Microsoft Hack a National Security Threat

Scott Treadwell writes "The Center for Strategic and International Studies (CSIS) stated in a 73 page report, that the government and the private sector should be concerned about the " trustworthiness" of future Microsoft products. This, in the aftermath of the October hack into the Microsoft's network in which an attacker allegedly gained access to Windows source code. "With most military and government systems powered by Microsoft software and more generally reliant on [commercial, off-the-shelf systems], this recent development can pose grave national-security-related concerns""

Which Microsoft hack?

[Snowfox]

Which Microsoft hack would this be?

Is this the Windows9x-on-top-of-DOS Microsoft hack?

Is this the "invent your own language" MS Word Grammar Checker Microsoft hack?

Or is this the mutex display bit "one program freezes your OS" Microsoft 3.1 and 95 hack?

Or is this the web-browser-turned-drive-explorer hack?

Or is this the always-locking-up ftp hack?

Maybe this is the "some versions of Direct 3D render bitmaps upside down, others don't, depending on which version of the interface you probe" Microsoft hack?

No, I'll bet it's the unstable "oversized int destroys your registry and requires reinstall" Microsoft hack.

Nyet. It's got to be the brain dead Outlook stationery format Microsoft hack.

No wait, I'll bet it's...

Re:People need to realize

[SuiteSisterMary]

We'll consider a default Window ME install to be very useable, but rather insecure. Now, add a small filesystem layer that encrypts and decrypts everything to and from the hard drive. Replace the usual login password with something that checks an individual's physical traits(such as DNA or maybe fingerprints). Make sure that it's checked as soon as possible. I'd replace the BIOS with whatever checks for the DNA/fingerprint. We'll also assume this workstation isn't physically connected to any other.

Spoken like somebody who has no idea what computer security is. I'll start with a few of the basics, just to get you started. For more information, in a fairly simple format, find O'Reilly's "Computer Security Basics."

1. There's no access controls. Great, you're checking DNA. What stops me from walking in and yanking the power? Or buggering off with the box itself for later decrypt?
2. What sort of user protections are there? You named Windows ME, so we'll use that. No ACLs, no auditing, nothing of the sort. A 'secure' system audits, generally through hard copy (which can't be invisibly altered) every, and I mean EVERY action.
3. This thing has a floppy drive, and a CD-ROM, so I won't even get into the idea of walking in with a linux boot disk and a parallel port ZIP drive and copying the drive for later perusal and decrypt. See point 1 above.
4. You failed to mention any sort of backup scheme, as well as disaster avoidance/recovery. That means I can deny the system to you with a flick of the circut breaker in the basement/closet.
5. Also, this being Windows ME, anything beyond the most basic of fault tolerence is impossible.
6. You failed to mention any sort of human protections; DNA/Fingerprints are very easy to get ahold of. I can convince you to put your finger on it, one way or another. Do you have a 'duress' password you can supply, which will trigger a silent alarm, but not tip off the intruder?
7. Again being commodity hardware, this thing probably isn't TEMPEST shielded.
8. This being Windows ME, it doesn't support process isolation, etc etc. I can write a two line program, in Visual Basic, that will grind the machine to a smoking halt.
9. If it's not connected to anything else, in any way, that obviously precludes a network, or the Internet. Suddenly it's not so usable.
10. This being Windows ME, you have NO way of doing a code audit, and no way of guarenteeing the swift and competant fixing of any bugs.
11. I won't even get into the inherant stupidity of trying to use WinME for anything, including games. Before you saying anything else, please do read up on the subject at hand. Start with the O'Reilly book referenced above, then a few others I can name, "Practical UNIX and Internet Security" being first on the list.

Re:Governments Using Proprietary OS'es

[WebCowboy]

The folowing is no exaggeration. There are EXACTLY ZERO power plants--nuclear, or otherwise--in North America that run their critical systems on Microsoft products. This is for several reasons:

1. Microsoft does not make a HARD REAL-TIME OS. For critical systems this is essential, because timing of critical tasks cannot be interrupted by non critical tasks such as switching operator screens or animating cursors and icons. You are more likely to see QNX or something similar in a power plant.

