The recent paper that claimed that Microsoft’s dominance poses a risk to US national security has come under fire by the groups Americans for Technology Leadership as being a shameless attempt by Microsoft’s business rivals to promote their own products. Interestingly enough, Microsoft is one of the founding members of Americans for Technology Leadership, so this looks like this may be a bit of a “Battle of the Trade Groups.”
the guy was fired for writing the paper. so how could this be viewed as an attempt by MS’s competitors to discredit them?
Dan Geer, who co-authored the paper, got fired from @Stake, which is where he works. And @Stake is affiliated with Microsoft. So basically, Microsoft is behind all the FUD around this one paper that states the obvious.
No offense, Mr. Adams, but it would be nice to mention him and that he got fired – that’s the gist of the whole story
Americans for Technology Leadership is just a mouthpiece for MS.
Look at their members. You’ll see Microsoft, others, and various associations. One of the associations that’s a member contains as one of its members Microsoft.
So you have Microsoft as multiple members of this group.
And if you go back and read any of the papers written by the top guy you’ll see it’s quite obviously an MS group.
Who cares, this guy will have absoultly no trouble getting hired he’s known as one of the best, and the conditions of him being fired are questionable. With the recent outpour of microsoft security issues everyone jumped on the bandwagon. This poor guy just happened to be employed by the wrong company.
A mono-culture it an IT business is ok; however, you have to be sure that it’s secured to a level to meet your needs. Currently I don’t see any OS as being absolutely secure on the PC platform.
Since we have no secure OS, a mono-culture will cause the whole thing to be compomised at the same time. The next best thing is to divide the workload into multiple systems so any attack will only take down part of your operations.
If you really want to do a mono-culture to save money, then I wouldn’t use Windows. It gets about 95% of the attacks and 99% of all the big outages caused by the attacks. Of course, this’ll change if everyone drops Windows (if the market switches to 95% Linux, then I would use Windows since everyone would be attacking Linux).
If you want to keep your operations running, then the best thing to do is use an operating system that 95% of all the world’s hackers aren’t attacking!
OSs by security (in my order & what I’ve used):
1) OS/400, no viruses and only around 500,000 installations.
1a) Guess I should include things like OS/390, Tandem’s OS (not sure of the name), and Stratus’s OS (also not sure of the name) here.
2) OpenBSD, what can I say they’re security nuts.
3) Solaris, AIX, & FreeBSD are about equal.
4) Linux
5) Mac OS X
6) Windows
Microsoft’s sock puppet trade group is looking out for Microsoft’s interests using anti-logic. The “CCIA” paper, on the other hand, was apparently (according to the article) created independently of the CCIA before being publicized through them, AND monoculture has long and widely been recognized as a liability in computer security and biology, regardless of affiliation with Microsoft. But what do all of those scientists and professors know that Microsoft’s marketing people don’t?
someone mentioned that ATL was just a mouthpiece for microsoft. did you forget that the group putting this report out was just a mouthpiece for microsoft’s competitors? (sun, etc)?
So neither side deserves any credit in this argument, but since the anti-MS side released the paper (started the battle) then they deserve less than the side [rightfully] saying the paper was crap.
Is the only thing driving MS as the standard on which we’ll base our countrys future security upon.
It simply makes no sense… MS products are notoriously buggy and full of holes (Anyone remember the early ads for XP wherein MS displayed a blue-screen crash and said “Aren’t you sick of this? Move up to XP and experience fewer crashes” (Yes, I’m paraphrasing)??
It really takes a loser of a company to extort their own past failings as reason to continue to spend money with them.
And unfortunately, we appear to have some real losers in charge of our country’s cyber-security since they seem hell-bent on standardizing on MS products.
Anyone who’s in the business (or who reads the paper for that matter) knows that
1. MS Products are currently used on around 97% of the worlds PC’s. Thus everyone tries to target them & their security holes… 97% of the PC market share almost ensures that someone out there hasn’t kept up to date with the almost daily security patches that are neccesary to keep Window secure, and thus MS products are the most likely targets for success, from the eyes of a hacker.
