Thompson said the security industry in general and Microsoft in particular are currently unable to deal with security threats and must take drastic steps to regain the confidence of the market.
Earlier, Bill Gates had discussed a series of Microsoft initiatives to combat security threats, including the surprise disclosure of a new version of Internet Explorer, a consumer antivirus product to launch "by the end of the year", and the company's antispam product which is currently in beta.
But Thompson, speaking in the slot immediately after Gates, said that while he applauded Microsoft's efforts, "they will not be sufficient." In particular he said Microsoft's exclusive focus on the Windows platform was a weakness in a market where customers need to tackle security risks across their entire environment in a consistent manner. Microsoft's technology "is not cross-platform, and may be genetically unable to be so," Thompson said.
Thompson called for a shift to an offensive approach, with technology across the infrastructure able to react in unison to address a threat. "We've got to develop infrastructure that actively resists threats and rapidly recovers from incidents," he said. But he warned this will require much greater interoperability from vendors than they have previously offered.
Critics suggested Thompson was taking the offensive over the threat of Microsoft's imminent entry into the consumer AV marketplace Symantec has dominated for so long.
The Slammer virus had highlighted the fragility of the security industry, Thompson said. "It showed that security as it had been traditionally defined is no longer sufficient. Slammer changed the rules. It was clear that companies did not understand their infrastructure well enough to deal with Slammer."
"And Slammer did not even have a malicious payload," he added. "It gave us a foreshadowing of what is to come."