Slashdot Mirror
Reliance On MS A Danger To National Security
An anonymous reader writes "A panel of leading security experts Wednesday blasted Microsoft for vulnerabilities in its software, and warned that reliance on the Redmond, Wash.-based developer's software is a danger to both enterprises and national security." (Even OpenBSD might be bad if it was the only game in town.) M : The report (pdf) makes good reading.
welcome our new security overlords.
"We always consider security to be our absolute top priority," - Microsoft spokesman Sean Sundwall
You mean their proclivity to collect the worlds cash is a secondary mission? Wow, Windows must be like the most impregnable fortress ever, and more.
I hope the government, in the interest of national security, can clean up MS. All the anti-trust cases don't help the problem, rather they just help companies with posturing.
Now, putting this kind of pressure on MS may really make them work harder. Imagine the government turning its back on MS, in the interest of national security. Wake up, Microsoft, before it's too late.
Urantian -- and proud of it!
the most important line in the article:
"And simply patching the vulnerability--as Microsoft has increasingly had to do on the fly as vulnerabilities are disclosed--only exacerbates the problem."
Finally someone realizes its not enough to just fix the problem, problems should be avoided in the first place! (I know, I know, easier said than done, {insert OS here} isn't perfect either).
Children in the backseats don't cause accidents. Accidents in the back seats cause children.
Reliance On MS A Danger To Rational Security
See the Pictures of the Flood of '08
This article help explains very well why diversity in computers is a good thing.
(It's harder for virus makers to affect more computers at once if less computers use the same OS)
I see no mention that it is the administrators who must share responsibility for the compromises and exploits.
Feed the need: Digitaladdiction.net
Bears shit in the woods and the Pope turns out to be catholic!
I find the argument against Microsoft as a problem for national security ringing a little hollow. First, The US government is a complete hodge-podge of computer systems, databases, technologies from various epochs; all of which is unfunded. In fact, the latest US CIO is not going to get the funding need to create a central IT.
So the problem, as I see it, is that the US government has some severe, indemic, structual problems relating to IT policy which makes citizen privacy, national security, and proprietary knowledge at risk.
Of course, put Microsoft on top of the quagmire and you've simply opened the door to the vault for every hacker in the known universe.
I have a hard time blaming the problems of US IT policy on an OS; it's hard to fathom.
"This isn't a study in computer science, its a study in human behavior"
And the Navy is going to Microsoft in a wholesale way. The new mega contract NMCI is locking the Navy into a MS solution for _all_ IT. Non conforming (ie non-microsoft) are labeled as a legacy systems and all new development will be required to use MS products in order to be on the network. Also, all network storage will be stored in a single facility !.
This is I believe a very dangerous approach for the reasons discussed in the article.
In addition to inefficiency of restricting a solution to a small set of tools. How many large organization standard on a single environment for all computing and IT needs?
Prediction: most of the counters to this will come from the observation that it was sponsored by the CCIA, which contains many of Microsoft's would-be competition. Of course, the CCIA contains just about everyone -- but then I repeat myself.
Lacking <sarcasm> tags,
(trying desperately to remember the quote from Ghost In The Shell)
It's not Microsoft, specifically. The problem is monoculture. No matter what the dominant OS - Windows, Linux, Mac OS, BeOS - the number one guy gets picked on the most, and exploited the most. That creates weakness all the "trustworthy computing" in the world can't fix.
What I fear is some kind of mathematical "reduction" of the problem. "OK," they'll say, "we'll mandate that 30% of stuff move to Linux". OK, great idea: which 30%? "Hmm, you're right. We'll say 10% of web servers, 10% of desktops, and 10% of back-end (DB, etc) stuff." Getting warmer: which 10% of the web servers? Which 10% of the DB servers? Can you get rid of some of your MSSQL on W2k and replace it with Sybase on Linux (easily, with not serious cost and porting problems)? Etcetera, etcetera. I call that "going nowhere fast".
I guess what I'm trying to say here is, I don't really see how to undo the monoculture, when it is backed by 1)such amazing industry power and 2)such entrenched mindset. Figure out how to get people to seriously believe they can run Linux, or Mac, or whatever, and you've gone a long way to solving the problem; but isn't that what people like Microsoft are working just as hard to undo?
