The Threat Of Microsoft’s .Net

King Publishing ^ | unknown | Whitfield Diffie and Susan Landau

[kevkrom]

Key quotes:

• "Microsoft .NET (pronounced “dot net”') is a far-reaching project to channel the personal information of all customers who browse, shop, and congregate on the Internet into Microsoft or Microsoft-controlled companies."

• "The control over computer software that Microsoft has achieved through its dominance of operating systems has limited competition and innovation throughout the computer field. Through .NET, it is attempting to exert the same control over all Internet commerce. Just as kings got to grant or deny royal charters to businesses, the Redmond giant, if successful, may be able to say who can do business on the Net and who can't."

• "Windows is the most widely used yet one of the least secure operating systems around. Microsoft programs have shown themselves vulnerable to worms, viruses, and break-ins, on Microsoft's own computers and on everybody else's... Why should Passport be any different? Early security analyses show that compromises made for the sake of universal availability make Passport less secure than it might have been, less secure than it should be, and perhaps just plain insecure. The My Services databases will be a particularly ripe target for hackers."

See also: related discussion at Slashdot

[kevkrom]

Of course, Diffie and Landau work for Sun, so they are not exactly neutral on the subject. Nevertheless, the points they raise are very important. With the desktop operating systems market pretty much saturated, Microsoft is attempting to expand its monopoly into services, content, and ecommerce -- that harms customer choice by providing only a single vendor, and the security implications of the ecommerce system are staggering.

[JmyBryan]

Points are very impt, but some form of integration is inevitable. Hopefully we'll have many choices along the way - hard to believe that MS will get this "right" the first time. But I think Gates is right pursuing XML.

[rit]

Here is an entertaining story on web services.

[kevkrom]

Very entertaining... and a bit scary to know that so much of the Internet can be construed to fall under this one patent...

[earlyapex]

Of course, Diffie and Landau work for Sun, so they are not exactly neutral on the subject.

Outside of his current affiliation with Sun, Whit Diffie is responsible for some of the fundamental underpinnings of modern data security and encryption. His accomplishments and eminence in the field lend a credibility to his opinion that transcends his current employer and that employer's relationship, or lack thereof, with Microsoft.

[kevkrom]

True. Just throwing up a disclaimer so that the astroturfers don't start up with "shilling for Sun" comments.

[Mr. Jeeves]

Windows is only the first platform .NET has been relased for. Since the .NET CLR and the C# language have both been submitted to ECMA, it is not at all unreasonable to think we will see Unix and Linux versions of .NET soon. And XML Web Services are already 100% platform neutral.

The "Windows is full of holes" assertion will really have nothing to do with .NET one way or the other in the long run. Microsoft now has even more incentive to tighten up Windows - a project that will be a lot easier for them when everyone starts running .NET code and gets rid of ancient software (and buggy old hardware drivers - the real cause of most Windows problems).

[First_Salute]

I can see it now:

Internet Commerce Commission

[kevkrom]

It's not the deployment platform as much as it's the servers that are at issue. Those databases are going to wind up on unsecure machines, and that's where the privacy dangers lie.

[First_Salute]

Noted; and thank you.

[Terriergal]

Three words - migrate to linux.

[kevkrom]

Three words - migrate to linux

Three better words: Don't use Passport. But migrating to Linux is still a good idea. :)

[vrwc1]

I find it interesting that these boys from Sun are whining about Microsoft's plans, when Sun is part of a consortium that is planning to do basically the same thing that he complains about in the article.

Could it be that they're just jealous Microsoft is rolling out their implementation first? Naaaawwwww!

[rit]

Do you think the idea of passport is bad, or, the just their implementation. For example, suppose that passport functionality was built on BSD, or Linux. Would that be acceptable because it passes peer review?

[kevkrom]

Do you think the idea of passport is bad, or, the just their implementation. For example, suppose that passport functionality was built on BSD, or Linux. Would that be acceptable because it passes peer review?

It would be safer, but still a bad idea. Nobody should be able to collect such a large amount of personal information -- no matter what the "convenience" of that is. A better solution would be smart-card technology where individuals can store and manage their own personal information and choose how and when to divulge parts of it.

[Southack]

It is a shame that authors connected to Sun, of all corporations, would be so blind as to where the IT world is heading.

For instance, the Operating System is declining in importance. What matters today is whether you can read someone else's e-mail and view someone else's web page. In other words, the browser matters more than the OS. Consider Free Republic. It doesn't matter what Operating System you are running to see FR, but it DOES matter that you are using a modern browser.

Moreover, companies have a vested interest in running their old software. This means that new Operating Systems must be compatible with their old (and existing) systems. No company wants to scrap years of its internal software development merely to have a new OS (that does what, precisely, to advance the bottom line of a company).

For another example, consider two products for sale. They sit side by side on web pages at Amazon.com and on the shelf at CompUSA. They both sell for $99. One product speeds up your internet access by a factor of 1.5. The other gives you new Operating System gadgets. Which will you buy? Which will corporations buy?

The answer will be speed far more often than gadgets. Microsoft has gone to their well (of the OS) far more times than they should have. They are eventually going to run up against the law of diminishing returns as people figure out that a new OS doesn't do anything besides cause old software to malfunction (as well as force users to relearn the steps that are required to perform their same tasks).

People and corporations aren't buying and replacing new PC's every 18 months anymore, either. Everyone already has enough computing power, and everyone realizes that the bottleneck is in the bandwidth connection to the net. Well, at least everyone except Sun and Microsoft (and Apple, if they still count).

[jude24]

Never gonna happen. One thing MS Windows does well is support an astonishing range of hardware, much of it natively out of the box. When I toyed with Linux, I couldnt get my DVD drive, my CD-burner, my printer, or my WinModem (I know, I know!) to work-- and I have mostly name-brand parts. Until Linux can do that, Win2k and perhaps eventually XP Pro will suffice. (Heck, I pay for XP whether I want to or not with my mandantory student fees. May as well use it!)

[rit]

The only inconsistent arguement I have seen is that Microsoft should not hold such info. I make purchases online and my credit history is held at the credit card company. I can order copies from various reporting agencies. The point is... why is Microsoft having that info so much different then the credit card company having that info?

[kevkrom]

I think Sun does get it... their motto is "the network is the computer", after all. I have nothing against application services being provided via internet, rather than through an operating system -- that isn't the issue here. The issues are the collection of personal information and the increased tendencies to make more and more of the 'net proprietary and under monolithic content control.

I don't trust Sun with my information much more than I would trust Microsoft. They may secure it better, but they shouldn't have it in the first place.