When a Little Pessimism Rocks

5:55 PM -- "Stepto" -- a.k.a. Stephen Toulouse, Microsoft's high-profile, go-to security guy -- says his biggest fear about Internet security today isn't the next big worm or superbug. It's plain old complacency.

He's talking about that rose-colored glasses optimism that can cloud even the best-intentioned enterprise IT pro or executive's judgment. (Or for vendors, it's more like denial.)

"We work in a business where, in the back of their heads, some people believe" security problems will eventually be solved," says Toulouse, senior product manager for Microsoft's Trustworthy Computing Group.

Stepto's point is well-taken. He worries that vendors, researchers, and customers could get lulled into falling asleep at the switch. He doesn't want customers to get too comfortable thinking, for instance, the beefed-up security in Windows Vista will solve all security ills.

"You've got to remember the root cause here is crime," he says. "And we should absolutely make software more resilient, educate users more, [improve] policies... But in the end, it's the criminals who conduct the attacks."

Luckily, researchers still remain a step or two ahead of the bad guys. But as Microsoft learned the hard way, vendors need to forge close ties with researchers, he says, and find out what they see as the next big threat -- which ultimately helps vendors protect their own products. "We've [Microsoft] made a fundamental shift in our thinking there."

Just don't get too chummy, guys. Some healthy wariness and debate will keep you both on your toes, and keep the bad guys from catching up.

— Kelly Jackson Higgins, Senior Editor, Dark Reading