Joshua
09-25-2003, 12:54 PM
A damning report sponsored by Microsoft's competitors concludes
that dependence on the software giant's Windows "monoculture" is a
national security risk. Security experts released the report this week
in Washington, DC, at the annual Washington Caucus of the Computer &
Communications Industry Association (CCIA), which Sun Microsystems and
Oracle back. Regardless of the association's supporters, the report
comes at a sensitive time for Microsoft, which has come under fire
recently in the wake of widespread security problems with its
software. Last month, the MSBlaster worm and SoBig.F virus caused
billions of dollars in damages to Windows-based systems. Both attacks
took advantage of weaknesses for which Microsoft had already provided
fixes, but because Windows is so widely used, the attacks devastated
corporations worldwide.
In the 24-page report, "CyberInsecurity: The Cost of Monopoly,"
seven security experts recommend that national and local governments
consider open-source alternatives to Microsoft programs such as
Windows and Microsoft Office. They also recommend that Microsoft port
its popular Office software to other platforms, including Linux.
Otherwise, they say, bugs in Microsoft's complex, closed, and dominant
software could compromise US national security. "When the government
uses a product whose monopoly position undermines its security,
antitrust becomes a national security issue," Daniel Geer, lead author
of the report, said.
"Microsoft's operating systems are notable for their incredible
complexity," the report notes, "and complexity is the first enemy of
security." The report also touches on Microsoft's recently touted
integration strategy, explaining that the company is simply
solidifying its dominance by making Microsoft software work better
with its monopoly Windows and Office products. Furthermore, the report
raises an interesting question about whether Microsoft is using the
recent spate of security problems to force customers to upgrade to new
software versions so that they can get better security features.
"Under the guise of security, [Microsoft is] achieving lock-in," said
Bruce Schneier, a coauthor of the report. "It's using security
technologies to extend the monopolies."
From Microsoft's perspective, the report is just the most recent
attack from the CCIA, which is also suing the company for its
antitrust abuses and has spent much of the past few years lobbying the
federal government to stop using Microsoft software. In some ways, the
report's timing is also suspect: Is the CCIA taking advantage of the
recent security hacks to, in effect, kick Microsoft when the company
is down? And if so, isn't the CCIA's tactic no better than the
integration strategy of which it accuses Microsoft in its report?
Microsoft officials made few comments in the wake of the report, but
one representative did say that the company is reviewing the document.
"We recognize that the CCIA represents many Microsoft competitors, but
we are 100 percent committed to addressing the security concerns of
customers, so we will review their white paper and address any
concerns that they raise," the representative said.
that dependence on the software giant's Windows "monoculture" is a
national security risk. Security experts released the report this week
in Washington, DC, at the annual Washington Caucus of the Computer &
Communications Industry Association (CCIA), which Sun Microsystems and
Oracle back. Regardless of the association's supporters, the report
comes at a sensitive time for Microsoft, which has come under fire
recently in the wake of widespread security problems with its
software. Last month, the MSBlaster worm and SoBig.F virus caused
billions of dollars in damages to Windows-based systems. Both attacks
took advantage of weaknesses for which Microsoft had already provided
fixes, but because Windows is so widely used, the attacks devastated
corporations worldwide.
In the 24-page report, "CyberInsecurity: The Cost of Monopoly,"
seven security experts recommend that national and local governments
consider open-source alternatives to Microsoft programs such as
Windows and Microsoft Office. They also recommend that Microsoft port
its popular Office software to other platforms, including Linux.
Otherwise, they say, bugs in Microsoft's complex, closed, and dominant
software could compromise US national security. "When the government
uses a product whose monopoly position undermines its security,
antitrust becomes a national security issue," Daniel Geer, lead author
of the report, said.
"Microsoft's operating systems are notable for their incredible
complexity," the report notes, "and complexity is the first enemy of
security." The report also touches on Microsoft's recently touted
integration strategy, explaining that the company is simply
solidifying its dominance by making Microsoft software work better
with its monopoly Windows and Office products. Furthermore, the report
raises an interesting question about whether Microsoft is using the
recent spate of security problems to force customers to upgrade to new
software versions so that they can get better security features.
"Under the guise of security, [Microsoft is] achieving lock-in," said
Bruce Schneier, a coauthor of the report. "It's using security
technologies to extend the monopolies."
From Microsoft's perspective, the report is just the most recent
attack from the CCIA, which is also suing the company for its
antitrust abuses and has spent much of the past few years lobbying the
federal government to stop using Microsoft software. In some ways, the
report's timing is also suspect: Is the CCIA taking advantage of the
recent security hacks to, in effect, kick Microsoft when the company
is down? And if so, isn't the CCIA's tactic no better than the
integration strategy of which it accuses Microsoft in its report?
Microsoft officials made few comments in the wake of the report, but
one representative did say that the company is reviewing the document.
"We recognize that the CCIA represents many Microsoft competitors, but
we are 100 percent committed to addressing the security concerns of
customers, so we will review their white paper and address any
concerns that they raise," the representative said.