ZOMG I WOULD LOVE TO KNOW ABOUT YOUR FEELINGS ON MACINTOSH VERSUS WINDOWS, VI VERSUS EMACS, AND HOW YOU'RE NOT A DORK
Reports like this frighten me deeply. The possibility that people exist who don't already know that "operating system monoculture = bad" just boggles my mind. Of course, there are the people who do know this, and pretetnd not to (read "Microsoft, MCSEs, maybe government kick-back-takers"). Those people make me angry, but I think that we are in more danger from the first group (idiots) than the second (the willfully evil). OK - that was some good spleen-venting.
While the report's authors note the seriousness of their recommendations, they stood by them. "When the government uses a product whose monopoly position undermines its security, anti-trust becomes a national security issue..."
That's it! Get the National Guard surrounding Redmond immediately! Shut 'er down!
I watched C-beams glitter in the dark near the Tannhauser gate.
Not that I like MS, but this situation would pertain to any other OS if 90% of machines were using the same OS. Even it it was an OS you liked or felt was secure it is a big issue.
"Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
We rely upon half-baked right wing Dr. Strangeloves to choose the foreign countries that will welcome our invasions...
We rely upon deregulated billionaires to keep our stock market and investment firms honest...
We rely upon greedy employers not to send our jobs overseas in order to ratchet up the stock value and buy themselves extra homes and diamonds...
So why shouldn't we rely on a convicted monopolist with a track record of utter failure behind it to keep our national computer infrastructure secure, too?
This is just Ed Black--a consultant for Sun and Oracle with a history of slamming Microsoft on behalf of his clients--using a forum to once again go after Microsoft. Ed Black ain't no security expert. He's a lobbyist. And what the heck has @stake done to be deemed a leading security firm? Ooh. They're consultants for IBM. (http://infosecuritymag.techtarget.com/2003/jun/di gest05.shtml) Imagine that! IBM, Oracle and Sun bashing Microsoft.
This "analysis" is just a load of crap from Microsoft's competitors looking to get a piece of the defense-contracting pie.
I agree with the report authors that the monoculture of Microsoft is dangerous. Any one of us can see that, particularly after this exceedingly expensive summer, the MS monoculture we're enduring is costing us billions.
However, I cannot agree with the recommendations that require MS to do this, that, and the other thing. Recommendations such as releasing Office for other platforms at the same time as for Linux and MacOS for example. The only recommendations I could see supporting would be those that explicitly break up the company into OS and application divisions - in order to shatter their monopoly.
The recommendation that they must release their apps onto different platforms is, IMO, dangerous. It means that they will then unleash their "user friendly" nonsense on OSes such as Linux, and we'll end up with the absurdity of the Windows platform paradigm trying to seed its ugly crop of security problems in a new field instead.
For National Security purposes Governments should insist on only using applications that they can also purchase the source code to. They should insist on using applications that are proven to be secure, not just popular. And they should insist that software companies be held liable for flaws that cost them security.
Pierre
I should stop reading slashdot for a while and get to work.
GOOD GOD, MAN! Get a hold of yourself! Do you HEAR what you're saying?
I can't see companies suddenly rushing out to switch to Linux from this alone. The recent virii, worms, and trojans have had a cumulative effect, and this will add to it, but I can't see it making a difference on its own.
Nothing - well thats something.
I agree with the article's conclusions, but I am not sure I agree with their proposed remedies. I think the most appropriate thing to do (for a government) is to require the use of open protocols.
For example, if the various departments and branches of the U.S. government would stop exclusively using MS Word as their ubiquitous document exchange format, that would make a big difference. Right now, if you want to do business with the U.S. government, you pretty much have to purchase and use MS Word. Then your office needs to purchase and use MS Word. Well, as long as your Washington office is using MS Word, I guess that field office that decided to save some money by using Word Perfect ought to "upgrade" to MS Word as well. Seems the import filters for Word Perfect don't quite get the latest version of MS Word just right.
OK, you can use Open Office or Word Perfect to create your documents, but will the pagination, headers, footers, and other tid bits come out right? No. These software products cannot make a "perfect" MS Word file because they don't know how. Microsoft has not published the specs for such a file. When the import filters get close, the MS Word format (the default format that the latest version saves to) changes ever so slightly.
