| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft, Open Source and National Security | |
|
||
| Time: 01:34 EST/06:34 GMT | News Source: E-Mail | Posted By: Todd Richardson | ||
|
Two weeks ago, I wondered out loud about the top 10 worst IT business decisions ever made and nominated HP's decision to follow DEC down the road to oblivion for top spot. Today I'd like to suggest that the U.S. Defense Department's continued use of Microsoft's software is likely to top a future list of this kind. The equation here is simple. First, recognize that Microsoft's software security depends crucially on keeping its source code secret. That's not a comment from an anti-Microsoft bigot -- it's the testimony given under oath by Microsoft vice president Jim Allchin. Even limited release of Microsoft's code, Allchin told judge Colleen Kollar-Kotelly's federal court in May 2002, would threaten national security because the code is both seriously flawed and widely used in the Defense Department. But consider that only nine months later, in February 2003, Microsoft announced an agreement giving communist China full access to the source code for Windows and related tools. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 312 Last | Next |
The time now is
1:56:40 PM
ET.
Any comment problems? E-mail us |
| #1 By 135 (208.186.90.168) at 4/23/2004 2:57:10 AM |
|
Actually it is a comment from an anti-Microsoft bigot.
|
| #2 By 12071 (203.185.215.149) at 4/23/2004 4:06:56 AM |
|
#2 Yes, you can see more of his anti-Microsoft bigotry propoganda here:
http://www.microsoft.com/presspass/exec/jim/default.asp |
| #3 By 12071 (203.217.76.227) at 4/23/2004 5:37:35 AM |
| "If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that's not security. That's obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world's best safecrackers can study the locking mechanism -- and you still can't open the safe and read the letter -- that's security." |
| #4 By 19992 (164.214.4.61) at 4/23/2004 7:30:57 AM |
|
#4
Who is to say that Microsoft doesn't allow contributions from Chinese or Russian agents? As O'Dowd of Green Hills stated "An EAL 7 security evaluation will prevent a saboteur working on the operating system development team from subverting the operating system." We all know that Microsoft is at EAL4, not EAL7. This post was edited by happyguy on Friday, April 23, 2004 at 07:32. |
| #5 By 135 (209.180.28.6) at 4/23/2004 10:29:37 AM |
|
#2 - No, Paul Murphy is.
Most reasonable people have a hard time taking seriously an article critical of Microsoft written in a magazine called Linuxzealots.com |
| #6 By 7754 (216.160.8.41) at 4/23/2004 12:47:30 PM |
|
I also have to take issue with the "safes" analogy:
"On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world's best safecrackers can study the locking mechanism -- and you still can't open the safe and read the letter -- that's security." But the problem is that both safes get opened. The problem is not defining security. The problem is whether or not the safe gets opened. It doesn't matter how you do it. To prevent it, maybe you reinforce the safe with lead and concrete, maybe you put a gorilla on top of the safe, maybe you put a bomb inside if anyone does get in, maybe you wipe poop on the combination lock, it doesn't really matter! What matters is whether or not anyone gets in. The problem with the "Open-Source No-Brainer" comment is that it assumes Linux is the safe above--the design specifications released to everyone, safecrackers studying it, etc. But the security fixes are released continuously, and Linux machines do get hacked. Once the bug list drops to zero and no more Linux machines get hacked, then the analogy is valid. But Linux is continually developed, which requires continuous code review, and no code is perfect. Linux is not an uncrackable safe. |
| #7 By 12071 (203.217.76.227) at 4/23/2004 1:03:37 PM |
|
#11 Surely a reasonable person would have read the article and noted that the quotes used were comments made by Jim Allchin.
#12 "6,000,000 safes (in just the kernel) 14,000,000 safes (in Xfree86) 200,000,000 safes (in other OSS apps) " What the hell are you on? That quote was from Bruce Schneier, describing in his own words the difference between Security and Security Through Obscurity (which is what you like to promote). "I hate to be the one to break this to you Mr Bogus Code Review" a) You aren't breaking anything new to me. Open Source doesn't subscribe to the notion of Security Through Obscurity, which is why there is full disclosure of every bug or potential bug found. This is a fact, you've proved it to all of us on many occasions by being able to provide the details of every single bug or potential bug fix! You were even able to show us the details of the same bug for multiple OS and distributions of the same OS! Microsoft on the other hand do not disclose every bug or potential bug they fix - this is what you like, and that's fine, but I prefer full disclosure. b) The "bogus code review" is only in your head. I was quoting what the company said, and they said that they had performed a code review. If you don't believe them, that's fine, but do us all a favour and file that belief of yours in the same ignorant FUD category as some of your other beliefs (e.g. Chinese and Russian agencies and terrorists are putting in backdoors into OSS to hack into US agencies as they know US agencies don't perform any code checks/reviews before using said OSS). "Windows is at EA[L] 4." Understanding the Windows EAL4 Evaluation http://eros.cs.jhu.edu/~shap/NT-EAL4.html "An EAL4 rating means that you did a lot of paperwork related to the software process, but says absolutely nothing about the quality of the software itself. There are no quantifiable measurements made of the software, and essentially none of the code is inspected. Buying software with an EAL4 rating is kind of like buying a home without a home inspection, only more risky." "In the case of CAPP [Controlled Access Protection Profile], an EAL4 evaluation tells you everything you need to know. It tells you that Microsoft spent millions of dollars producing documentation that shows that Windows 2000 meets an inadequate set of requirements, and that you can have reasonably strong confidence that this is the case." "One Linux distro is at EA 2" Not that the EAL's mean a hell of a lot, especially in the lower region, but didn't SUSE with SP3 get EAL3+ (http://ltp.sourceforge.net/EAL3.html)? |
