Experts: Microsoft Monopoly Represents National Security Risk

> You’ll have to do a cost-benefit analysis. A monoculture is cheaper

> and easier to maintain but increases risk.

One of the certainties of a monopoly is that it is NOT cheaper. I don’t think you are really taking licensing into account.

Maybe it seems people could be more productive and tech support should be less, but this is Windows we’re talking about. In my own office there is always some computer that has apps not working for some reason, or viruses; and someone will spend hours trying to get things working.

There was something wrong with the link for the JavaDesktop Tradin offer. Here’s a good one:

http://wwws.sun.com/software/javadesktopsystem/tradein/index.html

“Of 660 million Windows users worldwide, less than one-tenth of one percent were impacted by the notorious MSBlast worm last month.”

Both sides are obviously making claims that are dubious to say the least. In love and OS-wars… 🙂

Nice that the link was appreciated. A good laugh a day keeps the doctor away.

Nokia and Fujitsu are also members of the OSDL, Nokia develops a standard DVB (Digital Video Broadcast) system based on Linux together with Convergence Integrated Media/ Germany, as well as other Linux based solutions. They are a competitor of MS, too (Symbian).

Fujitsu also does a lot of Linux work, for example the Linux Center in Japan. They developed robots based on Linux HOAP1/ HOAP2, and they sell the Fujitsu Linux Primergy servers.

“One of the certainties of a monopoly is that it is NOT cheaper. I don’t think you are really taking licensing into account.”

I was considering hardware, software, maintenance, user and admin training costs when making that claim. Heterogeneity costs. You have to buy licenses for other OSs or apps and maybe you lose discounts. You have to hire new admins or retrain your old ones.

I agree that a monopoly usually charge a premium price but the difference may be offset by the increased cost of heterogenity.

“Right, but the “increased cost of heterogenity” is a one time cost, while the monopoly premium price continues for the life of the monopoly.”

Yes, there is a short-term long-term aspect. Pay now and benefit later. It’s a shame though that companies today only considers the short run.

Note that a homogenous system might as well be a Linux, BeOS or whatever system. My comment was rather about homogenous vs heterogenous systems in general than about Windows systems vs the rest.

I haven’t got a lot of experience with Mandrake. I am using Redhat 9 and Ximian XD2 with it which works great. Ximian uses redcarpet as their packet-manager and in terms of updates and installing software it works great (it can’t upgrade distributons though).

I have also used Debian, which i don’t use anymore because of XD2 and the stable branch of Debian is a bit outdated. Having said that, Debian is a rock solid distribution, with the best packet-managing system for binary installs (at least i and a lot of other people think so). Updating and upgrading your distribution with apt is a breeze and i haven’t found anything like it in any of the other .rpm based distributions. I will propably give it another go when i buy a new computer.

Smartpatrol (IP: —.kuwait.army.mil) – Posted on 2003-09-25 12:15:08

“In return for each desktop license you trade-in you will receive a 50% discount on the purchase price of a Java Desktop System. Its as simple as that – trade-in your existing desktop and get an even better deal on the best value desktop system available. ”

Why would anyone want to trade their hunting rifle in for a stone tipped spear? By the time java is finished loading(if it doesn’t crash) the work day would be over! Java with cream and sugar nothing else. C the orginal write once run anywhere

Who said anything about Java?

http://wwws.sun.com/software/learnabout/desktopsystem/index.html

“Sun Java Desktop System

Sun Java Desktop System is an affordable, comprehensive, simple to use, and secure enterprise-grade desktop solution. The software consists of a fully integrated client environment based on open source components and industry standards, including a GNOME desktop environment, StarOffice Office Productivity Suite, Mozilla browser, Evolution mail and calendar, Java 2 Standard Edition and a Linux operating system. Key features include a well-defined, integrated look and feel, familiar desktop themes, as well as file, folder, and print interoperability with Microsoft Windows and Linux/UNIX environments.

I have a solution to this problem! since the gist is that corporations selling software do not have national security interests as their top priority. Lets make software a government controlled public service! It is obvious to me that these companies being unable to compete in and open market and after law suits failed now label Microsoft as an accomplice to the enemies of the free world. Pathetic!

