06.19.10
Prominent U.S. Government Figure Blames Microsoft for Security Problems, Dell Disagrees After Alleged Microsoft Pressure
Summary: The problems associated with Windows are explained by another longtime professional in this area; Dell’s reversal regarding GNU/Linux security agitates GNU/Linux users who suspect that Microsoft is at least partly responsible for the change
MR. Richard A. Clarke is no person to be ignored. As Ars Technica recently revealed, Clarke blames Microsoft for many security problems that jeopardise national security and the Huffington Post has just written about this as well:
As Clarke reports, prior to the 1990s, the Pentagon made extensive use of specialized software designed by in-house programmers and a few defense contractors. But under pressure from libertarian ideologues and business lobbyists, the Pentagon began to use commercial software instead — in particular, Microsoft software. However, it turned out that Microsoft had built a low cost brand based on a principle of “one format for all” — rather than software that was tailored to special security needs. Problems soon arose, including, as Clarke recounts, a 1997 incident when the USS Yorktown, a Ticonderoga-class cruiser whose ship operations were administered on computers running Windows NT, was rendered inoperable after Windows crashed. “When the Windows system crashed, as Windows often does,” Clarke writes, “the cruiser became a floating i-brick, dead in the water.” After this and a “legion of other failures of Windows-based systems,” the Pentagon considered a shift to free, open-source operating systems like Linux. The code of open-source software can be altered by the user, and so the government would be free to change the software without interference from companies jealously guarding their design. It is also free.
Such a switch, though, would have been disastrous for Microsoft’s lucrative dealings with the government. The company was already fiercely opposed to regulation of its products’ security; it did not want the added delay and cost of improving its software in order to decrease its vulnerability. If the government switched to open-source software, it could make the improvements itself — but doing so would deal a major blow to Microsoft’s profits. So Microsoft moved to prevent the government from exploring any alternatives. It “went on the warpath,” writes Clarke, threatening to “stop cooperating” with the government if it adopted an open-source platform. It made major campaign contributions and hired a small army of lobbyists. Clarke outlines their purpose as: “don’t regulate security in the software industry, don’t let the Pentagon stop using our software no matter how many security flaws it has, and don’t say anything about software production overseas or deals with China.” (China, security experts feared, could plant logic bombs and malware into the software.)
Clarke reports that Microsoft insiders admitted that the company “really did not take security seriously,” because “there was no real alternative to its software, and they were swimming in money from their profits.”
For those who have not noticed, we updated twice each post about the Dell incident (it says “Updatedx2″) in order to show the response to what Dell had done [1, 2]. People alleged that Microsoft was responsible for changes in security advice and here is another new example of a rant:
Gosh, I wonder how many lawyers, and how many threats, it took to get that changed, and whose payroll the lawyers were on, and who was making the threats?
I think I’ll go over in the corner and hurl now. The whole situation, and the disgusting company behind it all, makes me ill.
We already possess undeniable evidence of Microsoft's retaliation threats against Dell. Microsoft will continue to produce fake security reports, bribe journalists, and harass those who expose Microsoft's security problems. Coercion is what Microsoft does best and if even giants like Dell are so spineless, shouldn’t there be room for an investigation? It’s an obstruction of truth. █
Needs Sunlight said,
June 20, 2010 at 2:18 pm
The insecurity of Microsoft products is severely understated by Clarke. The role of active quislings was also glossed over. Microsofters on the inside is at least as big a problem as the bad engineering itself.