| #8 By 12071 (203.217.76.227) at 4/23/2004 1:10:13 PM |
| #13 That comment from Bruce Schneier was in regards to cryptography more than Linux or Windows, it was just his way of explaining the difference between obscurity and security. So no, both safes do not get opened because as Bruce said "and you still can't open the safe and read the letter -- that's security.", i.e. it's only security if even knowing everything about the system you still cannot get in. This is why you can freely get the algorithms or source code for many crypto's and that information will not help you in any way if they are indeed secure. There's nothing wrong with putting obscurity on top of your security to make it a little harder, but if you really want to keep something safe, make sure you've got it saved securely. |
| #9 By 7754 (216.160.8.41) at 4/23/2004 1:54:58 PM |
| #15, But Chris, the problem is that the security vs. obscurity is one of the main--if not the main--points of the security argument for OSS over proprietary software. And in this article, you see the analogy drawn, flawed as it is. |
| #10 By 19992 (69.170.7.187) at 4/23/2004 3:10:38 PM |
|
#18
"We do these things in reality when it comes to our family, we put alarm systems in our cars, houses. So, why can't we apply the same basic knowledge to our computers?" Because a computer is an appliance for most people. They just want to turn it on and have it work. It shouldn't have to require any additional setup (in their minds). |
| #11 By 12071 (203.217.76.227) at 4/24/2004 2:07:41 AM |
|
#20 No code, regardless of where it has come from, or whether it's OSS or proprietary should be trusted in those sorts of applications without proper code audits.
But this "linux zealot" is just pointing out that Microsoft are a bunch of hypocrites. First they say that their security depends on keeping their source code secret.... and they then give that source code to the Chinese! |
| #12 By 12071 (203.217.76.227) at 4/25/2004 3:03:20 AM |
| We already know how you feel about the Russians and Chinese, but you, like sodablue, are avoiding the issue and using misdirection to point out that it was mentioned in LinuxInsider. It doesn't matter where it was mentioned, the point is that Microsoft doesn't trust it's own source code and that they're a bunch of hypocrites (or liars or both given that this was a testimony given under oath). |
| #13 By 135 (208.186.90.168) at 4/25/2004 8:45:05 PM |
|
kabuki - No, the point is that someone from Linux Insider is trying to take a reasonable statement made by a Microsoft development manager and claim it as something other than it is.
It's not a question of avoiding issues. It's a question of making issues up out of thin air. Unfortunate this has become pretty common in our modern day society. It's like claiming Iraq has WMDs when you know they most probably do not, just so you can justify a war to the public. This post was edited by sodablue on Sunday, April 25, 2004 at 20:46. |
| #14 By 868449 (27.159.221.162) at 11/22/2012 4:47:42 AM |
|
Because the cost of everything keeps going up every year many men and women are finding that their present income isn't enough to cover their bills and so they search for ways to make some extra cash. Many of these men and women end up turning to the Internet because they have heard that this can be a great way to start earning some extra cash or even making more money than they do with their current job. The majority of these men and women end up giving up on this venture simply because they don't know the best ways to get started earning any money on the web. In this article we are going to be checking out a few different methods that folks have used to generate the extra income that they're trying to find.
<a href=http://www.newjordansoutlet.com/kids-jordans-air-max-c-295.html>buy cheap air jordan shoes</a> Making some extra money is a thing that loads of people have to do right now just to get by, and you are going to discover that there are multiple ways that this can be carried out. In relation to earning this extra cash, the Internet is one of the places folks are turning, because this is a thing that they are able to do from home in order to earn the extra money they need. In relation to making cash online you're going to discover that a lot of individuals want to do this but don't know how to start. In the following paragraphs we are going to be looking at a few different techniques that men and women have used to generate the extra income that they are trying to find. <a href=http://www.jordansoutletcheap.com/air-jordan-shoes-c-307.html>mens cheap jordans online</a> |
| #15 By 901897 (188.165.141.7) at 11/25/2012 1:07:41 PM |
|
At the same time, you also have to rein yourself in and stay mainly focused on business related topics. Your topic will also influence how personal or professional you want to come across in your style. If you're having second thoughts about writing something in your blog that might be crossing the line, it's best to err on the side of caution and leave it out.
<a href=http://jordansoutletgs.devhub.com/>jordans for cheap</a> With a little bit more research and time from you, we are sure you'll come up with a profit-building blogging strategy! <a href=http://louisvuittonhandbags8.nichesite.org/>cheap lv handbags</a> |
| #16 By 921298 (27.159.225.143) at 12/17/2012 5:51:26 PM |
|
I'd have to check with you here. Which is not something I often do! I get pleasure from reading a post which will make men and women believe. Also, thanks for allowing me to comment!
<a href=http://nfljerseys2012.nichesite.org>Wholesale NFL Jerseys</a> <a href=http://nfljerseys2012.is-great.org>Cheap NFL Jerseys</a> |
|
Write Comment
Return to News |
Displaying 1 through 25 of 312 Last | Next |
The time now is
1:56:40 PM
ET.
Any comment problems? E-mail us |
