Page 1 of 5 123 ... LastLast
Results 1 to 10 of 46

Thread: Microsoft dominance poses security risk

  1. #1
    Gray Haired Old Fart aeallison's Avatar
    Join Date
    Jul 2002
    Location
    Buffalo, Missouri USA
    Posts
    888

    Microsoft dominance poses security risk

    I really want to see the outcome of this report...

    A computer industry group critical of Microsoft plans to release a report Wednesday asserting that the software giant's dominance in key technologies threatens the national infrastructure.
    This is really disturbing.

    The group, whose members include America Online, Oracle and Sun Microsystems, has been critical of Microsoft in the past. Last month, after the Department of Homeland Security announced that Microsoft would supply the software for the agency's 140,000 desktops, the CCIA sent an open letter asking the department to reconsider. The group also founded the Open Source and Industry Alliance to promote open-source software such as Linux and oppose restrictive laws such as the Digital Millennium Copyright Act.
    Naturally...


    Microsoft did not immediately comment on the content of the report but defended its track record in security.
    Get the whole story here

    IMHO M$ is not what our country needs as a supplier of security products, their track record alone proves that they have the most insecure OS on the market today. Someone needs to write a new OS that is secure and user friendly both, something even your most basic luzers can operate. Got any ideas?
    I have a question; are you the bug, or the windshield?

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    217
    Microsoft did not immediately comment on the content of the report but defended its track record in security.
    Quite ironic for M$ to defend their track record. What record do they have to defend in terms of security? I admit that being such a big company and with so many people using their software, its a prime target for skiddies and black hats but they still dont have a good record when it comes to security.

  3. #3
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    331
    I have always thought that the government should use a system specific to just them. Some unique software. Something dedicated perhaps. Something the public couldn't initially compromise. I say initially because life always finds a way. Just a thought
    Your heart was talking, not your mind.
    -Tiger Shark

  4. #4
    Gray Haired Old Fart aeallison's Avatar
    Join Date
    Jul 2002
    Location
    Buffalo, Missouri USA
    Posts
    888
    I have always thought that the government should use a system specific to just them.
    <rant>That would mean that they would have to channel some of their infinite wisdom to doing something right for a change. They "seem" to be very concerned about national security, if so why are they even considering M$? I think that an exclusive OS is a great idea. Of course then they would have to train everyone in the use of it, costing them millions of dollars, effectively using up all of their money they get from their oil monopolies</rant>
    I have a question; are you the bug, or the windshield?

  5. #5
    Junior Member
    Join Date
    Feb 2003
    Posts
    12
    OK, hold on ... A group who:
    has been critical of Microsoft in the past
    and who's members are direct competitors of Microsoft is criticizing Microsoft. Hmmmmmm... that's one step above Pepsi putting out a study of how bad Coke is for you. C'mon, what are they gonna put out, a survey of how people should throw away their SUN boxes for Windows 2000 clusters and switch to MSN for their ISP?!? No, they're gonna say what will bring them business. And anyone who has done a survey/study KNOWS you can spin or bend the results to your favor and still be "correct" or "fairly accurate".

    Later on the article goes on to say:
    The paper recommends that the U.S. government force Microsoft to publish interface specifications to major functional components of its code, better support interoperable components to allow others to compete with more secure technology, and set specifications through industry standards bodies and consortia.
    Everyone knows, interface specifications = hacking point and they want it to major portions of MS's code? Yeah right.

    Does Microsoft have the greatest track record in security? Not really. BUT, Microsoft tried to appease the masses and they tried to do it too quickly. They learned that mistake with the Windows 95 debacle. They released a flat-out FLAWWED OS. It was so bad that the only way to fix it was to release Windows 95 OSR2 because the first one couldn't be patched. But, Look at how long it took them to release Windows 2000. Remember, they had been working on Windows 2000 ever since their release of Windows NT, which was in '94, if memory serves me correct.

    Remember, Microsoft has two paths of it's product: Home and Professional. Until Windows XP, those tracks were two completely different Operating Systems. The Home track: Win 3.1 -> Win95 -> Win98 -> Win Me was NOT meant to be secure. It was meant for home use with a relatively low security level, BUT be very user-friendly and versatile. The Professional series: Win 3.11 -> Win NT -> Win 2000 was the highly secure/stable series, but lacked the multimedia capabilities of the home series. They didn't figure out how to merge the two until Windows XP.

    All in all, Microsoft has made leaps and bounds in the area of security and stability. The most notable step being the release of Windows 2000. Look at Windows 2000 and you will see that by Service Pack 2, it was a VERY reliable, stable, and secure OS. Granted it needed a few Service Packs, but anything as big and complicated as a Microsoft OS is going to have bugs. You can't test everything and as r8Devil stated, every little script kiddie and hacker is pounding away at it, why, because EVERYBODY uses it.

    Last thought, proprietary OS for the Feds ... why should you worry about what OS the Feds use on they're desktops? Do you think the systems that carry important data (I mean REALLY important data) are even connected to the internet...no. Trust me. Get a good, secure OS, but there's no way they can sink the time nor money to develop a freakin' desktop OS. Now, they DO HAVE proprietary databases, database engines, and applications specifically designed for security and the task for which they were meant, but they aren't worried about the desktops.

