CCIA Urges Dept. of Homeland Security to Avoid Microsoft

An anonymous reader writes "The Inquirer has posted an article reporting that the Computer and Communications Industry Association (CCIA) has urged the US Department of Homeland Security, in an open letter to Tom Ridge, secretary of the department, to avoid using Microsoft software because Microsoft's software is 'riddled with obvious and easily exploited vulnerabilities.'"

and in other news...

The Department of Homeland Security continues to use Microsoft products despite massive flaws, just like everyone else for whom familiarity is more important than actual security.

and in other news still...

[Angry+White+Guy]

Government spending is just another way to dump money into the local economy, while rewarding campaign contributions.

Man if it wasn't for timestamps, I'd swear we were in 15th century Britan. Hello Fifedom!

But what happens if

[DaLiNKz]

What happens if SCO goes after the Department of Homeland security for using something like linux? Would it be considering terrorism?

Re:Then what?

Things are never that cut&dry.

Linux has more market share than Windows in the server market, yet Windows has a disproportionally higher frequency of reported critical OS flaws.

Re:Pretty obvious

[ch-chuck]

So ships are not important. I see.

Favorite line: "Although Unix is more reliable, Redman said, NT may become more reliable with time"

I live in that area, and there are a LOT of Msft job openings requiring security clearance these days.

I knew it!

Microsoft supports terrorism!

In a similar note...

The OMB (Office of Management and Budget?) just added MacOS X and Linux to approved OS's to use for government applications.

With the right push, we might see the tides change in *nix favor.

Re:Then what?

[DASHSL0T]

That must be why Apache has so many more security problems than IIS, since it is twice as widely used.

What are the Impartial Objectives?

[cait56]

It would be totally inappropriate for a goverment agency to blacklist a specific vendor without going through extensive hearings. That does not mean that they should not consider the vendor's history when evaluating each purchase. For the anti-MS crowd that means that they should reject each MS product individually.

More seriously, they need to evaluate what their software requirements are. I strongly suspect that they need software which will:

• Not expire: We are going to reach a point where terrorism is not a "hot button" item, and the spending will slack off. Eventually there will be another attack. The software purchased now has to work four years from now, even if the individual participating agencies have upgraded their hardware in the meantime.
• Platform independent: The federal government should not be telling local police departments what type of equipment they need. If they do, we'll end up with some equivalent of having to keep an old 286 running in the corner to deal with Homeland Security. Or on the flip side, some police department that relies on donated leftovers won't be able to run the latest software.
• Auditable: The code used for this software must be reviewable, preferably by the widest audience possible. Escrow is the absolute minimum for all source code involved. Open Source certainly qualifies, but technically the department does not need to have the right to modify the software itself. And in fact might need to keep any modifications that it keeps confidential. (Not that I really think that the GPL would deter anyone in the Bush Administration from doing something for "national security" -- I mean the Constitution doesn't.)

Huge, HUGE surprise here...NOT!

[TardBoy]

Come on, people, take a look at the membership of this organization and ask yourself if they would EVER take a position which was NOT anti-microsoft. This is not some middle-of-the-road computer science organization, it's a lobbying organization with an axe to grind. That MS software has security flaws is a given, and their position in this case may well be correct, but the CCIA's opposition to MS software is NOT news.

About CCIA

A quick look at About CCIA lists the following:

Our member companies range from Sun Microsystems, Fujitsu, Nokia, Nortel Networks, Tantivy, Time Domain, and Vion to AT&T, Verizon, NTT USA, Oracle, Intuit, Yahoo!, Sabre, and AOL

Its the who's who of MS competition.

Re:Then what?

[bruce_the_moose]

This line--that Windows has the largest market share in worms and viruses because Windows has the largest market share--was trotted out in the last few weeks during the peak of the Sobig and Blaster activity, and routinely shot down. The problem is inherent design flaws, not market share. Many have pointed out that unix-type OSes run the majority of critical Internet services, and by the market-share argument, these services should be the subject of continual attack. And yet they are not.

In short, this argument that greater adoption of unix-type OSes by the masses will result in more unix-type worms and viruses is nothing short of FUD.

Have a look at Mac's Immunity to Recent Virus Attacks which came about in response to an article posted on MacCentral on this topic. In sum, some columnist repeated the assertion that "Macs have "no more inherent security" than their PC counterparts, it's just that they've failed "to capture interest" among the creators of these viruses." This post is fairly representative of many, and makes clear the vulnerabilities of Windows are real, stem from technical reasons, and not just market share.

Mac OS X is the subject of the links above because that is where my interests lie, but the jist of the arguements could apply to any unix-type OS