How about the U.S. standardize on an open document format (egads-- not SGML but maybe even Microsoft's own RTF... anything!). Then, make sure their e-mail systems, VPN protocols, encryption formats, etc. remain based on open standards. Where Microsoft (and to be fair, others) "embrace and extend"... don't allow such non-standard extensions for dealings with the government.
Any false property right is a danger to societies security. Just look at how slavery led to the civil war. Today many are betting trillions of dollars on a false premise, that works of knowledge can or should be owned without any understanding of what that implies. Because information is becomming so easy to copy, change, and manipulate - the "middle" gound is quickly evaporating, either all information will half to be controlled or none of it.
Ed Black, the CEO and president of CCIA, whose members include Microsoft competitors such as Sun and Oracle, was even more blunt.
Always like an unbiased opinion, too. Slow news day, I guess.
Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
Even with perfect administration the danger of monoculture exists.
A single MS RPC exploit would make all machines vulnerable until patched.
A single WMA buffer overflow makes all machines vulnerable until patched.
No matter how perfect, the problem isn't the administrators, but the monoculture. If one in 3 machines was Mac, and one in 4 were Linux, you'd have enough diversity that a virus would slow down drastically enough to be contained.
GPL Deconstructed
Is relying on one vendor even that bad of an idea? The really bad idea is relying on computers for national security.
Think of the locks that are used for locking the doors of government buildings. Are they all from one vendor? What happens when it is discovered that locks form that vendor are more vulnerable to being kicked in? I don't imagine a bunch of engineers get together to design better locks in their spare time, however there is the chance that might happen if the most popular lock company was constantly making locks that were more vulnerable than neccessary.
However there is still a key difference between locks and computer security that must be considered: location. A locked building in Washington, DC isn't going to be compromised by someone in China. Anything that is so important that obtaining it can be considered compromising national security should not be stored on a computer accessible to the internet.
The government should realise this (they probably do) because this isn't the first time this has been an issue. Long distance communications during wars before the internet used various means of encryption to keep national secrets secure. Why can't they do the same for electronic communications? Create the electronic message on a machine that isn't connected to the internet, encrypt it, and burn it to a CD. Either mail the CD or send it using a computer connected to the internet. Then destroy the CD.
The government likely knows this and almost certainly has national secrets under more heavy protection than a sneakernet. When they complain about insecurity, whether it be from terrorists flying planes or chinese youths, what they really want is money and laws. They're not actually so clueless as to leave valuable lying around, but it's useful to let citizens think they do.
http://www.iht.com/articles/111195.html
WASHINGTON A virus seriously disrupted computer systems at the State Department this week, including the database for checking every visa applicant for terrorist or criminal history. The failure left the government unable to issue visas worldwide for nine hours.
The virus, which struck Tuesday, crippled the department's Consular Lookout and Support System, which contains more than 15 million records from the FBI, the State Department and immigration, drug enforcement and intelligence agencies. Among the names are those of at least 78,000 terror suspects.
A State Department spokesman said the virus, known as Welchia, did not affect any data on the name-checking system, and the agency's classified computer network - used to send its most sensitive messages and files - was not affected.
$cat
No system is 100% safe. There are some things one can do, like making sure everything is patched and another is to use odd systems. I worked for an architecture firm that used several ALPHA server for rendering projects. Several of these boxes had True64 Unix. When a couple were retired from rendering duty, we reconfigured those boxes as our router and firewall in the office. Why? Well, True64Unix is an odd platform and not many know much about the system. Its an added measure against script kiddies. Is it fool proof, no I am sure, but as one admin put it, "If they know the exploits of True64 Unix, they're a pro and proably not much we can do to stop those types". One of our boxes was attacked with the OpenSSH bug. If the attack would have been about 6 hours later, it proably would have been patched. Our other 17 boxes were patched without a problem and someone has tried to attack our OpenBSD boxes several times (hell I try once a month just to see how they react) with no luck. But hey, some bug with an FTP daemon or some PHP code and we're SOL. Bottom line: Keep patches up to date, use odd and unusual systems on the in/outbound traffic if you can, and keep lots of backups...
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
I know it's OT, but OpenBSD is probably running all of the services in the default install that you'll ever use.
It's already running a hardened Apache, Sendmail, and OpenSSH and has PF installed and ready to go. What else would you plan on using an OpenBSD box for?
Personally, I'd guess that those programs probably perform 90% of the functions that people use OpenBSD for.
