[Dshield] Microsoft - Threat to National Security?

Richard Ginski rginski at co.pinellas.fl.us
Thu Sep 25 14:23:32 GMT 2003


IMHO:

I'd also like to add that it wouldn't matter what OS we're talking
about here: in a distributed environment, society and business would
have gravitated to a predominant OS....it just happened to be Microsoft.
Granted, due to marketing and strategy, Microsoft has achieved their
success. However, there would eventually had been a "Microsoft" called
something else...and we would be having the same discussion about them.
Moving away from one OS to another OS won't solve the problem. The
"community" would simply turn there focus on finding security flaws with
the "next predominant OS".....and we would be discussing how the "next
predominant OS" is a threat to national security.

I'm not saying that the community should stop finding flaws in
Microsoft. That would be naive. Instead, better code should be written
by vendors, more responsibility and accountability should be imposed on
vendors, and the community should keep that "in check".

>>> JOHN.B.COXE at saic.com 9/24/2003 6:45:34 PM >>>
I will try to wipe off my OS warpaint and these comments are strictly
my
own, continually subject to revision.  One point I would take up with
the
paper is the fact that the problem is not confined to the desktop
periphery.
Code Red is an excellent example of where service infrastructures were
compromised on a widespread level.  The very fact that its fires raged
for
months says something too.

The problem, IMHO, is that corporations have settled on comfortable
(!=
reliable) MicroS**t environments for their enterprise services.  It is
a
decision based on cost and availability of capable labor.  The PC
hardware
is a bargain dollar-for-dollar against equivalent computing power. 
Linux
may be practically free.  But anyone who has tried to hire capable
*nix
admins knows, even after the dotcom collapse, they are relatively
scarce.
Management also is generally not comfortable with the basics, much less
the
details, of the *nix environment.  However, Windows servers are
basically
just like their familiar desktops.  So they settle on Windows for
their
servers and put their trust in the ubiquitous MCSE.  Though there are a
lot
of bright and capable MCSEs out there, there are also a lot of
unfocused,
improperly trained, and unmotivated outside of 8am-5pm MCSEs (unlike
the
general *nix counterpart).  The field was flooded by the vacuum of
career
opportunities.  Their presence is exacerbated by the MCSE training and
focus
that is not on true network and system fundamentals, but on (perhaps
practical) MS's implementation of "standards" and their desktop
environments.

Their comments on complexity probably won't be properly received by
some.
Complexity is often "neat" and convenient.  MS Exchange / Outlook
(MAPI) is
fat and network/system resource intensive, as an example.  But it also
is
feature rich and fits the bill for a lot of enterprises.  It places a
lot of
productivity risk into one huge package.  And it, to borrow one of
their
terms, locks in the users to all of the features implemented.  If you
don't
like the way they do calendaring and meeting requests, tough.  And if
they
break, oh well.  It's like the DVD breaking on your combo TV/VCR/DVD
unit.
No room for 3rd parties most of the time.

MS does deserve some credit.  They have taken Xerox's framework and
truly
developed a comfortable Windows environment.  So did Apple I suppose,
though
I haven't used one since the Apple II went to 64K.  Also their Windows
for
Workgroups byproducts, that haunt us to this day, did provide a comfy
way to
exchange files on a local network.  It's too bad that many port
135/137/139/445 beacons out there are residential broadband desktops
that
have no practical reason for this default configuration.

If Moore's Law can be extended to Windows featuresets, the OS is going
to
become a digital Frankenstein's monster, replicated far beyond
reasonable
control.


-----Original Message-----
From: Kenton Smith [mailto:ksmith at chartwelltechnology.com] 
Sent: Wednesday, September 24, 2003 10:35 AM
To: list at dshield.org 
Subject: [Dshield] Microsoft - Threat to National Security?


Has anyone else had a chance to read this report regarding how
Microsoft's monopoly position makes it a national security threat? I'd
be curious to hear other people's take on this. I'm still trying to
come
up with something coherent, it's certainly controversial, I'll give it
that.
Go here and click on the Read Report link -
http://www.ccianet.org/index.php3 

Please don't make this an o/s war thread, that's not in anyone's best
interest.

Kenton

_______________________________________________
list mailing list
list at dshield.org 
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list 

_______________________________________________
list mailing list
list at dshield.org 
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list