What has that got to do with this discussion. GWB is you a-typical republican president, bought by big business, pushes the US so far into the red the words “Banana Republic” are uttered by some economists, the citizens finally wake up, a democrat is bought it, fixes the mess and so the cycle continues again.

It seems that no one has learnt anything from the Reagen years. Yes, the US can sustain a deficit, however, one day that debt does have to be paid back. It cannot continue expanding at an controllable pace other otherwise you end up with an Argentina.

As for the precurement policy of the US government. Don’t get me started on the number of 767 mid air refueling tankers that were bought by the Air Force, not because they were needed but because it would bail Boeing out of a spirling profit decline and massive layoffs (equaling votes). The US government is typical of a government with way too much money on their hands. There is this belief that as soon as they have money, they must spend it and it must be on the most expensive, unreliable and unnecessary piece of equipment(s).

Why should I even comment, I mean, heck, the original poster is in the US Army, it speaks for itself. Its like putting Indonesian Army and terrorism in the same sentence, one is never surprised to see it occur.

“Of 660 million Windows users worldwide, less than one-tenth of one percent were impacted by the notorious MSBlast worm last month.”

That seems funny. I got Blaster, my sister got Blaster, my best friend got Blaster and the local computer shop got Blaster on their intranet. I suspect that a huge percentage of Windows machines were affected and the owners did nothing about it. I was aware simply because my dialup slowed to a crawl and my network traffic showed a huge amount of upload traffic. I doubt that the average person would be able to fix the problem. My ISP for example is firewall unfriendly – it requires ICMP echo requests – most firewalls block them by default.

We’re just seeing the first effects of how bad things

can get when one company controls everything. With computers

controlling more & more of everything around us we can only

expect things to go downhill from here. I think you will

slowly change your minds when it starts to affect you personally on a daily basis.

Ex:

Cant get any of your money because your bank is down again!,

and the ATM out front is on the BSOD.

Cant get to work because your cars onboard computer keeps rebooting for no reason.

Your kids cant turn in there homework because another national televised virus alert has infected your home network…………

According to the paper, this integration of applications requires writing code that is 15 to 35 times more complex and, by extension, more vulnerable to attack than that of its peers.

What are they using to judge code complexity? Who are the peers that they mention? Do they mean some sort of COM objects? Anyway, I am no fan of microsoft, but a statment like this dosen’t make sense. If they are making a direct connection to say UNIX then they are off base in some areas. Sure to pipe data from one application to another may be easier in a UNIX enviroment, but writting a GUI application using X calls only, is complex to say the least.

I think the main problem (this idea was lifted from Rob Pike http://www.cs.bell-labs.com/who/rob/utah2000.pdf) is that people no longer differentiate between an OS and all of the applications that run on top of it.

the choice of the homeland security department to use m$

software was not in the best interests of U.S. taxpayers.

http://www.nsa.gov/selinux/ security enhanced kernel has been tested on redhat.

propagation of computer virii to other systems would be

reduced with an operating system modified for higher security.

where is http://www.nsa.gov/sem$/ ?

There seems to be an assumption that heterogeneity means incompatibility ! It’s only the data that needs to be in a consistent format. Apps don’t need to be all done in the same way neither do operating systems.

An html/xml/csv/mpeg/gif/email/pdf and other can all be opened by a huge number of applications, but also of programming API and even handheld devices. Do they all run the same OS ?

Similarly, people can use different apps without getting lost contrarily to what some say. Or MS would have been unable to get people to use something else than Lotus 123 or wordperfect. Did Western companies make huge productivity losses in the process ? Seriously !

I doubt they would get too far, honestly. They have had since 1991 to try. 😉 I don’t think Linux should “kill” Windows eiter, just gain enough marketshare to make it a really viable platform for everyone just as MacOS and Windows are today.

I would like to get some of my bandwidth back though if anyone at redmond is listening.. 😉

I did not read that report but i find the OS monoculture issue to be quite concerning from a security point of view.

Its a simple matter of probability. If everyone is linked to one OS (95%) then it is that much easier to infect everyone.

