Forgot your password?
typodupeerror
Microsoft

MS Cites National Security to Justify Closed Source 827

Posted by timothy
from the so-bad-we-can't-display-it dept.
guacamolefoo writes: "It was recently reported in eWeek that "A senior Microsoft Corp. executive told a federal court last week that sharing information with competitors could damage national security and even threaten the U.S. war effort in Afghanistan. He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed." (Emphasis added.) The follow up from Microsoft is even better: As a result of the flaws, Microsoft has asked the court to allow a "national security" carve-out from the requirement that any code or API's be made public. Microsoft has therefore taken the position that their code is so bad that it must kept secret to keep people from being killed by it. Windows - the Pinto of the 21st century."
This discussion has been archived. No new comments can be posted.

MS Cites National Security to Justify Closed Source

Comments Filter:
  • War (Score:5, Funny)

    by qslack (239825) <<moc.xobop> <ta> <kcalsq>> on Monday May 20, 2002 @05:36PM (#3553886) Homepage Journal
    War is always the best excuse. One of my favorite cartoons on this is Mark Fiore's, at http://markfiore.com/animation/excuse.html [markfiore.com]. :)
  • Nice (Score:5, Interesting)

    by jayhawk88 (160512) <jayhawk88@gmail.com> on Monday May 20, 2002 @05:36PM (#3553887)
    When in doubt, raise concerns about terrorism, or inappropriately use 9/11 as a crutch. The new coin of Washington (both east and west it seems).

    Nothing will ever be the same again indeed.
    • Re: Nice (Score:3, Funny)

      by Black Parrot (19622)


      > When in doubt, raise concerns about terrorism, or inappropriately use 9/11 as a crutch. The new coin of Washington (both east and west it seems).

      It's not just the USA. Want to wage war on a neighbor or on members of your own population? Just go ahead, and call it "War on Terrorism (tm)" if anyone expresses outrage over it.

    • Re:Nice (Score:5, Insightful)

      by Malcontent (40834) on Monday May 20, 2002 @08:14PM (#3555064)
      Everybody should be encouraged to go back and re-read 1984. It lays out a nice blueprint on how to manage the masses using a series continuing wars. Right now they have chosen a better option. One war against a faceless enemy who has no home base and who may strike at any time. It's brilliant actually.
      Dick Cheney said sunday something to the effect "there is a certainty they will attack us" and then said it could be any time maybe even a year from now. How brilliant is that? An infinite war. Of course he went on to say that the administration should never be investigatged or critized while we are fighting this war. Fucking brilliant. This administration has done a masterful job of shutting down dissent, much better then any two bit dictator or strongman.
  • by sllort (442574) on Monday May 20, 2002 @05:37PM (#3553895) Homepage Journal
    By closing the source we can prevent Open Source Communism.

    More proof that Bill Gates is just a more successful troll than me.

  • "Microsoft has invested substantial time and resources in providing great interoperability between .Net and older technologies," Allchin said. "Sun's strategy of promoting '100 percent pure' Java applications discourages interoperability."

    Color me crazy, but wasn't one of the most appealing points of java in fact its interoperability?

    • "Microsoft has invested substantial time and resources in providing great interoperability between .Net and older technologies," Allchin said.

      You forgot to translate this:
      We made sure .NET will crash as frequently as older Windows technologies, and contain a similar number of bugs per 1000 lines of code (allowing for a small deviation between blocks of code)


      RagManX
    • by mentin (202456) on Monday May 20, 2002 @07:47PM (#3554905)
      >Color me crazy, but wasn't one of the most appealing points of java in fact its interoperability?

      The point was portability, not interoperability.

      So Sun claims: "you can run your code anywhere", implying "as long as it is Java-code". Microsoft claims: "your code can talk to anyone", implying that your code runs on Windows.

      You can choose what you like/don't like more.

  • by wowbagger (69688) on Monday May 20, 2002 @05:37PM (#3553902) Homepage Journal
    "Uhh, the judge is acting pissed. Did you see the way she looked at us when she said 'Obey the court'?"

    "Yeah, how can we BS her on this?"

    "Uhh, maybe we can find a link to terrorism?"

    "YEA! That's it! We can't comply, because of National Security"

    Harmph....
  • He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed.

    Any fool knows that it is flawed to that magnitude. Only the fact that it was publically admitted by a M$ official is newsworthy.

  • by CoolVibe (11466) on Monday May 20, 2002 @05:39PM (#3553917) Journal
    Microsoft code and national security? Hmm... Interesting :) Also another good question is: whose national security, als lots of foreign governments use Microsoft software.

    Worrying isn't it?

  • Hypocrits (Score:5, Interesting)

    by Telastyn (206146) on Monday May 20, 2002 @05:39PM (#3553918)
    If the code is so bad as to be dangerous, shouldn't the government make them recall the code and return a properly functioning version?

    If a car was dangerous enough to possibly cause death, wouldn't the government require a recall? Wouldn't the media jump on them like rabid wolves like they did Firestone? Wouldn't people avoid the things like they did Firestone?
    • by pjt48108 (321212)
      The problem here is that M$ is proprietary, and won't release their code. Therefore, government agencies cannot verify such claims of bad code. Also, one must agree not to disclose bugs in M$ software or face prosecution. In the end, the governmetn shuld do what the gov't of Chile has done, and require the use of free (...of proprietary code, etc.) software in all gov't operations.

      But, I agree... I'd love to see the gov't return MS stuff and REQUIRE working code. Watch M$ reply with a RedHat CD.
      • True, though isn't the point of the story that they admitted to such things? Perhaps it's just one guy that is out of line, but it's another thing to add to the mounting list of circumstantial evidence.
    • Re:Hypocrits (Score:3, Insightful)

      by MxTxL (307166)
      From Fight Club:

      I'm a recall coordinator. My job is to apply the formula....

      Take the number of vehicles in the field, (A), and multiply it by the probable rate of failure, (B), then multiply the result by the average out-of-court settlement, (C). A times B times C equals X...