And the muscular cyborg German dudes dance with sexy French Canadians
Some people persist in saying that Windows isn't less secure, it's just a bigger target! Just today someone forwarded this to me from a David Pogue column in the New York Times. Sorry I don't have a link.
g gedin /bal-mac082803,0,1353478.column
***
I also wrote that Mac OS X and Linux are virus-free because
they offer virus writers a much smaller "audience" than
Windows -- a notion that's been much repeated in the press,
most recently last week's BusinessWeek cover story.
That, as it turns out, is a myth, no matter who repeats it.
There's a much bigger reason virus writers don't like Mac OS
X and Linux.
"Unix [which underlies Mac OS X] and Linux ARE more secure,"
wrote one reader. "They have been developed, open-source
style, by people who know exactly what they are doing. Unix
and Linux have had at least 10 years of battling hackers to
better themselves. This leads to an extremely secure
environment."
Many of you also pointed out simple design decisions that
make Mac OS X and Linux much more secure than Windows XP.
For example:
* Windows comes with five of its ports open; Mac OS X comes
with all of them shut and locked. (Ports are back-door
channels to the Internet: one for instant-messaging, one for
Windows XP's remote-control feature and so on.) These ports
are precisely what permitted viruses like Blaster to
infiltrate millions of PC's. Microsoft says that it won't
have an opportunity to close these ports until the next
version of Windows, which is a couple of years away.
* When a program tries to install itself in Mac OS X or
Linux, a dialog box interrupts your work and asks you
permission for that installation -- in fact, requires your
account password. Windows XP goes ahead and installs it,
potentially without your awareness.
* Administrator accounts in Windows (and therefore viruses
that exploit it) have access to all areas of the operating
system. In Mac OS X, even an administrator can't touch the
files that drive the operating system itself. A Mac OS X
virus (if there were such a thing) could theoretically wipe
out all of your files, but wouldn't be able to access anyone
else's stuff -- and couldn't touch the operating system
itself.
* No Macintosh e-mail program automatically runs scripts
that come attached to incoming messages, as Microsoft
Outlook does.
Evidently, I'm not the only columnist to have fallen for
this old myth; see
http://www.sunspot.net/technology/custom/plu
for another writer's more technical apology. But the
conclusion is clear: Linux and Mac OS X aren't just more
secure because fewer people use them. They're also much
harder to crack right out of the box
***
You like your Macintosh better than me, don't you Dave? Dave? Can you hear me Dave?
In a post from last week.
Somebody should hire me to predict the future of various aspects of I.T. ;-)
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety" - BF
...it would cost less for the government to rent all that juicy unused fibre all-across america and build a large private intranet.You want security?Well disconnecting from the internet would be a good start.
JaredSyn.
Windows XP Professional
Windows XP Home Edition
Windows XP Tablet PC Edition
Windows XP Media Center Edition
Windows Server 2003, Standard Edition
Windows Server 2003, Enterprise Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003, Web Edition
Windows Small Business Server 2003
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server
Windows 2000 Datacenter Server
Windows Me
Windows 98
Windows 95
Windows NT Workstation
Windows NT Server
Alcohol may be bad for your liver. Film at 11.
To think that problems won't be found in any large software project at some point is, I think niave. The point however is one of culture and scale
1) Microsoft's OS is ubiquitous.
2) Its a user-friendly desktop OS which people plug straight into the Internet
3) You have no choice but to wait for Windows Update to supply you with a patch for any holes
4) Everything is intigrated to such an extent that a hole in one part can lead to exploits system wide and patches can just as easily break one thing as they fix another
For reference, look at the recent discussion here about all ATM's moving to a hacked down version of Windows because it would be compatible with the rest of the banks' networks.
Microsoft is a company. It's reason to be is profits... as much profits as possible. Just like every other company.
The problem is that they are too good at corralling all the business. (Someone somewhere is going to blow a gasket at the idea that could be a bad thing -- "Free Marketeers, unite!")
We sometimes look at this as though Microsoft's goal is to make the best operating system. That's only true as long as you define that in terms of whatever will get the most only marginally clueful management folk to swing the business in Microsoft's direction.
I think Microsoft feels that it's only in their best interests to provide the most security in their OS that they can as long as it contributes to the bottom line. If it comes to a choice between making things "easy" to sway the business, and making things more "secure", the choice has always gone with the money. They don't really have to make a truly secure operating system because they get the business through marketing tricks without going to the extra trouble.