2. Microsoft waives all responsibility for death, injury or serious financial loss due to bugs in their software--REGARDLESS of it's use--in it's standard EULA. "No warranty, expressed or implied" and all that crap. Specifically they state that Windows and it's apps are not suitable for critical medical, aerospace and utility applications. So much for paying for "accountability and liability". If your CANDU goes China Syndrome because of a Microsoft BSOD you can't sue Bill OR his company because they warned you. Similarly if a bank loses your money or the government your tax return they cannot sue Microsoft either. Nobody should depend on Microsoft for accountability--they offer NONE. What they offer is for-a-fee technical support and the fact they are a relatively old, stable company that can offer those services and periodic upgrades for the forseeable future.

3. Microsoft is simply not willing to provide the support that mission critical systems demand. In the typical high-priced, ultra-stable critical systems the source is usually closed, but what you pay for is one-on-one support. If a bug is discovered, the company will send an engineer to look at it and the company will even write a patch to fix your particular problem ASAP. No waiting weeks to months for Service Pack 2 or Hotfix Q286745 or whatever.

4. The most critical of systems don't even rely on PC technology or commodity hardware at all. Even if all the "Critial" PCs crashed, the power plant would not shut down or blow up. It would idle along, all safety systems intact. The operators couldn't adjust any setpoints until the PCs came online, but the current setpoints would be in place. Safety and other ultra-critical systems rely on old but dependable technology used in your typical embedded systems. The continents power systems do not rely on PCs at all. They rely on little $2000 Z80-based PLCs and RTUs, or even electromechanical relays pneumatic or hydraulic systems that have worked well and are subsantially the same as they were in the 1940's and 50's.

Keeping these points in mind, rest assured that planes won't fall out of the sky, there will be no blackouts or hospital patients killed due to a Microsoft Malfunction.

OTOH, you could have your web banking account tapped dry or your Prozac prescription exposed because of un-patched security holes in a Microsoft product (or even poorly secured and administered systems of any sort). THOSE systems rely on closed source, often MS-based commercial software. It's not that closed source is the devils work--it's that Microsoft cannot and will not support their products in a manner REQUIRED for mission critical systems. THAT is what worries me...

real link

[pirodude]

try this link http://www.cnn.com/2000/TECH/computing/12/29/csis. microsoft.report.idg/index.html

well, duh!

[mr_burns]

Somebody once posted or quoted here that running microsoft OS's on the net was like planting the same strain of corn throughout the entire country, and that a single corn disease could wipe them all out.

It doesn't matter whether or not some crackers futzed with the 'doze source. I think all of us agree that it's so darned insecure and widespread that even as a checksummed audited binary, it's a national security threat.

All a foreign nation needs to do to really screw us over is combine the growth mechanism of melissa or ILOVEYOU and the bittersweet tang of back orifice (modified enough to fool the 2 year old virus patterns most people are using), and they've got us by the balls.

Windows by itself is a threat to national security. Thankfully, we have alternatives who's component schemes have ACL's built in , whose source has been audited for buffer overflows, and for the most part are free. The applications are there, and free, to replace office, explorer and most other things.

And I know this works in practice, too. Because I've never owned a windows box in my 20+ years of computing, I've been able (combined with some common sense) to avoid getting a single virus, without the aid of virus scanning utilities.

I don't know what to make of this

[Grant+Elliott]

This article seems to contain a few contradictions. It seems a trite ironic that the US government is willing to admit that most of their machines run Microsoft software, yet they continue to take Microsoft to court. (Bite the hand that feed you, anyone?) If I recall, one of the recommendations made in the trial was to make Microsoft open source at least parts of their software. And yet, access to that source code constitutes a security risk. There is a slight contradiction here!

On another note, if we are ever to convince big-name organizations (ie. the US government) that Linux is a viable option, we can't exactly agree with the content of this report. If unwittingly revealed source code is bad, what is intentially released source code? They don't like code that may have been modified by one person, but we want to offer them an alternative in code that has been modified by hundreds of people. Somewhat humorously, the Linux community may have to defend Microsoft on this one.