      If X is less than the cost of a recall, we don't do one.


      In other words, if it is cheaper to pay off everyone neccessary to prevent a recall than to actually do one, they don't do one.

    • Re:Hypocrits (Score:3, Informative)

      by bmajik (96670)
      Microsoft never made the statement that "this product is bug free, and has no security concerns whatsoever".

      The statement is, and always has been "we fix what we know about, if it wont break too much other stuff".

      Incidentally, within some egregious time window (10 years ?) they fix it for free.

      Thats the tradeoff the government willfully made when it wanted to use an off the shelf operating system, instead of doing it in house or submitting bids for a custom contract. (software that requires an ongoing support contract for security issues or _any_ issue at all)

      What you're asking for would be something like an A1 system under the old pre-Common Criteria scheme... i.e. a provably correct system.

      Guess how many products received A1 certs. Theres a list of some of them. It wouldn't take a long time to load the html. Even at 300bps.

  • by cansas (530086) on Monday May 20, 2002 @05:39PM (#3553919) Homepage
    The Pinto was never as dangerous as M$ products.
    • Are Microsoft's product really so vital that national security would be impacted if their security were compromised? This sounds like the Y2K hoopla all over again. There are alternatives to any microsoft product. Even if a microsoft app were so compromised that Microsoft couldn't release a bug fix -- it would only take a week or two for any orginization to migrate to new software. Sure it would be expensive, but not a threat to national security.
  • Equality (Score:3, Interesting)

    by jaavaaguru (261551) on Monday May 20, 2002 @05:41PM (#3553929) Homepage
    So they think that just because they are Microsoft, they deserve to be treated differently? If they made crap software that is full of bugs, and it gets released to other companies who my possibly take advantage of those bugs, then it's their own fault. If a product is meant to be remotely secure, the software company should employ QA teams to *TRY* and break into it, at the VERY LEAST. Writing poor code is no excuse for avoiding your punishment, MS. Perhaps those using the buggy software should be informed of this, and given a grace period to switch to another system before MS is made to open their source.
  • Fodder for ads (Score:5, Insightful)

    by sulli (195030) on Monday May 20, 2002 @05:41PM (#3553934) Journal
    Okay Linux junkies, particularly ones with big ad budgets: if this isn't in your ads (pref. full-page display ads in the Wall Street Journal) by next week, you massively, massively suck.
  • by Arcanix (140337) on Monday May 20, 2002 @05:41PM (#3553935)
    It's obvious the only way to keep this country secure is to hide these flaws. A cash-strapped company like Microsoft can't afford to correct the flaws in their code and it's not as if they have thousands of programmers that could fix it.
  • by selderrr (523988)
    um... how does this reasoning relate to bugs in MS Flight simulator... With amateur pilots training themselves to fly AROUND buildings, this whole software-based learning is jeopardised.

    Hey, now that I think of it, perhaps this wasn't a terrorist attack after all ?
  • by csguy314 (559705) on Monday May 20, 2002 @05:42PM (#3553944) Homepage
    him how many APIs would be exempt, Allchin said he did not know the exact number, but it would include APIs that deal with anti-piracy and digital rights management.

    Yes, those are the integral parts for security. Who cares about information being stolen. As long as no one can rip a copy of your cd, everything is kosher...
    Everyone knows terrorists rely on warez!
    • Would I be allowed to share *my* copy of *my* love letter, or am I steeling from myself and endangering national security? Maybe the MPAA wants me sign up with them first?

      Just imagine your only phone call from you jail cell: "Sorry, I tried writing a st-valentines letter to you, but the 400 year old poem that I included was considered copyright and my computer called the cops."
  • er, (Score:5, Insightful)

    by Xzzy (111297) <sether AT tru7h DOT org> on Monday May 20, 2002 @05:43PM (#3553951) Homepage
    From the story:

    > The protocol, which is part of Message Queuing,
    > contains a coding mistake that would threaten the
    > security of enterprise systems using it if it were
    > disclosed, Allchin said.

    Then with all the billions and billions of dollars M$ has hanging out in the bank, why not hire someone and FIX THE PROBLEM. What's the problem with doing the things that make sense?!

    Single best thing M$ could do to improve their product security is to adopt the 'patch often' mindset. Fix something, release a patch, everyone goes home happy.

    The bi-annual (exaggeration) security patches they currently do ain't gonna do it.
    • Re:er, (Score:4, Insightful)

      by cperciva (102828) on Monday May 20, 2002 @05:56PM (#3554092) Homepage
      Single best thing M$ could do to improve their product security is to adopt the 'patch often' mindset. Fix something, release a patch, everyone goes home happy.

      That's great in theory, but the real world doesn't work like that. In the real world, it is very hard to get everyone to apply patches, and the software vendor gets blamed even when they've made the patches available months earlier; Code Red is a perfect example of this.

      In the context of system administrators who forget to patch their boxes, you actually end up with better security if you release a large patch every month than if you release small patches every few days.
      • You should do both. That's what Hotfixes and Service Packs are for...except that M$ only fixes what it has to...not what it should.
    • Re:er, (Score:5, Insightful)

      by bobdehnhardt (18286) on Monday May 20, 2002 @05:57PM (#3554096)
      Never will happen. Releasing patches often would give the average users the idea that "this software is crap, they keep finding problems with it, that little Updates thingie keeps popping up and annoying me, why didn't they get it right the first time?" Far better to release one mega-patch every 6-9 months, label it a "Service Pack", and stress the "enhancements" over "bug fixes". At least, that's how Microsoft seems to view it.

