple) by saying "corporate IT likes that Microsoft provides a roadmap for the next three years". Does corporate IT mind at all that the roadmaps MS provides are consistently and completely false?

Reply Score: 5

It's a shame ...
by Disruptor on Wed 3rd May 2006 19:46 UTC
Disruptor
Member since:
2005-11-06

Mark my words. Though MS is slipping and slipping, still it'll come out of this 80% intact. And then regain the 20% it lost in just a few years. Why? Well, MS coding was always notorious and never famous. Did it _ever_ cost them enough to take them down? Far from it. Strong marketing is their strong point, cause as we all know marketing rules, engineering not. Maybe Apple and GNU/Linux will somewhat benefit from all this but in any case not anything special. I mean windows has a tremendous installed base and affiliations with every government on the planet and this part of the picture by no means is going to change anytime soon. And from that point on it's not a matter of choice, it's a matter of a well established monopoly with far too solid foundations. MS will jump, swim, run, crawl, fight with claws and teeth to keep their customers/government agencies locked-in. How can this monstrosity be taken down? *Sigh*

Reply Score: 2

so... PAM in windows?
by eantoranz on Wed 3rd May 2006 20:17 UTC
eantoranz
Member since:
2005-12-18

so.... MS Vista will have support for something like PAM? And I bet it will make headlines everywhere!.. you know, INNOVATION! Don't know if I should laugh or cry.
.... and by the way:
"via its Kerberos authentication protocol".
Kerberos doesn't belong to MS... at most, it could be their implementation. MS almost owns our lives, I guess.

Reply Score: 2

RE: so... PAM in windows?
by Wes Felter on Wed 3rd May 2006 22:27 UTC in reply to "so... PAM in windows?"
Wes Felter Member since:
2005-11-15

IIRC, GINA is the Windows equivalent of PAM and has existed for a few releases. But there are very few GINA plug-ins.

Reply Score: 1

RE[2]: so... PAM in windows?
by Ookaze on Thu 4th May 2006 11:44 UTC in reply to "RE: so... PAM in windows?"
Ookaze Member since:
2005-11-14

IIRC, GINA is the Windows equivalent of PAM and has existed for a few releases. But there are very few GINA plug-ins.

GINA is not a PAM equivalent at all.
It can't handle adding new authentication methods dynamically or even statically, or stack them, or manipulate their result.
GINA is more like a DM (like xdm, gdm) without PAM support. You can choose between what is provided,
or develop a replacement that follows the specs (API).

Reply Score: 2

RE: so... PAM in windows?
by Marcellus on Thu 4th May 2006 06:18 UTC in reply to "so... PAM in windows?"
Marcellus Member since:
2005-08-26

"via its Kerberos authentication protocol".
Kerberos doesn't belong to MS... at most, it could be their implementation. MS almost owns our lives, I guess.


It's not a direct quote from what MS said, and it's most likely CNET that worded it this way. I take it to mean the Vista implementation even if I understand that it could be read other ways.

Reply Score: 1

Disapointing
by flanque on Wed 3rd May 2006 21:56 UTC
flanque
Member since:
2005-12-15

This is really disapointing. I am a real believer in the RSA SecurID cards.

I've tried the most current beta of Vista and practically speaking for the end users (and arguably technology decision makers) Windows Visa seems to be becoming less of a new operating system and more of an extension of XP.

With what has been made available, about the only compelling thing is the changed interface skin but that has almost zero appeal unless a case can be made for significant streamlining productivity gains. Even still.

I'm sure the deployment tools will improve but that is hardley cause for a new operating system.

It's almost like the Visa box-art should have a "Features not included:" or "Features coming:" bullet list.

I have a feeling the Vista uptake is going to be much slower than the XP uptake. Even the XP uptake would seem be lagging as well. It's just too darn expensive to test and deploy a new operating system to thousands of workstations "just because".

Reply Score: 3

RE: Disapointing
by elsewhere on Thu 4th May 2006 02:06 UTC in reply to "Disapointing"
elsewhere Member since:
2005-07-13

This is really disapointing. I am a real believer in the RSA SecurID cards.

SecurID is the leading product with the lion's share of the market, but it's a Cadillac solution with a price to match. Most companies deploying it do so for remote access, since SecurID support is built into virtually every mainstream VPN product. The companies that are using it for internal authentication are generally larger companies with compliance requirements or dealing with sensitive material and are more concerned with non-repudation, one advantage RSA has is that SecurID has received legal standing in court as proof of identity in digital transactions. So for companies that need it, SecurID's pricetag is justified (and it's recurring, since the tokens have a pre-programmed termination date).

But if Microsoft's real intent was widespread use of one-time passwords for authentication, they'd be better off making a plug-in solution that can work with considerably cheaper but equally effective vendors like CryptoCard or Secure Computing. They'd be more likely to attract medium sized customers into considering adoption.

Regardless, the majority of companies that are considering secure authentication will likely move to smart cards. Cheaper and more flexible, if not quite as secure or portable. One time password solutions will likely remain the domain of remote access/online transactions or environments requiring a higher level of secure authentication.

One more feature Vista is dropping, but I'd say it's more of a lack of perceived need than a lack of ability at this point. I'd be surprised if anybody other than RSA really cares.

Reply Score: 1

RE[2]: Disapointing
by Ookaze on Thu 4th May 2006 11:34 UTC in reply to "RE: Disapointing"
Ookaze Member since:
2005-11-14

One more feature Vista is dropping, but I'd say it's more of a lack of perceived need than a lack of ability at this point. I'd be surprised if anybody other than RSA really cares

How can you say that with a straight face, when one of the main feature cited for Vista is "more security" ?
And now you say there's "a lack of perceived need" for RSA ?

Reply Score: 1

RE[3]: Disapointing
by elsewhere on Thu 4th May 2006 20:13 UTC in reply to "RE[2]: Disapointing"
elsewhere Member since:
2005-07-13

How can you say that with a straight face, when one of the main feature cited for Vista is "more security" ?
And now you say there's "a lack of perceived need" for RSA ?


No, I'm saying there's lack of a perceived need for an RSA-specific solution to be built-in. RSA's solution already integrates well enough into a Windows infrastructure to offer secure authentication and single sign-on if customers want to deploy it.

If MS is serious about encouraging strong authentication they'll open Vista to securely work seamlessly with a variety of tokens, smart card or biometric solutions, which would make the technology more accessible to the bulk of their customers.

As I said, SecurID is a solid and proven technology, but it is considerably more expensive than alternative solutions and would be overkill in cost and functionality for many customers.

Reply Score: 1

RE[2]: so... PAM in windows?
by eantoranz on Thu 4th May 2006 14:21 UTC
eantoranz
Member since:
2005-12-18

It's not a direct quote from what MS said, and it's most likely CNET that worded it this way. I take it to mean the Vista implementation even if I understand that it could be read other ways.

I know probably it's not MS quote.. (I'd say we'd have to make sure it's NOT actually), but it only speaks of the appreciation out there that everything there is that be worth something in computing comes from MS... and I HATE IT!!!.

And anyway.... the best I can say about that actual quote is that it was inaccurate... and the worst is that it was misleading. Which one would you prefer?

Reply Score: 1

@ disruptor
by StychoKiller on Thu 4th May 2006 22:16 UTC
StychoKiller
Member since:
2005-09-20

Marketing can only put so much lipstick on a pig. Sooner or later, people will recognize it as a pig.

Reply Score: 1