I personally would rather have the hackers have to study up to hack my governments PC’s rather than going “Hey, this’ll be easy! I’ve hacked lotsa PC’s running this OS”.
2. MS Products are closed source. Never mind that in recent years they’ve opened up “some” of their internal source to various government entities (Including China who subsequently decided to write their own OS rather than deal with politics and lock-in which MS brings to the table).
If I were in charge of the country’s cyber-security, the first thing I’d look at is which products I can control the most of. I’m not extolling Linux as the perfect choice by any means, but at least with Linux you get the source code and can put yourself/your company in charge of custimizations, security, and upgrades, as opposed to a relying on a company with a spotty track record.
3. MS locks you into their product through deceptive marketing and user-unfriendly upgrades. Specifically, I’m referring to how MS wants you to sign away your companys future via their agreements, while in return they offer nothing concrete.
Remember last years “Sign up for service now, or go unsupported” maintenance contracts (again, I’m paraphrasing)?? How many of the company’s who signed up (with the guarantee of timely updates and support) do you think are happy with MS recently stating they don’t know when their next OS will ship (ie, Longhorn)? Imagine the lucky CIO who talked his company into signing these questionable contracts, only to now have to tell that company that all IT upgrade and migration projects are on hold while MS figures out what they want to do?
Much less those who have signed their companys up to the aforementioned contract, only to have to explain to their board of directors why they are continually having virus problems, and periods of downtime due to the software company they paid all of this money to?
MS makes no guarantees, they can arbitrarily drop support of software at the slightest whim (I think Win98 still owns like 35% of the desktops across the planet, and MS no longer supports them!), and if you run their products, they’ll make you jump through tons of hoops simply to avoid having a competitor offer a superior, compatible product (Consider the upcoming Office upgrade, which will likely break compatability with OpenOffice and it’s relatives).
I could go on, but my point is this: Why stake your countrys welfare, and future on this commercial entity who has such a troubled past, and who’s only interest is profits for itself?
I’d much rather have my tax dollars going to either an open source OS’s development, which doesn’t have any financial interests, or a proprietary OS developed by and utilized by the government. They could base it around Linux, OS2, or whatever, as long as it was proven secure, was easily maintained, and didn’t more or less act as the equivelant of a flashing sign saying “Hack me, I’m easy!” to the criminal minds around the globe.
It should be Microsoft who has to modify their software to be compatible with what the government chooses, as opposed to the current situation of the government bending over just to please MS, and it’s lobbyists.
The Tandem/HP OS is currently known as NonStop OS.
I’ve worked on the K1000/Himalaya machines for about 5 years…great machines…amazing uptime.
I have always found it amazing that THE U.S. government would cower before Bill G. & Co.; that MS has always been able to pull the strings to get what they wanted, charge whatever they wanted, and keep their source code to themselves in the process.
This report that was just released is not some grand eye-opening commentary on the world. If you did not already see it, then you are blind, deaf and working for MS!
I applaud the group of researchers for their report. Besides, no body in DC accepts the facts unless its handed to them in a report, double-spaced, and followed by a lot of initials.
My true “oh-gee-what-a-great-Christmas” wish, is that the federal government pulls its head out of Bill’s, um, USB port, and starts the wheels of change a’ mov’n.
I have a good idea, instead of having one OS that will need patches, let’s have a bunch of OSes all with different holes, configurations, etc that need different patches and different tech teams to train people on them and support them. That’s a great idea!
If Sun or whoever was the “expert” behind this paper had their OS in 97%+ of desktops you can bet your ass they wouldn’t have said having a desktop monopoly is bad for national security, btw.
More fud from anti-MSers, move along..
4) Linux
5) Mac OS X
6) Windows
Interesting that you rank Mac OS X so low in security. Have you ran an nmap scan or full blown Nessus security audit on a default install. You’ll find zero services running and Nessus would not be able to successfully attack it on any front.