      Microsoft is all about perception. They learned long ago that they can release pure shite as long as the general public perceives it as good. And that can be accomplished through Marketing, which is much easier to craft and control than Coding....
      • by elmegil (12001)
        B.S. Sun Microsystems releases patches for Solaris quite often, and we're a market leader for commercial Unix systems.
      • Releasing patches often would give the average users the idea that "this software is crap, they keep finding problems with it, that little Updates thingie keeps popping up and annoying me, why didn't they get it right the first time?"
        People don't think that about games and video drivers, they just keep on patching. Perceptions change. Since people think rebooting more than once a day, let alone once a month is acceptable, why won't they accept patching once a month as being acceptable?
    • <sarcasm>
      WHAT?!?! Microsoft software has BUGS that could COMPROMISE SECURITY? *gasp* oh no!??!
      </sarcasm>

      Like that's new.. They should read NTBugTraq every once in a while then. Heck, even open source software has bugs. Code I write has bugs. Heck, that's a fact of life. And yes, sometimes they can compromise security.

      Their big mistake is not opening the code. Maybe some malicious underground cracker already figured out how to exploit this. You don't know. It's Security Through Obscurity, and will NEVER work.

      Great going Microsoft. Keep on going like that. I'll be waiting for the outcome.

    • Re:er, (Score:3, Funny)

      by HiredMan (5546)
      From the story:
      The protocol, which is part of Message Queuing, contains a coding mistake that would threaten the security of enterprise systems using it if it were disclosed, Allchin said.


      "That's business with .Net."


      =tkk

    • Re:er, (Score:3, Interesting)

      by Anonymous Coward
      IBM did something similar with the input queue on OS/2. They had a design problem that was part of a bad design from the very start. Everyone knew it. Why wasn't it fixed? It was going to require user programs to be fixed as part of the fix. It was a critical architectural failure when they started OS/2 2.0 under duress, they had some hard and critical deadlines to meet and they botched that piece of the equation. What's the alternative? You require a huge number of apps to be, at the very least, recompiled? That's barely practical with something like Linux, have any idea it takes to get full distribution up an running on a different architecture? Long enough that the biggest Linux companies still only support a handful of what GNU/Linux runs on. IBM didn't fix it, in fact some very good software engineers resorted to doing some fairly cheap hacks to try and get around it. When you start putting bandaids on the core, things are getting bad and it's only a matter of time, you've started to calcify the product. It's a bitch, what else do you do?


      How many of you kids remember a.out to elf? Or the switch from libc to glibc? Any of you try to upgrade through that yourself without reinstalling a new distribution? Think of both of those, multiply it by 10000 and throw a couple major security holes in that the entire world may not be privy to. Then you are starting to scratch the surface of how large this problem is. On top of that why not factor in some bullying from the MS sales force, how many larger MS customers have been bullied at one point or other? Probably enough that if they were told they have to replace everything some of them would get really pissed off and seriously think about shopping elsewhere.


      MS fucked up and they fucked up bigtime. They need more time too, they've got .NET in the pipe and they're porting their apps to it but they will need to rebuild the platform. I think the NT platform is starting to get to a good time when it's fair to look at complete rewrite or some kind of major overhaul but they need to time it right so that linux doesn't hurt them too badly and they are also going to need a culture change, you have to build large systems with lot's of abstraction and heirarchy, they want to put too much into kernel land and it's only going to make security problems harder to solve down the road and open up more parts of the OS to different kinds of attacks. 10 to 1 the queue holes involve sending messages as if an aplication has passed a security boundary and that they allow you almost free reign, it's something that almost doesn't apply to other platforms.

  • This is big news... (Score:2, Interesting)

    by 3Suns (250606)
    The DOJ was pressuring MS to release it's APIs etc., in the interest of fair trade. Now MS claims that doing that would put national security at risk.

    What's the solution for the DOJ (who holds the reigns now)?? Simple: force MS to adopt open standards and open code modules in the future. Given that the MS business model is based on leveraging its "secret" elements, this could force them to abandon nearly all of their anticompetitive practices.
  • More Lawsuits Now? (Score:2, Insightful)

    by Asikaa (207070)
    If Ford were to say that they couldn't disclose their new transmission design because if they did it might get people killed, surely they would have to either redesign it, recall it or face a HUGE class-action lawsuit.

    All we need is some documented evidence of a MS exploit resulting in injury or death. :)
  • by smoondog (85133) on Monday May 20, 2002 @05:45PM (#3553974)
    (From a story posted here [slashdot.org])

    Peruvian Congressman David Villanueva Nuñez made exactly this argument:

    To guarantee national security or the security of the State, it is indispensable to be able to rely on systems without elements which allow control from a distance or the undesired transmission of information to third parties. Systems with source code freely accessible to the public are required to allow their inspection by the State itself, by the citizens, and by a large number of independent experts throughout the world. Our proposal brings further security, since the knowledge of the source code will eliminate the growing number of programs with *spy code*.

    In the same way, our proposal strengthens the security of the citizens, both in their role as legitimate owners of information managed by the state, and in their role as consumers. In this second case, by allowing the growth of a widespread availability of free software not containing *spy code* able to put at risk privacy and individual freedoms.


    The flaw here is that for windows code to posess the powers they imply, it would need to be a state secret. Perhaps it should be illegal to distribute mission critical osc across us boundaries? Windows code a state secret? I think not, anyone can reverse compile machine code.

    Micro$oft should realize that governments do not like security threats they are not able to evaluate themselves. The NSA, for example, cannot sit and tinker with windoze's security holes the way they can with OSC (open source code)...

    -Sean
  • "We'll security is our top priority (http://slashdot.org/article.pl?sid=02/01/17/02592 34&mode=thread&tid=109) but until it improves, our source is a threat to national security"
  • by cperciva (102828) on Monday May 20, 2002 @05:48PM (#3553999) Homepage
    I think that "National Security" here means "the NSA asked us to put xyz into our code, and they'd be unhappy if it had to be removed or became public".

    Remember: Cryptanalysis has, and will, always come in fourth place after burglary, blackmail, and bribery.
  • "but it would include APIs that deal with anti-piracy and digital rights managment"

    Terrorism = File Sharing

    someonce call the RIAA and tell them the great news!

  • There's no way, if Windows was open source, that people would be able to find the flaws for themselves and patch the code. After all, only a malicious hacker would want to look at Windows source code ;), and only a fool would try to step through that labyrinth that would make Daudalus green with envy...

