Interview: Symantec's John Thompson talks about big picture security

Security efforts to focus on processes first, then technology

1 2 Page 2
Page 2 of 2

IW: Is it a basic flaw in the Windows architecture that makes it so vulnerable to attacks or is it that it is just so pervasive that it is naturally the first target hackers go after?

Thompson: Both, a combination of both. First off, Windows was designed to be a single user operating system environment. The core of Windows was created back when you and I had PCs that only did work for you and me. And now it is the ubiquitous computing environment for a networked world. That is not what it was originally intended to be. And so it has been stretched and stretched and stretched beyond what its core capability or core intent was. So now it sits as the underpinning for the vast majority of connected devices in this world.

IW: How aggressive will you be with your Linux strategy the next year or two?

Thompson: Well today all of our gateway security appliances are built on a Linux platform. As the year unfolds we will release a Linux client, so our AV product will be ported to a native Linux environment. So to the extent that users move to a Linux desktop we plan to have products there to help support them.

IW: People have talked about the software-as-a-service approach to selling for some time but it never catches on. Why do you think it will work now?

Thompson: Well it is not clear to me that all software can be delivered as a service to all customers. But it is clear that software delivered as a service to certain classes of buyers makes a lot of sense. Case in point: There is a good argument to be made that security can be delivered in part as a service. However, that being said, it is still going to require some action on the part of users to ensure that they are secure. I can deliver a seat belt in a car,[but]  the user must take some action to enable that seat belt. The same analogy works in the security domain where just because the service provider supplies some level of content filtering or fire walling doesn't mean I won't need protection on the device itself. Getting people to recognize what their role is in security in their environment, and how software can de delivered as a service as part of that, is a very important set of activities for us over the next 12 to 18 months.

Copyright © 2004 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
How to choose a low-code development platform