And of course, once they have an iron grip on one market, they look for any way they can to use it to drop a hammer on competition in the next market they set their sites on.
This is why we have anti-trust laws. They are the check-and-balance of capitalism. There *is* such a thing as being too good at creating a profit. There's a point where you haven't *explicitly* broken any laws but you've driven the competition out and there's no incentive for you to produce good products because you're now in a position to create barriers to entry so high that no one can challenge you.
Unless the newborn competition can wish on a genie's magic lamp and instantly have equivalent marketing muscle to the company that already has a monopoly. Uh... yeah... right... that's going to happen. At that point, the market doesn't fix things anymore. A new set of rules apply.
Writing papers to point out the fact that a monopoly is bad hasn't worked so well for anyone so far. This isn't the first one published.
Quoth he
"It's all academic anyway..."
Just don't let Microsoft Computers connect to the internet directly With properly placed firewalls there shouldn't be a problem
"Ironically, Microsoft's efforts to deny interoperability of Windows with legitimate non-Microsoft applications have created an environment in which Microsoft's program interoperate efficiently only with Internet viruses," said Geer.
Gotta love it.
"Suppose you were an idiot..... And suppose you were a member of Congress... But I repeate myself."
You have a good point here, because the point was ringing in my ears as I read the report.
On the one hand, it is true that the combination of Windows' lack of interoperability, closed-source nature, tight integration, and near-monopoly status make it uniquely qualified to spread damaging viruses quickly, better than other operating systems. If you don't take great consideration to how you set up your IT infrastructure, you're going to get burned.
As you say, the problem is ultimately one of policy, not technology. If you know what you're dealing with, if you know what you're doing, you can establish and enforce policies in your IT infrastructure that prevent the spread of viruses. Every time a virus strikes, we hear about it from the ones that don't. We aren't hearing about the places that haven't had problems. They are out there!
Is Windows adoption by itself a danger to national security? Hardly. Bad IT policy is, regardless of OS. So when a group like this overstates their case, it really damages the valid point that Windows IS more difficult than other OSes, that certain things about Windows DO make it dangerous to adopt by a government.
I'd rather hear them talking in more moderate and modest terms. Making overblown claims that aren't easily and obviously supported by the evidence is going to make people think that the pro-OSS/anti-Windows folks are a bunch of frickin' loonies when the slightest bit of investigation can find flaws in the claims.
First of all, welcome to Slashdot, where prejudices are as regular as the sunrise (or moreso). If you want a prejudice-free environment, go elsewhere.
As to the security of OpenBSD (and I suppose everyone should take my comment with a grain of salt, since I run it on my servers), show me another OS with privilege separation, practically no suid programs, a chroot()'ed Apache, integrated ProPolice support, etc., ad nauseum. For heaven's sake, with 3.4 they're switching i386 from a.out to ELF -- forcing all of us i386 users to install from scratch -- simply because it's harder to crack. Show me any other OS that will go to such extremes for security, and maybe I'll quit glorifying OpenBSD.
How To Get Humans To Mars
Yeah, I read the stories about that also. And, since most web and e-mail servers and most small ISPs are running Linux, it could stand to reason.
However, even though Linux servers are the most attacked/breached or whatever, when mom and pop ISP #1231 gets '0WNZORD', it doesn't cause the gigantic ripple effect of every server on the 'net falling over, unlike a Windows box. When a Windows box gets '0WNZORD', entire countries get swamped off the 'net. You know, ala the Slammer worm, which knocked South Korea off the 'net, and swamped damn near everyone, no matter what their box was running.
This is what true computer security personnel take into consideration. Not just how many systems are attacked, but what the effects of those attacks are. You know, if one Linux box gets taken over, does it automatically take over more? Very unlikely. Each box usually needs the individual attention of the cracker, and then, when successful, it is usually only with the permissions of the logged in user, i.e. not root. Compare this with most Windows boxes, which, when one is cracked, it automatically turns and attacks more, and way more Windows boxes run as Administrator, either by default, or because some shit-ass program requires it.
So, yes, more Linux boxes are attacked, but the overall effect of these attacks are orders of magnitude less than the overall effects of the attacks on Windows boxes.
For those who describe their systems as 'boxen', do you order multiple 'boxen' of corn flakes also?
I would usually be the first to jump on the bandwagon here, especially since the US Govt/Bureaucracy is notoriously stupid/slow/inefficient. However, I do know a few things.
1. Information which has military and security significance is not kept on Microsoft based computers. And before you go off and say that this VISA system contains top secret information, or whatever....first, this system isnt internet connected. Second, this worm was probably introduced via poor security practices. Third... BIG F*CKIN DEAL...so your cousin cant get his visa issued for a few days. Like I said, this is not a critical system, and they just send everyone back home, and new visas are able to be issued in a few days. If nothing else, we should be happy this happened, as it reiterates the security problems in Microsoft's OS. The high level thinkers here aren't idiots, far from it. Remember, the government employees you interact with on a daily basis aren't necessarily representative of the intellect on high.
2. There is a good general practice of not connecting these networks together. Not only that, but anyone slightly familiar with places like the NSA and CIA will tell you that there are separate networks for classified, secret, and top secret. Even when these computers all sit on the same desk, they are not allowed to move information between them, since there is theoretical possibility of data leakage.
3. Anything deemed secret or higher is run on things like virtual vault, trusted HPUX or Solaris. NSA has some stuff with Linux, but this isnt widespread yet.
Remember, the big thinkers in the Govt, arent in the fucking post office, VA, IRS, etc...
Geez people, do you think we got this far by being a nation of morons. Why do most wealthy foreign nationals send their kids here to the US to be educated?
But every day is I-hate-Microsoft day at Slashdot.
That's why I'm here.
Why are you here?
SSH is amazing. Sure, I have to block it at the router at the moment, pending updates, but are you really considering it a net disadvantage? I'd say the presence of OpenSSH in the *nix world (and it's fine port Putty for win32) is a huge plus.
The equivalent in win32 is to throw a bunch of poorly implemented and largely documented controls at the world and let the kiddies run wild. A big piece of the evolution of windows is the increase in ways for strangers to do stuff to your machine. Dcom? What the hell is that? Why is it running? Why does it take a registry hack to eliminate it?
Granted, Outlook is not Windows - but Windows has Outlook and the outlook engine deeply integrated into the core of the OS. You may be able to hide it from yourself, but not from a virus.
But we are talking about the computer that your Aunt Tilly buys to chat on the interweb-thingie!
And Guess what?
Your Aunt Tilly uses the default login from the OEM, which has full admin rights!
Your Aunt Tilly does not know what ports to close!
Your Aunt Tilly does not want to be bothered with firewall rules, IDS or security patches - She just wants to play Swedish Bingo at www.slingo.com!
Your Aunt Tilly can't de-install or permantly disable Active X, Outlook, or Internet Explorer, or the VBS scripting in MS Office 9x through XP-Pro!
I doubt that you can either.
But if you hack at it long enough, maybe you can disable all the OLE that makes Windows insecure, but then you would just have a crippled GUI on an OS that is not able to connect to a network.
And Aunt Tilly would not like that!
I know this for a fact, I have an Aunt Tilly!
We hear about this kind of thing constantly, from around the world (remember those two mainframes stolen from that Australian airport a couple weeks ago.) And every time they say something like "... while the computers involved were important, no confidential information was exposed or affected by the attack." Baloney. If they were so important then something valuable was stolen. Tip of the iceberg time, my friends. I think that information theft on a Biblical scale is going on all around us, from stealing actual computers to remote exploits ... we just hear about the ones that the media happens to cotton onto, and that only because the people doing it were clumsy enough to leave traces. The bulk of this theft goes unmentioned (and probably unnoticed as well ... the best system compromise is one that flies under the radar, leaving the victims blissfully unaware that it ever happened.)
The higher the technology, the sharper that two-edged sword.
47 billion dollars Cash
Greater than 95% of the desktop market
A greater monopoly than Al Capone
Security is their number one priority
BULLSHIT!
What a bunch o losers LOL
This is old news. In May 2000, infowarrior.org carried an article "Microsoft - A Proven Danger to National Security". I can't find the article on infowarrior but it was very popular and controversial for a while -- even here on /. The sad thing is this article, was a warning that nobody in the government ever listened to. Microsoft sure didn't read this document. If they did, they've spent 3 years doing absolutely nothing.