    BlackGriffen
  • Wow that's bold (Score:3, Insightful)

    by Kraegar (565221) on Monday May 20, 2002 @05:49PM (#3554013)
    To stand in front of not only a customer, but your Government, and declare that your product is so dangerously flawed that it could cost lives.

    If it happened in any other industry (auto, aviation, train, commerce, weaponry, etc) the Government would drop their product like a dead rat (and more probably force the manufacturer into a recall). Yet Microsoft is willing to use it as a defense?

  • Fear the future... (Score:5, Interesting)

    by Dr. Bent (533421) <ben@@@int...com> on Monday May 20, 2002 @05:49PM (#3554015) Homepage
    Three things need to happen in order for people to start getting serious about software security and reliability:

    1) A software system with 1 or more serious _known_ flaws must be used on a worldwide scale by a government agency or large company.

    2) That software must then fail.

    3) The failure must cause thousands of deaths or hundreds of billions of dollars in loss or damage.

    The result will be like the 9/11 of software...when the world wakes up and realizes that we have become so dependent on software systems for our daily lives that we actually have to start caring whether or not they work correctly. We need to start taking an engineering approach to software and KNOW (not think) that it will operate as advertised.

    I'm actually hoping that this will occur sooner than later. The later it happens, the more catastrophic the result will be and the less time we'll have to rectify the problem before it happens again.
  • Has anyone considered filing a suit due to being "hacked" ( know it's not the correct term, but it gets the message across) due to a hole in MS software.

    Sure, the license makes all warranty void, but what about when they knowingly distributed insecure software.

    This offers a perfect fact for your case.
  • by eyegor (148503)
    Washington
    (NAPI)- John Ashcruft today warned that al-Qaida terrorists have infiltrated several "Learning Tree" facilities over the past few months and have obtained illicit "MCSE" certificates. "With the imtimate knowledge they now have, no one who runs the Windows Operating System is safe" quavered Professor M. Druel of the University of North Dakota at Hoople. "Given the flaws we were warned of, why didn't we listen to that guy back during the trail?" Linux users (and other users of the soon-to-be banned "open-source" software) spent the days chuckling.
  • by gweihir (88907) on Monday May 20, 2002 @05:52PM (#3554060)
    At least that is the only explanation I can think of. Their systems are architecturally unsound and plagued by stupid design decisions, unstable interfaces and unsound implementation. It is quite obvious if you look at all the security, stability and usability (ever reinstalled Windoes?) problems they have. In addition they are still adding features like mad, thereby making the problem more serious all the time.

    My point is that they did not say anything new by admitting the problem. However by admiting it they also admit that they don't really care about security, as they certainly could have done significantly better! This casts a very bad light on other ventures like .NET and the motivations and real goals behind them.

    So why are they admitting it anyway? In my opinion MS is scared to death that open APIs would also mean stable APIs (i.e. APIs that don't change all the time) and would enable others to make Windows compatible execution environments with relative ease. The sources are also important, because the API documentation MS would give (could?) away is not complete and correct enough. So while it takes a huge effort, competitiors would be able to really find out the complete API functionality and implement it in a way so that things that run on Windows would usually run on competing products without retesting or modifications.

    As MS is not really having a good product, just an effective monopoly (by making cloning their API difficult), reasonable documentation of their APIs could kill them. At least that is what I think they believe.
    • I'm curious. As someone who's been programming against the win32 API for a long time now, what precisely in your opinion is not properly documented by any of the SDK's?

      Granted I don't use all aspects of the API, so perhaps parts of it are poor, but the parts I use are highly documented, examples given, and all sorts of other goodies. This is what dragged me, and many hundreds of thousands of other developers into the MS world where we make a good living building solutions to business problems.

      -me
      • I have to admit that I am not an MS programmer, so I only have reports from friends about such problems. That Windows in many of its flavours is unstable and hard to maintain is my personal impression from the few occasions I am using it (mostly gaming).

        Perhaps the best basis for my concerns is the plans of MS to withold interfaces. In the past they have given these interfaces to selected people and not to others, so they where being used by some software. For an application developer that is not a problem unless he needs the specific API. For someone wanting to make a clone of Windows that is a killer.

        The part about the sources being needed is my own dark suspicion. But I again, I did think of somebody else tryong to offer a compatible API, not somebody just using what the documentation he has says is there.

        As an example think of MS-Office using additional API functionality that is not documented in the public documentation. While that does not bother somebody like you, this is catastrophic for somebody creating a MS compatible execution environment.
      • Umm.. I don't think the issue is so much with poor documentation where documentation exists, I think the issue is more with non-existing documentation.

        If you are looking at the whole system from the point of documentation, of course everything looks great? That's like looking at the world though a great big filter.

        Instead you will have to go the other way; check all DLL/EXEs for exports, and then see if those exports are documented. Some exports aren't even done by name, but only by ordinal [gazonk.org], making them even harder to use.

        I'm not a win32 guy either, so I can't give any concrete examples off hand, but I'm pretty sure this is partly where the issues lie.

        You really cannot say the APIs are highly documented unless you have disassembled the code to see what it can really do, can you? Sure, there might be a hundred documented functions, but that is only impressive if there are only a hundred exports, and those exports are limited to the paramaters defined by the documentation.

      • For example, the GDI calls aren't the same for Win95 and WinNT- API-wise, they're the same, but they don't DO the same things when called, merely similar things. Worse, if you try to PRINT the graphic you just did, the result will differ from printer to printer under NT but be surprisingly consistent for 95 for all printers. There's tons of others in that space.

        The API's declaration is consistent, but what one version of Windows DOES with the parameters may differ slightly or radically from another, supposedly identical one.

      • It's been pretty clear for some time that Microsoft has backed away from its prior statements that the entire Win32 API is actually documented in those SDKs and that an ISV actually has a level playing field coding against internal MS programmers. Years ago they used to claim that there was a 'chinese wall' between the OS programmers and the App programmers and that there were no secret APIs, everything was in those $3k Universal Subscription mailings and the little guy had an even shot.