JLG had a statement on this that i thought was appropriate. He compared the OS to a biological organism and said that the chances of infection are much lower if you have a diverse gene set. He proposed a gene set consisting of beos, apple, linux, and MS.

Security is a serious issue and will be regardless of MS’ own precautions. The isue is really monoculture. That one issue is going to help linux and alternative os’ get a foothold in the market.

I’ve read a lot of writing about the “whining” nature of the article in question. People arguing back and forth over the “unprofessional” nature of the report, the apparent “bias” of the researchers. Let’s ignore for a moment the name calling and childish prattle. The heart of the matter is this: Microsoft has coded and marketed itself into a security nightmare. Let’s look at the facts.

1) By my own informal poll, I’d say at LEAST 8 out of every 10 people I asked that owned a Microsoft based computer did NOT understand that regular updates are necesary, let alone what “Windows Update” really does. Of that number there were several that were still using Windows 98 and were unaware that Microsoft has discontinued support thereof.

2) According to one study at least half of the security breaches at US government institutions are the result of a Microsoft vulnerability.

3) Microsoft often only patches known vulnerabilities after a proven attack has been carried out. In some cases a patch is released only after a widespread attack has occured.

4) Microsoft security patches often break other softwares which inhibits the acceptance of new patches in uptime critical computer systems.

5) Microsoft patches have been known in themselves to create new vulnerabilities or not actually fix the real axis of the attack.

6) The vast majority of viruses, trojans, and worms exploit known weaknesses in Microsoft products that Microsoft refuses to “tighten up” because they are “useability features”. Case in point, but by no means limited to: one click execution of binaries, the hiding of file extentions, and universal granting of execution permissions by default on certain file extentions.

7) Microsoft does not try to educate it’s users as to the proper use of it’s tools. Windows comes with no real documentation, no training, and the expectation that icons are self-explanatory. Social engineering is currently the most effective method of delivering mal-ware both of a more benign nature in the form of standard spyware like Gator, and in the form of more carcenogenic malware like the current “Worm.Automat.AHB” that masquerades as MTA error messages and e’mailed updates ostensibly from Microsoft.

8) Microsoft’s year long security push resulted in an OS (Server 2003) that was released with vulnerabilities (the Etherleak vuln for example) that were discovered and reported months before Server 2003’s release.

9) Microsoft routinely spys on it’s customers through various functionalities with IE, Windows Media Player, and other applications.

10) MIcrosoft is on court record stating that Microsoft code bases would be a national security threat if released to 3rd parties and foreign governments.

I can list more facts on Microsoft security problems, but I believe my point has been made.

The only two ways I can understand the Homeland Security Department decision to choose Microsoft are :

a) the bureaucrats who were consulted on that issue were chimps taught how to sign a report;

b) it was meant to thank Microsoft for the contributions they made to G. W. Bush and his cronnies.

No matter how we look at it, the whole deal stinks. Now, the US have officially become a banana republic. It stresses out the idea that the Department itself is a joke : it’s an insult to security consultants and to the other law enforcement agencies that have been in place for decades.

“I can list more facts on Microsoft security problems, but I believe my point has been made.”

Informal polls and unamed studies don’t make facts. So no real point has been made.

got fired after he made these statements. Readed in the Dutch news (webwereld.nl)

As for the person in the US army , i advise you to not post with that hostname, since it only makes your army looking more moronic

Well i am not in the US ARMY i haven’t been for 10 years. So i do my part as a civilian. Thanks for the info on the java station! About your other comments All i will say is that I myself and millions of other people around the world have jobs because of Microsoft. This includes alot of the Open source jobs!(PC hardware developed primarily for Microsoft OSes). This is capitalism at its greatest… this is the big business that according to the tired old liberal saying George Bush is in bed with. OK! Who else will employ great masses of people? Small businesses? Did all you learn in college was to spout the old tedious liberal sayings? ever try to apply some logic to modern issues?

P.S. its the other way around the Democrats screw things up Republicans fix it problem is that once its fixed the democrats are in office and are more than happy to take crdit for it.