By the way, you might want to fix that link.

Putting all eggs in one basket

[gotan]

I mean, what do they expect? They make the proper functioning of the government and the military dependant on the products of one single software giant who won't even let them look at the intrinsic workings of their software (the source) and without planning ahead what to do if it breaks.

Now they need a security breach at MS to recognize this is a bad idea after hundreds of previous security holes didn't open their eyes? And what will all this lead up to? A few papers how this security breach isn't all that important for national security (and in fact it isn't, reagarding all the other gaping security holes in MS products) and that's it.

The alternatives i see are:
- look out for alternatives to work with and put them into use at least in some places, so if the security breaches in one OS forbid it's further use the alternative is ready for use in an overseeable time (anything less than a year is unrealistic here)
- engage in the development of the software they use (open source is a good starting point here if you don't want to do it from scratch) so at least they have a little control over the security and when holes will be patched.

All this is of no use if the people handling critical data aren't minimally trained (it is a bad idea to download software from the net and run it, regardless of the OS you use. If the OS faciliates this (like running applications from mailprograms at a mouseclick) it only makes things worse).

Re:Worse than you might think

I've just tested that, and it seems to be bullshit. At least it is under word2000. I haven't word word97 in ages, but I certainly don't remember it there either.

Maybe they were referring to fast saves (which I always disable)? Fast save only writes document changes. A full save re-writes the entire document to disk. That's been known and documented behavior for years.
Not knowing or forgetting is incompetence.

Just tried with fast save enabled. Still doesn't happen.

There was a thing where people distributed a PDF with sections blacked out. On slow machines the text could (momentarily) still be seen as the black boxes were drawn on a different layer to the text. Even that was incompetence, rather than a real flaw in the app.

Governments Using Proprietary OS'es

[penguin_nipple]

Any governmental agency, whether American or Canadian (being a Canuck myself, I can't really comment on the Yankees), should make it a serious goal to utilize the *nix's or custom developed OS'es in sensitive operations. There are a couple of reasons.

1) No coporate entity should have absolute control over the operations, however minimal, of a government. I think most of you would agree that a coporation, whether it is Sun or Microsoft, should not infiltrate a government agency in that manner. As a point, I am aware that the US Military and various agencies use the services of Sun Microsystems. However, my understanding is that Sun is contracted for customized development work, of both OS'es and apps (rather than just running out and buying 50 workstations preinstalled).

2) Its also my understanding that the original BSD distribution, developed at Berkley was contracted by the American government for use in critical systems. If that was the case, then why is a consumer OS like Microsoft Windows seeing such proflific use in government operations. Economic deals with major corporations should not dictate what what OS is holding our sensitive information. Again, American or Canadian, that basic point of fact should make you think.

3) If it was government policy to use a specific *nix, one or many (ie OpenBSD, FreeBSD, Linux, whichever was most appropriate for the particular task), then numerous engineers and scientists could be utilized to strengthen weak areas and improve already effective areas. In effect what would be happening is a re-conribution of code back into the main source trees of each distribution, or flavour. This would be the same as an influx of intellect and dollars into this area of Computing.(I also think most of you would agree that many of the best, and brightest minds in CS and OS development around today are working in government agencies - whether or not you know their names, this is the truth).

Finally, throughout the computing industry, it is being recognized that computing technology no longer exists only in the realms of research and science. This technology has become critical to the functioning of society, in a very practical, day to day sense. I did read an article recently on Ars-Technica about the recognition that fault tolerant computing is now getting. To this end, the government should seriously evaluate the use of a consumer OS. For instance:

Does NASA buy 50 Aibo robot dogs to launch into space? No

Do they hire TRW or Boeing to custom build equipment on a contract basis? yes

So, if these agencies already have a method for contractng the services of companies to design fault-tolerant and secure systems for various military and aerospace operations, why should the database which stores my medical, personal, or credit information be any different? In both cases, the lives of individual citizens is at stake.