        They don't do that anymore because people have reverse engineered enough of Windows and the MS apps that run on it to demonstrate conclusively that you've been fed a big fat lie. You don't have a level playing field and you never did.

        This is a multi-billion dollar fraud and in large part it's what made Microsoft the uber-monopoly it is today (this was the grounds that the DoJ should have used to go after MS). The fact that you don't know that you've been shafted years after BillG and SteveB have admitted this in interviews leaves me speechless.

  • by dwheeler (321049) on Monday May 20, 2002 @05:53PM (#3554062) Homepage Journal
    Ah yes, the "our APIs and code must be secret or the U.S. will crumble" defense. This is a particularly absurd claim for application programmer interfaces (APIs) - by definition, APIs are disclosed to other developers, so the only reason to "hide" them is to prevent competition. Oddly enough, the products where source code (not just the APIs) is visible have lots of quantitative evidence that they're more secure [dwheeler.com].

    It's already been revealed that some attacker got into Microsoft's network. Also, CD's with Microsoft's source have been released for various reasons over time. I have no trouble believing that some "bad guys" already have the source code. So, how do the rest of us protect ourselves from these bad guys with the source code? And from the bad guys to come who don't have it yet... but will?

    As noted in Secure Programming for Linux and Unix HOWTO [dwheeler.com], section 2.4.2 [dwheeler.com], closing off source code doesn't actually halt attacks anyway. Here's the quote:

    It's been argued that a system without source code is more secure because, since there's less information available for an attacker, it should be harder for an attacker to find the vulnerabilities. This argument has a number of weaknesses, however, because although source code is extremely important when trying to add new capabilities to a program, attackers generally don't need source code to find a vulnerability.

    First, it's important to distinguish between ``destructive'' acts and ``constructive'' acts. In the real world, it is much easier to destroy a car than to build one. In the software world, it is much easier to find and exploit a vulnerability than to add new significant new functionality to that software. Attackers have many advantages against defenders because of this difference. Software developers must try to have no security-relevant mistakes anywhere in their code, while attackers only need to find one. Developers are primarily paid to get their programs to work... attackers don't need to make the program work, they only need to find a single weakness. And as I'll describe in a moment, it takes less information to attack a program than to modify one.

    Generally attackers (against both open and closed programs) start by knowing about the general kinds of security problems programs have. There's no point in hiding this information; it's already out, and in any case, defenders need that kind of information to defend themselves. Attackers then use techniques to try to find those problems; I'll group the techniques into ``dynamic'' techniques (where you run the program) and ``static'' techniques (where you examine the program's code - be it source code or machine code).

    In ``dynamic'' approaches, an attacker runs the program, sending it data (often problematic data), and sees if the programs' response indicates a common vulnerability. Open and closed programs have no difference here, since the attacker isn't looking at code. Attackers may also look at the code, the ``static'' approach. For open source software, they'll probably look at the source code and search it for patterns. For closed source software, they might search the machine code (usually presented in assembly language format to simplify the task) for essentially the same patterns. They might also use tools called ``decompilers'' that turn the machine code back into source code and then search the source code for the vulnerable patterns (the same way they would search for vulnerabilities in open source software). See Flake [2001] for one discussion of how closed code can still be examined for security vulnerabilities (e.g., using disassemblers). This point is important: even if an attacker wanted to use source code to find a vulnerability, a closed source program has no advantage, because the attacker can use a disassembler to re-create the source code of the product.

    Non-developers might ask ``if decompilers can create source code from machine code, then why do developers say they need source code instead of just machine code?'' The problem is that although developers don't need source code to find security problems, developers do need source code to make substantial improvements to the program. Although decompilers can turn machine code back into a ``source code'' of sorts, the resulting source code is extremely hard to modify. Typically most understandable names are lost, so instead of variables like ``grand_total'' you get ``x123123'', instead of methods like ``display_warning'' you get ``f123124'', and the code itself may have spatterings of assembly in it. Also, _ALL_ comments and design information are lost. This isn't a serious problem for finding security problems, because generally you're searching for patterns indicating vulnerabilities, not for internal variable or method names. Thus, decompilers can be useful for finding ways to attack programs, but aren't helpful for updating programs.

    Thus, developers will say ``source code is vital'' (when they intend to add functionality), but the fact that the source code for closed source programs is hidden doesn't protect the program very much.

    • This is a particularly absurd claim for application programmer interfaces (APIs) - by definition, APIs are disclosed to other developers, so the only reason to "hide" them is to prevent competition.

      Well, they may have a point though. Thier "hidden" APIs can be a big security risk, such as:

      BecomeRootUserWithoutNeedingPassword()
      Secretly TakeOverMachineinInvisibleMode()
      DecryptAllFilesA ndSendPlaintextViaWirelessCard()

      and, of course the one Outlook and Word uses:

      MakeProgramsRun90PercentFasterButTurnOffAllSecur it yAndGenerateVirusesWithGeneticAlgorithm()

  • by binaryDigit (557647) on Monday May 20, 2002 @05:56PM (#3554090)
    Though I know the knee-jerk reaction is to scoff, M$'s statement does bring up an interesting issue. Given how porous M$ security is, just how much worse would/could it be if the source code were available? To be honest, and flame away if you must, I think that M$ does have an interesting practical point (not that I agree with how their applying it, but that doesn't make their point any less valid).

    So the obvious question arises, is Linux/BSD (and any other software that has source available) more exposed to "serious" attacks. By "serious" I mean being launched by somebody who knew enough to be able to look at the source and find security flaws, vs a script kiddie who takes a virus toolkit and modifies the virus name and subject line. Theoretcially, it should be more vunerable than a picece of closed source software that was written with a similar level of "quality".