At the very least, I would rank Mac OS X as secure, if not more, than Linux. Even at the GUI level, admin users logged in need to enter a sudo password to affect any admin-owned files. It is invulnerable to all Windows-based trojans and email attachment nightmares, and all x86-based exploits are useless on it.
I actually ran out of OSs… I would most likely place Windows at around 50 if I could find some more OS’s. Personally my main computer at the house is Mac OS X and my backup is FreeBSD; I took Windows off my PC after having too many Win2K updates take the system down (I would rather have the extra diskspace to play with differnet versions of Linux anyways).
The only reason I placed Mac OS X lower then Linux is that it still supports Clasic and there are several thousand virses out there for it. Also it runs MS Office & IE, thus I believe that some macro virses could affect it that way as well.
“MS Products are currently used on around 97% of the worlds PC’s.”
Microsoft operating system (products) are NOT used on 97% of the worlds PCs. I would like to see a stat to back your claim up.
I would estimate that the combined user-base of Linux, Mac, Other Unix and other operating systems occupy at LEAST 12% of all computers in use.
Microsoft certinly dominates the lion’s share but 97% is false.
Maser wrote:
“I have a good idea, instead of having one OS that will need patches, let’s have a bunch of OSes all with different holes, configurations, etc that need different patches and different tech teams to train people on them and support them. That’s a great idea!”
It is a great idea, and doing this alone will result in greater security and reliability.
Here’s a truly great idea for you:
Let’s have one proprietary closed operating system. The parts of the OS could only communicate through private APIs that are best known by one company (and by thousands of hackers) and are a mystery to most users of computing resources. Let’s have that this company also make application software for the OS. And let’s have them spend years not caring about security. That would be cool. I want that in my company, dealing with my critical data and business operations. Yeah. Right.
Of course, this only great if you’re MS or a mid-level IT person in a windows shop.
Regards,
Mark
Sheesh… Now I have to do fact checking for you?
Go way back in time with me… Way back to two weeks ago on this very website:
http://www.osnews.com/story.php?news_id=1706
I would estimate that the combined user-base of Linux, Mac, Other Unix and other operating systems occupy at LEAST 12% of all computers in use.
Then you would be BZZZZZZ! “Wrong!
Whoops… I should have said one year and a couple of weeks. Oh well… Point still stands. 8)=
Here’s a couple more recent bits of info/debate for you:
http://maccentral.macworld.com/news/2002/07/03/marketshare/
http://www.wininsider.com/news/comments.aspx?mid=2248
Whoops… I should have said one year and a couple of weeks. Oh well… Point still stands. 8)=
Nah, you were right, onestat released a similar report a few weeks ago, it can be found here:
http://www.osnews.com/story.php?news_id=4632
Let’s have one proprietary closed operating system. The parts of the OS could only communicate through private APIs that are best known by one company (and by thousands of hackers) and are a mystery to most users of computing resources.
I’m sure most users of computing resources would really go learn the *nix api if you could magically have them all use linux or mac. /sarcasm
Let’s have that this company also make application software for the OS. And let’s have them spend years not caring about security.
Security wasn’t a top concern to MS customers or MS would have focused on it. Period. Look at any poll, users are going to want ease of use, compatibility, and features way over security, that’s changing, but I don’t blame MS for giving users what they want. Besides it seems much better now, turn the XP firewall on, leave exe attachments off and you are pretty much safe. MS can’t make the users not execute attachments, no more than linux companies can prevent someone from chmod a trojan to +x and running it. The “it’s harder to chmod something” argument is nonsense, if a user wants it he will find out how, and probably download a script or program that does it automatically that someone WILL write for all the newbs that want it.
You people just aren’t being realistic with your arguments.
People are warned TWICE that opening attachments could bring infection, MS just can’t reasonably be expected to do more. OSSers would like OE to not ever run attachments, so that mozilla could do it and it would then turn into a bragging point for the OSS people. “Look, MS software can’t even do attachments correctly! LOLOL”
I see these people switch arguments like the wind, it’s ridiculous.
