MS Windows as National Security Risk
Does Microsoft's ubiquitous operating system,
which infests tens of millions of computers around the world, pose a threat to
national security?
So claims the Computer & Communications
Industry Association in a report issued Wednesday (9-24-03). The report argues
that as a result of Windows dominance, it makes an easy target for viruses,
worms, and other forms of malware. "Most of the world’s computers run
Microsoft’s operating systems, thus most of the world’s computers
are vulnerable to the same viruses and worms at the same time," the report
attests. " The only way to stop this is to avoid monoculture in computer
operating systems, and for reasons just as reasonable and obvious as avoiding
monoculture in farming. Microsoft exacerbates this problem via a wide range of
practices that lock users to its platform. The impact on security of this
lock-in is real and endangers
society."
Even more curious, especially
to the die-hard anti-Microsoft contingent out there, is that one of the
contributers to the report, Daniel Greer, the chief technology officer at the
computer security firm AtStake, apparently has been fired for his role in the
report. Accusations of intimidation tactics on the part of Microsoft have been
repeated by some of the other co-authors or the report.
"There were a number of people scared to sign on
who agreed with the findings largely because going against Microsoft," claimed
Perry Metzger, another contributer to the
report.
I've read the report. It is
correct when it asserts that having one dominant OS poses a security threat. If
everyone (or nearly everyone) is running the same operating system, they are all
at risk against the same computer viral agents. As Metzger pointed out, "It's a
question of monoculture. It's the same reason boll weevils wiped out cotton in
the (United States) South when there was one strain of cotton planted."
The report errs, though, in its emphasis
on Microsoft's dirty monopoly tactics that "lock users to its platform." I
regard such claims as somewhat exaggerated, to say the least. The dominance of
Microsoft is far more the result of two factors: (1) the tendency within the
market for one OS to become dominant over the others; and (2) copyright
protection of file formats. Microsoft is a combination of a "patent/copyright"
and a "natural" monopoly. These two factors played a far greater role in
establishing Microsoft as the dominant OS vendor than any of the dirty tactics
it employs. Microsoft did not achieve its monopoly by tightly integrating
Internet Explorer into the OS, as the infamous anti-trust suit against MS
suggested. Application integration is a feature. No one minds when, say, Apple
integrates their own products into the OS, and they have done with the iLife
suite and the services menu. People praise Apple for its software integration,
but if Microsoft attempts the same thing, they cry
foul.
There is one other slight flaw in
the Computer & Communications Industry Association's report. Their emphasis
on the monoculture side of Window's security problems slights other security
problems of Microsoft's OS, thus feeding the long-standing myth, propagated by
Microsoft's legion of lickspittle shills, that all operating systems are equally
insecure. This is simply not true. It is well established that some operating
systems, especially of the Unix-based variety, are in fact more secure, in part
because they are better designed but also because, in many cases, their code is
open and can be scanned for flaws by a whole host of programmers, most of whom
are on the side of the angels and will notice if anything is amiss. And so, in
the Unix world, security flaws are discovered before they are exploited, as was
demonstrated quite recently with the flaws discovered in ssh and sendmail, both
of which were fixed and patched long before anyone could exploit them. With
Microsoft, it is the bad guys, the crackers, who, more often than not, discover
the flaws.
Posted: Thu - September 25, 2003 at 06:30 PM