    Again, I AM NOT DEFENDING OR SUPPORTING M$'S POSITION, only bringing up what I think is an interesting question.
  • by guttentag (313541) on Monday May 20, 2002 @05:57PM (#3554099) Journal
    ...sharing information with competitors could damage national security and even threaten the U.S. war effort in Afghanistan...
    They forgot to mention it would:
    1. reverse gravity
    2. send the tightly-controlled, stable market into a state of chaos
    3. put thousands of people out of work (how could MS pay its employees if they gave their products away?)
    4. bring back Elvis (in the form of MP3s distributed by the masses who were previously restricted by MS DRM)
    5. cause the judge's personal computer to automatically download pornography every day
    Didn't we see this in Ghostbusters?
    "He wants to shut down the protection grid, Peter."

    "You shut that thing down and we are not going to be held responsible."
  • by ClarkEvans (102211) on Monday May 20, 2002 @06:01PM (#3554129) Homepage
    They may just confirm Judge Jackson's assertion that any sort of compromise short of a breakup will be insufficient. Here's hoping that Kollar-Kotelly's nose is as good as Jackson's.
  • by RyanFenton (230700) on Monday May 20, 2002 @06:02PM (#3554136)

    Austria already has it. [microsoft.com]

    Any U.S. University can apply for it now if they don't already have it. [microsoft.com]

    Many of Microsoft's larger customers have it [com.com]

    I don't see why it would be difficult for any terrorist organization to get it. How can they legitimately argue that it may possible be keep it secret at this point? If it's a national security risk to make the code available, the damage can no longer be avoided.

    Ryan Fenton
  • by danmil (11416) <danmil AT aya DOT yale DOT edu> on Monday May 20, 2002 @06:02PM (#3554137) Journal
    In case you thought that Microsoft was serious about trying to make their products more secure, check this baby out:

    'When pressed for further details, Allchin said he did not want to offer specifics because Microsoft is trying to work on its reputation regarding security. "The fact that I even mentioned the Message Queuing thing bothers me," he said.'

    I love that! 'It pains me to admit that our software is dangerously broken, because we're trying really, really hard to convince people that the reputation we have for foisting dangerously broken software on them is totally unfounded.'

    I guess if there were trying to work on their actual security, rather than just the reputation, they might act a bit differently (like, by publishing their API's and then working with the security community to get them safe).

    -Dan

  • They have exported the Windows source code to countries such as Germany, Czechia, Slovakia, Isreal, Hungary, Japan, and even Singapore. Check the list [microsoft.com] yourself.

    Maybe it's time for another trial.
  • Micro$oft has always made excuses of one sort or another, about a great many things. But, so far, few have been this ludicrous.

    The first, was "it can only hurt the US economy if the debut of Windows 98 (was 98, wasn't it?) is delayed..."

    And now, "releasing source code/API's would threaten nationally security".

    Does anyone want to start taking bets what the next grand bullshit excuse will be? My wager is on "God commands thee to cleanse thy hard drive of this vile Linux". I just can't think of anything else that is on the level of the first two.
  • by MongooseCN (139203) on Monday May 20, 2002 @06:07PM (#3554186) Homepage
    After supporting MS's statements that all source should be closed and hidden in order to maintain national security, the US government has agreed to hide all tall buildings. All tall buildings will now be covered with large black clothes. In order to maintain national security, anyone caught talking about these buildings will be arresting. Since terrorists will be unable to clearly see and hear about these buildings, they will no longer be able to attack them. Thank you and good night.
  • by Flower (31351) on Monday May 20, 2002 @06:09PM (#3554209) Homepage
    They need to make a movie with Samuel L. Jackson as a Microsoft programmer just so I can hear the line.
    Send me that service pack. It's the one named, 'Dumbass Motherfucker.'

    They can name it something like 'Patch Lola Patch.'
    • by blakestah (91866) <blakestah@gmail.com> on Monday May 20, 2002 @10:15PM (#3555614) Homepage
      \

      Jules: Send me that service pack. It's the one named, 'Dumbass Motherfucker.'

      Vincent: You know what the funniest thing about Microsoft is?

      Jules: What ?

      Vincent: Its the little differences. Its got a lotta the same shit as other operating systems, but with those guys it is a little different.

      Jules: How so ?

      Vincent: For example. Another company has a bug. They fix it in like two days, and then they annouce the bug and the fix.

      Jules: Ok. And at Microsoft ?

      Vincent: At Microsoft, when someone points out a security hole, the first thing they do is threaten a lawsuit against the guy who found the hole if he says anything.

      Jules: You mean they threaten the guy who is helping them ?

      Vincent: Yup - exactly what I mean. As long as there is not a big media splash, they never gotta fix nuthin.

      Jules: So what happens if the guy opens his mouth.

      Vincent: Generally he don't. But, some 15 year old kid in Asia finds the same bug, and then releases a worm, and it chews apart all the Microsoft systems worldwide in like two days.

      Jules: No shit !

      Vincent: Yeah, and then Microsoft tells everyone about the bug, and provides a patch, but no one fixes it.

      Jules: No one !?

      Vincent: Well, smart people do, but most people just miss the message. They gotta go to Microsoft, get the patch, and half the time the fix will break something else on their system.

      Jules: So if this shit is so bad, why are so many people using it ?

      Vincent: It used to be everything on personal computers were that bad. Then, Microsoft controlled the market. Everyone else started making good shit, but it didn't matter. Microsoft made people buy their new shit so they could continue to read their own old shit. Can you believe it ?

      Jules: Man, that is some weird-ass shit. Like some idiot can't take a step back and see himself being played like that.

      Vincent: Yeah, it's kinda sad. But it makes a great market for guys to run around spending all their time patching holes after they are exploited. If Microsoft made good shit, we wouldn't have jobs.

      Jules: Good point.

  • by whovian (107062) on Monday May 20, 2002 @06:15PM (#3554242)
    Microsoft's view:
    If the software has security flaws, then the code and APIs cannot be made public.

    Open source view:
    If the code and APIs are made public, then the software does not have security flaws.

    So, Microsoft, we are finally in agreement, yes?
  • by WEFUNK (471506) on Monday May 20, 2002 @06:18PM (#3554269) Homepage
    "Microsoft has invested substantial time and resources in providing great interoperability between .Net and older technologies," Allchin said. "Sun's strategy of promoting '100 percent pure' Java applications discourages interoperability."

