Posted on 09/24/2003 5:13:32 PM PDT by E. Pluribus Unum
SEATTLE, Sept 24 (Reuters) - Computer security experts issued a joint report on Wednesday saying that the ubiquitous reach of Microsoft Corp.'s software on desktops worldwide has made computer networks a national security risk susceptible to "massive, cascading failures."
The report, unveiled at the Computer & Communications Industry Association's meeting of industry leaders and government officials in Washington, D.C., saying that Microsoft is now the number one target for malicious computer virus writers. The report's authors told CCIA -- which is funded by Microsoft rivals -- that the software's complexity has made it particularly vulnerable to attacks.
So far this year, two major viruses emerged that took advantage of flaws in Microsoft software.
Slammer, which targeted computers running Microsoft's server-based software for databases, slowed down Internet traffic across the globe and shut down flight reservation systems and cash machines in the United States.
The Blaster worm burrowed through hundreds of thousands of computers, destroying data and launching attacks on other computers.
"The nature of the platform that dominates every desktop everywhere is such that its dominance, coupled with its insecurity, cannot be ignored and is a matter of corporate and national policy," said Dan Geer, a security consultant and chief technology officer of @Stake, a computer security company.
Geer, along with other well-known computer security experts Rebecca Bace, Peter Gutmann, Perry Metzger, Charles Pfleeger, John Quarterman, and Bruce Schneier, said they issued their report to raise awareness of the risk to national security by using a single, wide-spread software system.
The report's authors said the report was a reflection of their own views and not necessarily those of the CCIA, an industry trade group of Microsoft's competitors that has a long history of suing the world's largest software maker.
But in response to the report, Americans for Technology Leadership, an industry trade group backed by Microsoft and other companies and organizations, called the report an attempt by the CCIA to exploit the "serious issue of cyber-security."
"Cyber-security is an industry-wide problem that will not be solved by malicious finger pointing and political attacks," Jim Prendergast, executive director of Americans for Technology Leadership, said in a statement.
IS MONOPOLY THE PROBLEM?
Microsoft, which launched its Trustworthy Computing initiative in early 2002 to make its software more secure and reliable, said it is continuing to work with its customers and the government to make its software "as secure, private and reliable as possible."
"Microsoft considers security for all of our customers -- from government networks to individual PC users -- to be our top priority," said Microsoft spokeswoman Ginny Terzano. "The widespread use of Microsoft products around the world means we are constantly working to be responsive when vulnerabilities occur."
But the security experts said the issue of computer security had more to do with the ubiquity of Microsoft's software than any flaws in the software.
The best solution, the report's authors argued, is to adopt a mix of different computer systems that will reduce the risk of a single security incident crippling a company or a government agency.
"Having more than one operating system running inside your enterprise would be a substantial improvement," said Geer.
Bruce Schneier, a co-author of the report and chief technology officer of network monitoring firm Counterpane Security, noted a recent initiative by Japan, Korea and China to develop an alternative operating system to Microsoft's Windows to enhance security.
"I wouldn't put all of the blame on Microsoft," Schneier said, "the problem is the monoculture."
Far be it from me to defend Microsoft (living in Redmond, one ends up working with ex-Microsofties), but in this case I think Schneier is correct. The dominance of Microsoft makes them the target with the biggest payoff.
Linux is not immune -- I see advisories for it as well. But (maybe I'm lucky) I have yet to encounter a Linux virus or worm, as opposed to the dozens of Windows attacks I've seen.
Microsoft spokeswoman Ginny Terzano: "The widespread use of Microsoft products around the world means we are constantly working to be responsive when vulnerabilities occur."C'mon Ginny, is that the best you can do? The largest software company in the universe is, "responsive when vulnerabilities occur?"
Micro$loth, as usual, reacts.
Hey Ginny, maybe you guyz could try being responsive before vulnerabilities occur? You know, be pro-active instead of re-active? Jeez, what a concept!
I searched by title using "microsoft" before I posted.
Neither my posting or your link shows up.
I can't explain it.
Microsoft Wins Homeland Security Contract
WASHINGTON (Reuters) - The Department of Homeland Security said on Tuesday it has awarded a five-year, $90 million enterprise (news - web sites) agreement to Microsoft Corp (Nasdaq:MSFT - news) to become the department's primary technology provider.Under the contract, Microsoft will supply desktop and server software to the newly created department, which has merged parts of 22 different agencies into one entity.
The agreement delivers licensing coverage for about 140,000 desktops and will help the department to establish a common computing environment, Homeland Security said in a statement.
Dell Marketing LP. was selected as the reseller, to provide the day-to-day management of the enterprise agreement, it said.
FR posting, July 31, 2003, by FairOpinion
Government (Homeland Security) issues second warning on Microsoft security flaw
LOS ANGELES - The Department of Homeland Security has issued an unprecedented second warning to Internet users about a security flaw in Microsoft Corp. software that could leave about 75 percent of the country's computers vulnerable to hacker attacks.The latest warning comes two weeks after Microsoft issued a bulletin notifying computer users it had discovered a critical flaw in its most common Windows operating systems, including its newest versions, Windows XP and Windows Server 2003.
The flaw can let hackers use the Internet to seize control of users' machines to steal files, read e-mails and launch wide-scale computer virus and ``worm'' attacks that could seriously damage the Internet.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.