02.05.11
Wakeup Call for the British Government Regarding Threats of Proprietary Software
Summary: The government’s obsession with code which cannot be seen (or believed not to be seen) comes back to haunt it
EVER since 2007, Techrights has covered many examples from the UK where the use of proprietary software — especially Microsoft software — is rather extensive.
Now it’s time to pay the price:
Chinese cyber-spies penetrate Foreign Office computers
[...]
China has penetrated the Foreign Office’s internal communications in the most audacious example yet of the growing threat posed by state-sponsored cyber-attacks, it emerged tonight.
William Hague told a security conference in Munich that the FO repelled the attack last month from “a hostile state intelligence agency”. Although the foreign secretary did not name the country behind the attacks, intelligence sources familiar with the incidents made it clear he was referring to China. The sources did not want to be identified because of the sensitive nature of the issue.
Time to drop Microsoft Windows then, right? It is known that this operating system is used on desktops in the British government, unlike Munich’s. Munich shrewdly decided to use code which is visible to everyone and is therefore more hardened and throughly tested. Windows hasn’t the same merits. China's crackers get access to Microsoft's source code anyway (whether Microsoft hides it or not). Nobody should be shocked that China routinely penetrates government systems in the West if it is made so easy.
“Nobody should be shocked that China routinely penetrates government systems in the West if it is made so easy.”Novell’s proprietary software too turns out to have new flaws [1, 2], even in products that have existed for many years, unlike young one that Novell is promoting (see the PR circus about Vibe and a bit about Henderson and John Stetic of Novell).
Due to the code being secret, developers have little or no incentives to polish it and secure it. In general, proprietary software tends to be less secure, as indicated in fact by a lot of studies. If the UK wants its security to be improved, then it’s time to embrace transparency. Secrets leak sooner or later anyway, causing far more damage than disclosure of something that was done under public scrutiny all along. █