That would be cool. I want that in my company, dealing with my critical data and business operations. Yeah. Right.
What a silly statement, so instead of having your data on one computer with one set of holes, you want it on two, with users who are half as experienced on each, with twice as many holes (unless we’re talking linux, then it’s many times more holes, and I don’t care if they aren’t in the OS, people use MORE than just the OS, they actually use those applications that come on the CDs). Bottom line, More OSes = more holes, less experienced users. Now I admit having one OS has it’s drawbacks too, but why is it Open source fundamentalists can’t see that the world is grey and both options have their pros and cons? Personally I think it’s better to have one platform to train users and IT staff for, and worry about security holes for.
Though in some instances I can see where you’d want some systems to be unaffected by a single security problem outbreak, but I can think of better options than a mixed OS environment, that just seems silly.
Multiple OSes create parallel system. One system down cannot have big impact. Not “More OSes = more hole” that’s stupid.
As single OS create series system. One broke everything down. Simple as that.
Take some courses on Reliability and Probability theories and you will understand.
Multiple OSes create parallel system. One system down cannot have big impact. Not “More OSes = more hole” that’s stupid.
As single OS create series system. One broke everything down. Simple as that.
Take some courses on Reliability and Probability theories and you will understand.
More OSes DOES equal more holes. Because if you have windows and linux, then you have to worry that hackers can choose to exploit a linux hole if they find all the windows machines have been patched and vice versa. A rogue employee, finding that windows has been locked down can wonder over to a linux machine and exploit VI. Sorry but it increases the risk of being hacked. Now if those machines (linux and windows) don’t have access to the same data, then the result can be better than one OS being hacked, but having multiple OSes with access to the same resources? Hell no.. That’s the stupidest thing I’ve heard yet from the OSS crowd. And just because some professor somewhere says different doesn’t prove anything. Lay out the proof here, or don’t post. No need for “I’m right, but you need to take course x, y and z to understand, simpleton” type stuff, it’s always the crutch of those with no legs (no pun intended) to stand on with their argument(s).
You didn’t get it, did you.
Not “by having multiple OSes with access to the same resources” that’s stupid. You won’t get the parallel system by that.
Again, study some math courses. Back to elementary school 😉
Not “by having multiple OSes with access to the same resources” that’s stupid. You won’t get the parallel system by that.
I doubt many organizations would find a parallel network useful. And if they do, they could just have an additional, locked down and firewalled network running the same OS as their more open net. Like I said, I can see both sides, this could be useful a little, but it’s not worth the support, training and multiple OS problems (many more holes), for most people imo. Whatever though, I’ll leave it at that and let you wank off over your education history now..
Ok, lets only use 1 OS so we only have 1 set of holes. If you don’t want to be hacked, then you had better not make that 1 OS Windows! Windows has too many people trying to hack it.
A better option would be installing only Mac OS X machines. They’re stable, easy to learn, and easy to administer. They support MS Office which most business think they can’t live without. For e-mail & Office conectivity I’d install Lotus Dominos (this will even give the users a more power full replacement for Exchange).
Macs would also save you a lot of money in the long run. IRS rules state that PCs are expensed over 5 years; Macs will actually last the 5 years and still be usefull while PCs only last about 3 years.
In the short term they also save money:
1) A xServe with a 2TB RAID system is cheaper then a compable PC solution.
2) If you buy a PC that’s powerful enough to be usable in 5 years, then you’ll be in the same price range as compable Macs.
3) Mac OS X Server with unlimited users costs $1000 and includes Apache. Windows 2003 is $3999 for 25 users + $800 for each 20 additional users. You’ll also have to purchase IIS separtly.
Ok, lets only use 1 OS so we only have 1 set of holes. If you don’t want to be hacked, then you had better not make that 1 OS Windows! Windows has too many people trying to hack it.
