[14281] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Reliance on Microsoft called risk to U.S. security

daemon@ATHENA.MIT.EDU (R. A. Hettinga)
Thu Sep 25 11:10:02 2003

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 25 Sep 2003 09:46:20 -0400
To: Clippable <rahettinga@earthlink.net>
From: "R. A. Hettinga" <rah@shipwright.com>
Cc: cryptography@metzdowd.com

<http://channels.netscape.com/ns/news/story.jsp?id=200309241951000228064&dt=20030924195100&w=RTR&coview=>




Reliance on Microsoft called risk to U.S. security 


SEATTLE, Sept 24 (Reuters) - Computer security experts issued a joint report on Wednesday saying that the ubiquitous reach of Microsoft Corp.'s software on desktops worldwide has made computer networks a national security risk susceptible to "massive, cascading failures." 

The report, unveiled at the Computer & Communications Industry Association's meeting of industry leaders and government officials in Washington, D.C., saying that Microsoft is now the number one target for malicious computer virus writers. The report's authors told CCIA -- which is funded by Microsoft rivals -- that the software's complexity has made it particularly vulnerable to attacks. 

So far this year, two major viruses emerged that took advantage of flaws in Microsoft software. 

Slammer, which targeted computers running Microsoft's server-based software for databases, slowed down Internet traffic across the globe and shut down flight reservation systems and cash machines in the United States. 


The Blaster worm burrowed through hundreds of thousands of computers, destroying data and launching attacks on other computers. 


"The nature of the platform that dominates every desktop everywhere is such that its dominance, coupled with its insecurity, cannot be ignored and is a matter of corporate and national policy," said Dan Geer, a security consultant and chief technology officer of @Stake, a computer security company. 


Geer, along with other well-known computer security experts Rebecca Bace, Peter Gutmann, Perry Metzger, Charles Pfleeger, John Quarterman, and Bruce Schneier, said they issued their report to raise awareness of the risk to national security by using a single, wide-spread software system. 


The report's authors said the report was a reflection of their own views and not necessarily those of the CCIA, an industry trade group of Microsoft's competitors that has a long history of suing the world's largest software maker. 


But in response to the report, Americans for Technology Leadership, an industry trade group backed by Microsoft and other companies and organizations, called the report an attempt by the CCIA to exploit the "serious issue of cyber-security." 


"Cyber-security is an industry-wide problem that will not be solved by malicious finger pointing and political attacks," Jim Prendergast, executive director of Americans for Technology Leadership, said in a statement. 


IS MONOPOLY THE PROBLEM? 


Microsoft, which launched its Trustworthy Computing initiative in early 2002 to make its software more secure and reliable, said it is continuing to work with its customers and the government to make its software "as secure, private and reliable as possible." 


"Microsoft considers security for all of our customers -- from government networks to individual PC users -- to be our top priority," said Microsoft spokeswoman Ginny Terzano. "The widespread use of Microsoft products around the world means we are constantly working to be responsive when vulnerabilities occur." 


But the security experts said the issue of computer security had more to do with the ubiquity of Microsoft's software than any flaws in the software. 


The best solution, the report's authors argued, is to adopt a mix of different computer systems that will reduce the risk of a single security incident crippling a company or a government agency. 


"Having more than one operating system running inside your enterprise would be a substantial improvement," said Geer. 


Bruce Schneier, a co-author of the report and chief technology officer of network monitoring firm Counterpane Security, noted a recent initiative by Japan, Korea and China to develop an alternative operating system to Microsoft's Windows to enhance security. 


"I wouldn't put all of the blame on Microsoft," Schneier said, "the problem is the monoculture." 


-- 
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post