[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Security Report Puts Blame on Microsoft
By Jonathan Krim
Washington Post Staff Writer
Wednesday, September 24, 2003
Viruses, worms and other cyber-attacks that are crippling computers
with increasing frequency cannot be stopped as long as the software of
one company -- Microsoft Corp. -- dominates computing, according to a
paper prepared by corporate technology officers and researchers.
"The security situation is deteriorating," says the report, which is
to be released today. With Microsoft operating systems used on more
than 90 percent of the world's personal computers, the authors write,
most computers are vulnerable to attack and networks are easily
The report, whose authors include prominent critics of Microsoft,
comes at a sensitive time for the company. It is under intense
criticism for security flaws in its software despite repeated pledges
from Chairman Bill Gates and chief executive Steven A. Ballmer to make
security the company's top priority.
"No other company in the world is more committed to providing its
customers with more secure software than is Microsoft," said Sean
Sundwall, a company spokesman. He said he could not comment further
until the paper is released.
Since the recent spread of the Sobig, Blaster and Slammer worms,
federal and state officials have questioned cybersecurity more
critically. Many technology officers for companies and governments are
reconsidering whether they should diversify the types of products on
The paper argues that governments, through their power to decide what
software to buy for their systems, should force Microsoft to reveal
more of its software code to allow development of better security
tools, and to make its software work better with competing products.
Policymakers must "confront the security effects of monopoly and
acknowledge that competition policy is entangled with security policy
from this point forward," the paper says.
The technology industrygenerally opposes government regulation and
favors allowing the marketplace and technological innovation to create
solutions to problems. Under the free-market theory, if a company's
products are flawed, consumers will buy others that are superior.
But Microsoft has virtually no competition for PC operating systems,
and people who break into computer systems or write worms and viruses
are more technologically adept than many software manufacturers.
"I don't hold to the theory that technology always beats policy," said
Daniel E. Geer Jr., one of the paper's authors and chief technology
officer for AtStake Inc., a business-security firm in Massachusetts.
The report is being released by the Computer and Communications
Industry Association, a trade group that is involved in antitrust
action against Microsoft in the United States and Europe. Other
authors include Charles P. Pleeger of Exodus Communications Inc.; John
S. Quarterman, founder of Matrix NetSystems Inc.; Rebecca Bace, chief
executive of network security firm Infidel Inc., and Peter Gutmann, a
computer science researcher at the University of Auckland in New
Geer said the paper grew out of his ideas and discussions among
security executives and academics about the increase in security
threats and was not instigated by the association.
"Nature does not put up with monocultures" because they are too easy
to attack, Geer said. "If everything looks just alike . . . it will
promptly be punished."
Another author of the paper, Bruce Schneier, chief technology officer
of Counterpane Internet Security Inc., is a longtime Microsoft
antagonist who has argued that the company should be held financially
liable for its security flaws.
Computer users generally agree to terms that absolve software makers
of liability, which Microsoft's critics argue gives the company no
incentive to be more vigilant about security.
Schneier said the problem with Microsoft is that it is so intent on
being dominant that it designs its systems primarily to keep out
competitors, not intruders.
"Their goal is to facilitate lock-in" of Microsoft products, he said.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.