    P.S. I will bet a lot of $$$ that all (or most) of those 140,000 computers will be Dell. Anyone own any Dell stock?
    Intelligent people talk about ideas.
    Average people talk about things.
    Small people talk about other people.

  6. #6
    Gray Haired Old Fart aeallison's Avatar
    Join Date
    Jul 2002
    Location
    Buffalo, Missouri USA
    Posts
    888
    scittish, have you ever used any other OS other than M$'s? Professionally or otherwise. Your post was very opinionated, and seems to support M$. I am curious as to your credentials, it seems you either have no work experience or are not proud of the experience you do have. Would you care to enlighten us? Also, I don't believe this topic has anything to do with M$'s overall performance, but with the security aspects, and possible effects of having an insecure OS on the desktop PCs of our Department of Homeland Security's officals. I can assure you that there will be sensitive information on those computers and an internet connection. The internet was originally developed by Berkley University and our federal government in an effort to decrease the time involved to share information between government offices. I really don't think they have stopped doing this. Oh well... I suppose I would sleep better at night knowing they don't use the internet to share information. So sleep tight...
    I have a question; are you the bug, or the windshield?

  7. #7
    Banned
    Join Date
    May 2003
    Posts
    1,004
    A few responses to several of you.

    The group, whose members include America Online, Oracle and Sun Microsystems, has been critical of Microsoft in the past. Last month, after the Department of Homeland Security announced that Microsoft would supply the software for the agency's 140,000 desktops, the CCIA sent an open letter asking the department to reconsider. The group also founded the Open Source and Industry Alliance to promote open-source software such as Linux and oppose restrictive laws such as the Digital Millennium Copyright Act.
    Open source and the Democrats in this country both have the same problem, a total lack of focus. Both organizations have good merits and points, but they don't know how to convey them and just come off as confusing. In this case they want the government to follow thier advice while at the same time they attempt to fight "oppresive" laws? Am I the only one that sees why this is unlikely to work?

    IMHO M$ is not what our country needs as a supplier of security products, their track record alone proves that they have the most insecure OS on the market today.
    Don't confuse lazy admins and a completely unhardened default configuration for "insecure." Remember the DOD-STD-5200.28 C2 and ISO 15408 CAPP/EAL4 evaluations? The Windows NT line is as secure as a commercial software should be. (and scores higher than Linux on both evaluations) They (Microsoft) have chosen a different marketing approach utilizing an insecure default configuration, which as any student of IS security would tell you is superior as it is more efficient to calculate the consequences of locking things than it is when unlocking things.

    I have always thought that the government should use a system specific to just them. Some unique software. Something dedicated perhaps. Something the public couldn't initially compromise. I say initially because life always finds a way. Just a thought
    dopeydadwarf, having myself been a long time DoD contractor I agree, however the media tends to get ahold of stories about $420,000 fax machines and people take a lot of heat. The government used to design everything since the first MIL/DOD/GOV standard were created after a bunch of Union shoes fell apart during the Civil War. These days the government is under increasing pressure to find commercial off the shelf (COTS) solutions. The overall quality is less, but the cost is dramatically less and for non-critical applications this is deemed a "good enough" answer.

    Lastly... aeallison, do you really feel that the ad hominems are needed?

    catch

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Girls and Boys: Let's be honest here..... The question is purely philosphical. Logically, the most used system in the world is also going to be the one that has the most holes discovered in it and the most people taking pokes at it. The actual OS in question is irrelevant.

    You can go ahead and quote all the figures you like and I'll make my final point right here:-

    If the total installation figures were reversed between M$ 2000 or later products and, let's say Linux, and your figures would still be close to accurate.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I've read this report. While Microsoft is the target I could also argue so is the *nix, Apache, MySQL and PHP/Perl platforms. What comes out loud and clear in this report (the CyberInsecurity: The Cost of Monopoly, which included former @Stake employee Dan Geer -- got fired for his participation) is that a monocultural OS/platform for security is a risk.

    MS is more suspectible to this because they, IMHO, tend to engineer their products to work well with each other (not a surprising move when you think about it). But it does bring to light, hopefully, the dangers of relying on a single solution.

    There are other factors that are included such as ease of use being an issue (something that RH and Suse have started to do with their Distros unfortunately). We are seeing a user base that doesn't want to look behind the GUI and simply want it to work. The analogy presented elsewhere on the board of a comparison between a 1950s car versus a car of today is a good one. OS have gotten huge and makes the head spin of many users. One simply can't just fiddle; you have to truly understand a lot more.

    Anyways, my two cent ramblings...
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #10
    Senior Member
    Join Date
    Oct 2003
    Posts
    107
    well man that is kinda true........... but I can tell u this most if not all the people who use
    Linux... Unix... and other Varients..... R the people who know the most about the PC world
    coz to be able u use a OS like that u must know every aspect of ur PC..... so... they tend to be most tendened to have SEcure... software..... on the other hand ppl who use M$.. products.. want to have a frndly interface..... coz they dont even know the differense between a byte & a bit ....... so naturaly they r the most hacked part........

    "by the way I have XP pro. sp2/ pirated Ed"

    M$ is good, but not good enough....It just is not stable..... coz of the dam graFiX
    that by the way just destroed the gaming industry that seam to think MOre gafiX the better the game........ what hapend to good old " DOOM II " "RA 95 " " money Island "

    typo....... :MOnkey Island: in the last sentence

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •