CCIA Report: Microsoft's Dominance Poses A National Security Risk

According to an article at ZDNET, the Computer and Communications Industry Association is releasing a report that over reliance on the technology of a single vendor – Microsoft – threatens the security of the U.S. critical infrastructure and economy. The report also accuses Microsoft of using security features to further expand its monopoly. “The focus on Microsoft is simply that the clear and present danger can be ignored no longer,” the paper states.

The full article:

http://zdnet.com.com/2100-1105_2-5081214.html?tag=zdnnfd.main

In my humble opinion, Microsoft ignored security for too long. Their desktop developers in the early 1990’s didn’t understand secure programming when they designed the 32-bit Windows API, a.k.a. Win32, for Windows 95 which is present in all Windows operating systems. Windows NT, 2000, XP, and Server 2003 had a solid core and tremendous potential running in protected mode with enhancements brought by the VMS developers, but backwards compatibility with the Win32 API has nullified most of the advances in security. Microsoft invested a lot of effort in drawing developers to the Win32 platform, and has continued to show reluctance to abandon the API they worked so hard to popularize. Also, they have historically focused on ease-of-use and usability issues in Windows and Office. Unfortunately making desktop PCs more secure often makes them harder to use. For example, I’ve met lots of elderly folks who have a hard time understanding why Windows XP Home Edition has separate login accounts for different users. In an era where the Internet connects the majority of desktop PCs to eachother, the challenge is to find the propper balance between usability and security. To meet this challenge, Microsoft will have to take a risk and abandon the ailing Win32 API, and do what’s good for their customers, even if the customers don’t understand or want it. They may be afraid of a more level playing field for application support if they break backwards compatibility, but their recent aquisition of Virtual PC software should allow them to run legacy applications in a virtual container. We could suggest switching to GNU/Linux, of course, but the Free / Open Source Software Community advocates choice, and for those who choose the Windows platform, Microsoft needs to deliver a more secure product.

This entry was posted in Good Reading, Microsoft, Security. Bookmark the permalink.