    So, according to Microsoft, it is better to have one company provide (ie control) the degree of interoperability between systems than to have another company promote a single standard for the whole industry to use and share.

    I can't imagine that line of thinking going over very well with military officials used to building redundancy into everything.

    You might also paraphase the above statements as follows:

    "Microsoft has choosen to ignore freely available and already established standards and instead has wasted substantial time and resources needlessly reinventing the wheel by developing our own internal standards (that we won't share and that we admit are not really very good) so that we can control the degree of interoperability between our proprietary new product, and our former (and soon to be former) competitor's technologies"

    "Sun's strategy of creating and sharing a standard that encourages 100% interoperability between all systems discourages interoperability (but only in respect to our systems, because ours are made to be incompatible with the accepted standard that everyone else uses)."

    Oh boy, can I please buy your systems for my Army?
  • by janda (572221) <janda@kali-tai.net> on Monday May 20, 2002 @06:20PM (#3554278) Homepage
    Get a paper copy of this testimony. Make lots of photocopies. Highlight the "interesting" parts (such bad security that releasing it would be a national security risk, etc). Send to everybody in your local government you can find, demanding that they stop using MS products until their security problems are fixed. As alternatives, there is at least OSX, all the Linux distributions, and probably other things (the resurrection of BeOS?).

    Given that MS is admitting in court that they are selling defective products, demand that your local government sue MS for fraud. Politicians don't keep up to date on every legal battle going on everywhere, but if you send them the relevant portions they at least can't claim they didn't know.

    While you're at it, forward this onto the local newspaper and tv stations. "poor security" is a big boogyman these days.

    Another thing; Send this onto the people at your company who make buying decisions, if MS is going to admit their products have the security of swiss cheese, does your company really want to expose itself to that kind of danger?
  • Security (Score:4, Funny)

    by surfcow (169572) on Monday May 20, 2002 @06:20PM (#3554282) Homepage
    Your Honor, we at Microsoft believe that if we ever revealed the source code for MS Windows, more children would immediately start taking drugs. Husbands would start to beat their wives. Small animals would become uncontrollable, staining many expensive carpets. Certain food-groups would become more perishable. 2nd law of thermodynamics would be repealled. Finally, a giant hole would open up in space time, causing the end of the universe.

    Your honor, it is a matter or national security, no international security, no galactic security, that we be allowed to continue our profitable monopoly.

    Think she'll buy it?

    =brian
  • by sterno (16320) on Monday May 20, 2002 @06:23PM (#3554304) Homepage
    The question that has to be asked here is this: do we really want to have our country so heavily dependent on an OS that is so apparently at risk of vunerabilities? Let's analyze the threat for a moment.

    Let's say that this message queueing vulnerability that was spoken of in the article is a pretty substantial hole that could be a true threat to national security. What makes anybody think that because Microsoft refuses to talk about it hasn't already slipped out to all the wrong people. If some high level executive at Microsoft knows about it, you can guarantee that probably hundreds if not thousands of people within the orgnization know about the problem already. The more people that know about it, the better the odds that somebody nefarious will get a hold of that information.

    If I were the intelligence service of some devious foreign power you can bet I'd have a few operatives working in Microsoft. I mean if you want to fight a war with the US, what would be better than an opening shot that can harm >90% of the computers in the country. So you have a few operatives finding what holes they can and slowly relay them back. Then you just sit and wait for the day when you need a real threat in your arsenal.

    Imagine how nice it would be if you are some nefarious foreign power in tense negotiations with the US and you can walk in, and them a floppy disk and tell them to give in or else. I mean even if they find out what the vulnerability is, can they deploy a response to it fast enough that it matters? Nothing like the threat of having the electronic economy slagged to make you amicable to a bad deal.

    I think that if Microsoft's the threat they seem to imply, the judge should order them to turn over the source code to the FBI to begin dissecting these problems. Do we really want to trust a private corporation with our national security? I don't think so...
    • by uofa1993engrmath (564313) on Monday May 20, 2002 @07:16PM (#3554711)
      One is sort of chunky and ugly, and she won't let you see her naked, and you pretty much know already that you wouldn't really enjoy it if she did. The other has a slim, beautiful body, and when she takes off her clothes and parades it around, all the men ooh and ahh over it. That's the analogy I like to use. Maybe it isn't 100% correct, but that's the impression I get when you've got MS saying "No, no, you don't want to see our source code!" and meanwhile, you've got these open source softwares that are taking it all off, and saying "hey, baby, look at THESE!" Microsoft is NOT sexy. Linux, apache, and all of those wonderful open source projects ARE. But this is just how I see it. I mean, if I was to go on a date with a woman, and she proudly told me that she has an MCSA certification, I'd probably politely nod, but secretly be planning on my escape (maybe run away after telling her I had to use the restroom). On the other hand, if she told me that she had her own php [php.net] based website, and that her text editor of choice was vim [vim.org], then I'd be all weak-kneed and googly-eyed, and I'd want her to have my children. But again, that's just me. I don't know how it is for other people. I mean, I may not really UNDERSTAND beautiful women, but I sure like to look at them. So, I don't think there's any action required, as in "let's get rid of Microsoft." I think that it's really just a matter of educating the masses that there's an alternative, and it looks good naked. Or as you might say, it's a lot safer because the code can be (and is) made public without compromising national security.
  • Seems to me (Score:4, Insightful)

    by angst_ridden_hipster (23104) on Monday May 20, 2002 @06:33PM (#3554382) Homepage Journal
    Seems to me that either Allchin suffered some stroke or brain damage while in court, or this is all a big red herring.

    You just don't get to Allchin's level and "accidentally" let slip something like a fundamental vulnerability in a protocol. M$ officials may make mistakes, but not like this. Not in a public forum. Not in front of a judge. Not where every news medium in the world will be covering the story.

    My feeling is that this is all a distraction from something else. Every black hat on the planet is now probably checking out the Messaging protocol. My guess is that there's no smoking gun there. But maybe another protocol has problems.