A better option would be installing only Mac OS X machines. They’re stable, easy to learn, and easy to administer. They support MS Office which most business think they can’t live without. For e-mail & Office conectivity I’d install Lotus Dominos (this will even give the users a more power full replacement for Exchange).
Macs would also save you a lot of money in the long run. IRS rules state that PCs are expensed over 5 years; Macs will actually last the 5 years and still be usefull while PCs only last about 3 years.
In the short term they also save money:
1) A xServe with a 2TB RAID system is cheaper then a compable PC solution.
2) If you buy a PC that’s powerful enough to be usable in 5 years, then you’ll be in the same price range as compable Macs.
3) Mac OS X Server with unlimited users costs $1000 and includes Apache. Windows 2003 is $3999 for 25 users + $800 for each 20 additional users. You’ll also have to purchase IIS separtly.
Why not just firewall the windows PCs, keep it locked down (no executables from untrusted sources, including email attachments) and be compatible with 97% of the computing world as well as using cheaper hardware than apple provides. Macs need to last 5 years, their cpu doesn’t increase much and they’re too expensive. Linux is too arcane. Windows can be locked down if you have 2 brain cells to rub together. To me, the choice seems obvious, unless you are a diehard member of the anti-MS jihad..
nowimnothing:
since the anti-MS side released the paper (started the battle) then they deserve less than the side [rightfully] saying the paper was crap.
Umm.. what? I see no battle. I see the obvious being stated to the people who are in the most dire need of hearing it. And I don’t suppose you’d care to actually *gasp* -justify- your assertion that the paper was ‘crap’?
Maser
“The parts of the OS could only communicate through private APIs that are best known by one company (and by thousands of hackers) and are a mystery to most users of computing resources.”
I’m sure most users of computing resources would really go learn the *nix api if you could magically have them all use linux or mac. /sarcasm
Very funny. Take off the mask, Gates. [1]
Security wasn’t a top concern to MS customers or MS would have focused on it.
I’m confused — are you using this as an argument FOR your position?
What a silly statement, so instead of having your data on one computer with one set of holes, you want it on two
You obviously have ZERO clue about network security. End of discussion, you lose. Should you be foolhardy enough to want to continue this line of discussion, I’ll be more than happy to tell you exactly how wrong you are. [2]
ILBT,
Good Grief
—————
[1] Oh, and let me give you some advice: ‘sarcasm’ is when you overstate something that is obviously false in order to make the opposite point — nice try though. You’re welcome.
[2] Here’s a clue: using multiples OSes does not necessarily (in fact, it should necessarily not) mean end-to-end parallel systems aka. parallel monocultures. Or does your modem run Windows?
nowimnothing:
since the anti-MS side released the paper (started the battle) then they deserve less than the side [rightfully] saying the paper was crap.
Umm.. what? I see no battle. I see the obvious being stated to the people who are in the most dire need of hearing it. And I don’t suppose you’d care to actually *gasp* -justify- your assertion that the paper was ‘crap’?
Maser
“The parts of the OS could only communicate through private APIs that are best known by one company (and by thousands of hackers) and are a mystery to most users of computing resources.”
I’m sure most users of computing resources would really go learn the *nix api if you could magically have them all use linux or mac. /sarcasm
Very funny. Take off the mask, Gates. [1]
Security wasn’t a top concern to MS customers or MS would have focused on it.
I’m confused — are you using this as an argument FOR your position?
I’m saying if customers don’t want something they usually aren’t going to get it, business 101.
What a silly statement, so instead of having your data on one computer with one set of holes, you want it on two
You obviously have ZERO clue about network security. End of discussion, you lose. Should you be foolhardy enough to want to continue this line of discussion, I’ll be more than happy to tell you exactly how wrong you are. [2]
ILBT,
Good Grief
—————
[1] Oh, and let me give you some advice: ‘sarcasm’ is when you overstate something that is obviously false in order to make the opposite point — nice try though. You’re welcome.