Banjo - The more I know about Windoze, the more I love *nix
Perhaps his would, but mine certainly wouldn't be, as I'm sure you've figured out since I pointed out the exact argument he is using with some numbers at the time (actually I think it was you I pointed it out to). It's called bias when you ignore one side of the issue in favor of another. Considering all the facts and comparing ALL the numbers is not bias. Even if you only mention it when it suits your overall conclusions it's not bias so long as you HAVE considered all the facts.
There is a difference between being biased and shooting yourself in the foot. The truth is that when you look at the numbers from real web reporting engines and any firm that is not funded by microsoft (pretty sure apache funds NONE how about you?), the numbers show microsoft is something on par to apache in web servers what apple is to microsoft in the desktop market, I'm refering to share gap of course.
this situation would pertain to any other OS if 90% of machines were using the same OS
Yes and no. For example, I'm running the same OS (SuSE Linux) on several of my machines, but they're not a monoculture: one's a Sparc, one's a PPC, the rest are x86s. Of the latter, no two are running the same set of services, nor necessarily the same executable for the same service on different machines.
The former (different architectures) isn't even possible with MS (not since NT4, anyway), and the latter (different apps for the same service) is discouraged by the OS vendor. (Sure, some folks are probably running Apache on Windows instead of IIS -- but why not just swap out the OS while you're at it.)
The fact is that no other OS is likely to be the sort of monoculture that Windows presents even with a 90% share, for the reasons outlined above (not to mention the differences introduced by the different distro vendors). It'll be close enough for applications that the user wants to install, but tough for viruses and worms that have to be tweaked to target different holes in each's armor.
-- Alastair
the number one guy gets picked on the most, and exploited the most
I think that's arguably not true in the web server market, in which Apache pretty clearly dominates. I've been curious for a while to see if anyone would do a study between Apache and IIS comparing rates of security hole discovery, average time to patch/update release, and average time between release and install. My suspicion is that despite being the clear market leader, Apache's stats in this regard are competetive with IIS.
I think Microsoft's spin "we're picked on because we're number one, it's a terrible burden to carry but we do it" is brilliant, but there are few mass markets in which to test that theory. The Apache vs IIS comparison is a great one.
Tweet, tweet.
So why not a license for computer programmers ? You know, the only guys who know how to write and distribute a virus, hack into an on-line game, etc. Keep them off the roads until they grow up.
You say that the key is competition, however if you have a monopoly there is no competition. That's the definition of a monopoly.
In the case of a monopoly of a national or international scale there's no way for a true competitor to appear. The monopolist has the ability to crush a competitor through means that have nothing to do with the relative merits of the products in question. Any company with the instincts to successfully become a monopolist on a national or international scale has to have done so by being willing to squash the competition by any means it thinks it can get away with.
If a company can squash the competition by leveraging an existing monopoly, why would they compete on the merits? There's no incentive. Competition is inherently risky. It's a surer road to profit to make sure that the competition cannot reach a level playing field.
Not many companies can reach the place where they have the ability to leverage a monopoly to quash their competition. When a company reaches that position and begins to do so, we *DO* need the intervention along the lines of the Sherman Antitrust Act.
To quote your message, Can anyone think of any monopolies that have *NOT* tried to "use their market leadership to maintain their monopoly"?
Quoth he
"It's all academic anyway..."
Let me see if Ive got the timeline right: 1) US military uses MS software, 2)China is concerned about MS security, asks to see MS source code. 3) MS agrees, shows China MS source code 4) China decides MS is not the way to go, commits all government agencies to using locally developed version of Linux 5) WWIII starts and US military built around 'network centric warfare' finds all its computers crashing, US chaos and death on the battlefield ensues. War ends, MS anounces major new patch that should have been installed... Wow MS, just another good reason not to start WWIII...
I dont do meaning of life questions.
My drivers license test did not involve changing brake disks or inspecting the steering rack for wear. Did yours?
My drivers license test did not involve changing brake disks or inspecting the steering rack for wear. Did yours?
No, but driving an unsafe vehicle is grounds for prosecution. Even if you don't know how to fix your own brakes, driving a car without them is potentially criminal, if you kill someone when you crash.
You may not know how to install virus software, set up a firewall, etc, on your computer, but you should know that it needs things that you can't do to it, and take it to the local geek mechanic who can.
"City hall" in German is "Rathaus" Kinda explains a few things......