I am certainly not trying to simplify the situation or even offer a blanket solution. I am saying one thing though no government should be purchasing and using off the shelf, shrink wrapped software to hold any of our information. Period.

Flame away if u think I am way off base =)

Government uses a different OS

[Dorkman909]

The government doesn't use Windows, Linux or xBSD for its truly sensitive documents. Instead, the DoD uses Wang's XTS-300, which is tested more extensively than the OpenBSD project and is the highest security rated operating system in existence, as seen here. One thing I thought was cool about this system is that you can't tell with 100% certainty disk space because users could in theory devise a scheme where they could pass messages encoded in changes in availability. For the same reason, if you time a process, some margin is added to the value you would get, which makes message passing take extremely long. The full specs of the Common Critera, an updated "Orangebook" are here.

Hole?? Threat??

[www.sorehands.com]

Is the concern because the source code was distributed?

Or is it that Microsoft so little knowledge of security that their own system is compromised?

Open source with many eyes can enhance security...Closed source that hackers have the source to is a security breach.

We better watch out then!

[dasunt]

Us slashdotters have better watch out, I'm told its pretty easy to get the source to linux. :)

So what?

[DeafDumbBlind]

No system connected to the outside is 100% secure, be it unix, windows, MACOS, whatever. If it's a national security issue then the machines shouldn't be on the internet.
Regarless, the biggest security threat is the lack of dilligence displayed by users and admins. Far too many people use their name as the password or use no password.

now they are afraid?

[tolldog]

I find it interesting that they openly accept any software just because it is made by a large "trust worthy" company.
But since that software may have been compromised by somebody from the outside they are afraid.
What has kept Microsoft employees from doing the same thing? Or, as some would want us to believe, keep Microsoft from doing anything.
Any time a company (or a government) uses closed source software, there has to be a level of trust.

Title has an extra word

[rknop]

It should read "Microsoft a National Security Threat".

-Rob

Re:Um...

[Reality+Master+101]

There's a simple solution that Linux advocates use to give themselves perfect security: They just chant "security through obscurity is bad" over and over, and then they are magically secure!

--

How does the hack change things?

[JimDabell]

So the U.S. government trusts every single Microsoft employee with the authority to make changes to the source code?

Whether or not an intruder gained access to the source, the U.S. government would be fools to trust something for sensitive operations without performing a full security audit on the source themselves.

People need to realize

[SuiteSisterMary]

It's not that difficult folks; just remember the golden rule:

Security and ease-of-use are mutually exclusive, and are usually inversely proportional.

And remember, neither Linux nor BSD, nor any other OS you can probably name, are secure. Security is a) more than just the ability not to be hacked, and b) more than the OS. A truly secure OS doesn't have the concept of root, for example, and requires hardware support for quite a few of the security features. In other words, by definition, any OS you can a) buy off-shelf at the mall, or download freely (as opposed to 'a free download) or b) that runs on 'commodity' hardware, isn't secure. It might be 'secure enough for my purposes,' but that's it.

Worse than you might think

[phinance]

It's worse than just trying to fight off skilled crackers, etc. During a brief stint at Los Alamos as a researcher I heard this story: The classified portions of an MS Word document were highlighted and cut out so that the document could be sent to individuals without the proper clearance. Unfortunately, because the "Undo" feature works across sessions (the undo information is stored in the saved document) all the uncleared recipients had to do was Edit->Undo to see the classified portions.

The lab could educate the secretaries and researchers about the "gotchas" of every commercial product they use (and they do try), but people are bound to forget or make mistakes. If they deployed open source software they could inspect and modify the code to make these holes unavailable.

We already knew this,but apparently they didn't...

[juliao]

Critical systems, either from a security or from a reliability stand-point, are very different from retail systems.

You can never be sure of anything unless you check it yourself. Mere "trust" is seldom an option when it comes to mission-critical applications. And while trust if acceptable in commercial systems (if it breaks, let's sue them) it just isn't an option when break-of-trust involves lives or national security.

That's why I understand that banks use Microsoft products, but i get very scared when aerospace or medical systems even go near Windows...
-----