Dear Moron,
If you had 600 million people using *nix, hardly ANY of them would know the damn API, and therefore the *nix api would be (and is) a mystery to most users of “computing resources.” Lot of nerve you have insuating I don’t understand sarcasm when you have minimum reading comprehension abilities.
[2] Here’s a clue: using multiples OSes does not necessarily (in fact, it should necessarily not) mean end-to-end parallel systems aka. parallel monocultures. Or does your modem run Windows?
God you’re retarded, I said in certain instances it would be beneficial, but in most it wouldn’t. IE, I don’t think most people want parallel networks. Really, learn to read, you look like an ass trying to talk down to people when you have nothing new to add. And besides, if you have a parellen network, it’s still twice as likely that someone could break in (assuming equal number of security holes for both OSes – hey linux users don’t say I don’t do you no favors!) to one of the networks, but they would cause half the damage. I fail to see how, even if someone wanted a parallel network, this is such a godsend so worthy of all the hype it’s getting, except for the fact that it is anti-microsoft at it’s core, it is unworthy of discussion by all but the most extreme networking people and the open sores fundamentalists looking for something to bash “M$” over the head with.
‘nice day.
Maser wrote:
“I’m sure most users of computing resources would really go learn the *nix api if you could magically have them all use linux or mac. /sarcasm”
The point is that BSD/Linux/Darwin etc. are open and all aspects of the API, including implementation are easily discoverable (and modifiable).
“Security wasn’t a top concern to MS customers or MS would have focused on it.”
I could rest my case at this point.
“Look at any poll, users are going to want ease of use, compatibility, and features way over security, that’s changing, but I don’t blame MS for giving users what they want.”
I do. In any event, users want security, transparency, control, lower costs, etc. MS will give users what MS wants to give them plus what market forces compel MS to offer in order to sell their products (some of the latter of which MS will not want to give).
“Besides it seems much better now, turn the XP firewall on, leave exe attachments off and you are pretty much safe.”
The new security standard – “Pretty Much Safe”. I think we have a winner – call the MS Marketing Department.
“MS can’t make the users not execute attachments, no more than linux companies can prevent someone from chmod a trojan to +x and running it. The “it’s harder to chmod something” argument is nonsense, if a user wants it he will find out how, and probably download a script or program that does it automatically that someone WILL write for all the newbs that want it.”
The above discussion shows that you clearly do not understand how security works on a linux system.
“You people just aren’t being realistic with your arguments.
People are warned TWICE that opening attachments could bring infection, MS just can’t reasonably be expected to do more.”
The above argument is unrealistic. Even MS does not agree.
“OSSers would like OE to not ever run attachments, so that mozilla could do it and it would then turn into a bragging point for the OSS people.”
I don’t use mozilla and don’t care what it can or cannot do. Again, you take the view that “features” are more important than “security”. You’re not even in the right ballpark for this discussion.
“What a silly statement, so instead of having your data on one computer with one set of holes, you want it on two, with users who are half as experienced on each, with twice as many holes (unless we’re talking linux, then it’s many times more holes, and I don’t care if they aren’t in the OS, people use MORE than just the OS, they actually use those applications that come on the CDs). ”
Now you’re arguments are devolving into a mass of incoherence and silliness. Even assuming that each OS has the same number of potentially remotely exploitable security holes, the fact that they are different holes would reduce overall system vulnerability.
“Bottom line, More OSes = more holes, less experienced users.”
You don’t really seem to draw a distinction, here or elsewhere, between applicaiton users (who should not have to worry about security, beyond the obvious) and system administrators and IT staff, who should.
Regards,
Mark Wilson
Maser:
I’m saying if customers don’t want something they usually aren’t going to get it, business 101.
Unless they’re bullied or locked in by a monopolist. Anti-trust 101.
And besides, if you have a parellen network, it’s still twice as likely that someone could break in
Which is -precisely- why one should NOT run parallel networks — which is what I said in the first place.
Oh, and learn to edit. Moron.
ILBT,
Good Grief