    Furthermore, it just doesn't make sense. An API exposes only what you want it to. It doesn't show you the vulnerabilities that exist "under the covers" unless they're titanically, apocalyptically stupid.

    I'd like to know what it was that he's distracting us from ...

    • Re:Seems to me (Score:3, Insightful)

      by atheos (192468)
      Or, ever more scarry...
      Maybe he made this statement knowing every black hat is going to check the Messaging protocol.
      Two days later, a major exploit is released, and Allchin says to the judge "see what I mean, THIS is exactly why we must keep it all closed"
      It could be a bullshit ploy.
  • by pergamon (4359) on Monday May 20, 2002 @06:52PM (#3554538) Homepage
    Unsafe in any configuration
  • Staggering (Score:4, Interesting)

    by johnos (109351) on Monday May 20, 2002 @07:11PM (#3554665)
    Let me get this straight. The product that Microsoft's monopoly rests upon, the monopoly that they illegally maintained and expanded, is so flawed that it threatens US national security. Did someone from Microsoft REALLY say this? If so, it is clear they have gone mad in Redmond. What do they expect the millions of companies and government agencies to do? Wait until Longhorn, or whatever is ready? And hope all the holes are fixed by then?

    "Uhh, sorry Mr. President, the NSA can no longer monitor international communications. Our systems are just too vunerable to hacking to be used. Jim Allchin assured us that a comprehensive fix would be available within 18 months."

    "In other news, the US Navy has ordered all AGEIS cruisers into port indefinatley. The AGEIS computer systems were deemed too risky for combat use. The Pentagon would not comment on reports the entire US fleet would require software overhauls before any offensive combat operations could be contemplated."

    "World stock markets are today in freefall as most major international corporations raced to secure information systems based on Microsoft's Windows operating system. Some experts estimate that the expense of fixing or replacing mission critical software to provide an adequate level of security would dampen the World economy for a decade."

    This goes so far beyond a computer industry issue. Its a staggering admission of guilt. What CIO would be caught dead installing an MS system unless they have absolutly no alternative?

    There is also the legal issue. If someone has sustained an economic loss due to "flawed code", that they are using because MS illegally supressed competitive alternatives, then they have a really good case for compensation. And the hardest part, proving that MS illegally manipulated the market, is already done. And they have some tens of billions just sitting around, waiting for the right lawyer to just take away.
  • by Ride-My-Rocket (96935) on Monday May 20, 2002 @07:15PM (#3554700) Homepage
    He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed.

    Somehow, I think that if the US government forbade the use of any Microsoft applications within federal facilities, pending a code review by a neutral 3rd party to identify and fix potential security holes, you'd see Microsoft scramble to get their shyte in gear pretty damn quickly.

    As somebody already stated in this thread, Peru has the right idea: open source allows people to public review code for potential security flaws, which is how most bugs are caught anyway -- a fresh pair of eyes takes a peek. Ultimately, there's no way that Microsoft can compete with this code development paradigm -- since there's so much Open Source code "out there", it might spread people's attention out a bit too thinly in places, but over time one would hope that Linux apps will only more secure / stable.
  • by Omerna (241397) <clbrewer@gmail.com> on Monday May 20, 2002 @07:32PM (#3554818) Homepage
    "In response to the mass laughter we've been hearing upon admitting this, we'd just like to point out that if you were to release the source to say, Linux, it would have serious security problems too."

    Oh wait...
  • by CaptainCarrot (84625) on Monday May 20, 2002 @07:34PM (#3554832)
    National security, huh? Does Gates understand that anything that must remain undisclosed for national security reasons is classified? Does he really want to have to deal with everything that entails: Security clearances and background investigations for every one of his employees, periodic audits, regulations that control how every single piece of paper and magnetic media is handled, filed, and disposed of?

    I work for a defense contractor and have had to put up with this for years. I suppose MS can go this route if they really want to. They're already bloated enough; add government security procedures to the mix and they'll become every bit as agile and responsive as any other constituent of the Military-Industrial Complex.

    Boy, that'd be a hoot.

  • by Get Behind the Mule (61986) on Monday May 20, 2002 @08:26PM (#3555122)
    ... and I need a couple of clones of Britney Spears to keep around the house. If I don't get them, the war effort in Afghanistan may be endangered.
  • by gsfprez (27403) on Tuesday May 21, 2002 @12:17AM (#3556084)
    the NSA has come out with a no kidding, no XP rule.

    They will not allow anyone, classified or unclassified in the DOD to run XP.

    They do not plan to either.

    Believe me, its already making it "fun" to try to buy new PCs... i can't wait until 2004, when MS drops 2000 as a client OS, and then the bind we'll be in then, huh?

    A weapon system that locks up because it doesn't have the right authentication key. How cool would that be!

    fsck Microsoft. and Fsck the Air Force (where i work) - they are the stupid PHBs that didn't even concider anything else, didn 't look to anything else, and were too sheepish to try to find another solution that woudn't get us stuck in this way.

    what boneheads. I'm working on a project that is in jeopardy because the system will only run on Windows NT 4.0, and we're having a hell of a time finding sources for NT 4.0 that are legal.

    Pretty soon, we're going to just go illegal because we'll have no recourse.

    we're so stupid...
  • by Martin Spamer (244245) on Tuesday May 21, 2002 @09:05AM (#3557574) Homepage Journal
    Perhaps this Guy should have read this months (May 15, 2002) CRYPTO-GRAM by Bruce Schneier. The headline article is 'Secrecy, Security' and Obscurity' and covers the work of Auguste Kerckhoff, who in 1883, Yes 1883! demonstrated what has become know as Kerckhoffs' Principle, security by Obscurity is no security at all.

    To quote Schneier: "Any system that tries to keep its algorithms secret for security reasons is quickly dismissed by the [cryptographic] community, and referred to as "snake oil" or even worse."

    http://www.counterpane.com/crypto-gram.html

We all like praise, but a hike in our pay is the best kind of ways.

Working...