Closed Source -- Who Dares Call It Treason?

Armed and Dangerous weblong ^ | 5/22/02 | Eric S. Raymond

[NativeNewYorker]

The cat is out of the bag. During testimony before a federal judge, Microsoft executive Jim Allchin has admitted that some code critical to the security of Microsoft products is so flawed it could not be safely disclosed to other developers or the public.

Allchin was arguing against efforts by nine states and the District of Columbia to impose antitrust remedies that would require Microsoft to disclose its code. He constructed dire scenarios of U.S. national security and the war against terrorism being compromised if such disclosure were required.

Now turn this around. Allchin has testified under oath in a Federal court that software Microsoft knows to be fatally flawed is deployed where it may cost American lives. We'd better hope that Allchin is lying, invoking a "national security" threat he doesn't actually believe in to stave off a disclosure requirement. That would merely be perjury, a familiar crime for Microsoft.

If Allchin is not committing perjury, matters are far worse -- because it means Microsoft has knowingly chosen to compromise national security rather than alert users in the military to the danger its own incompetence has created. Implied is that Microsoft has chosen not to deploy a repaired version of the software before the tragedy Allchin is predicting actually strikes. These acts would be willful endangerment of our country's front-line soldiers in wartime. That is called treason, and carries the death penalty.

Perjury, or treason? Which is it, Mr. Allchin?

There is another message here: that security bugs, like cockroaches, flourish in darkness. Experience shows that developers knowing their code would be open to third-party scrutiny program more carefully, reducing the odds of security bugs. And had Microsoft's source code been exposed from the beginning, any vulnerabilities could have been spotted and corrected before the software that they compromised became so widely deployed that Allchin says they may now actually threaten American lives.

Thus Mr. Allchin's testimony is not merely a self-indictment of Microsoft but of all non-open-source development for security-critical software. As with many other issues, the legacy of 9/11 is to raise the stakes and sharpen the questions. Dare we tolerate less than the most effective software development practices when thousands more lives might be at stake?

Closed source. Who dares call it treason?

[NativeNewYorker]

ESR writes great stuff. Highly recommended for all FReepers' daily reading bookmark list.

[Lorenb420]

Microsoft executive Jim Allchin has admitted that some code critical to the security of Microsoft products is so flawed it could not be safely disclosed to other developers or the public.

When I first heard of this, I thought of this story from Sep 3, 1999.

Andrew Fernandes of Cryptonym in Mississauga, Ontario, has investigated Microsoft's "CryptoAPI" architecture for security flaws, and found that in WindowsNT4's Service Pack 5, the company neglected to remove annotations identifying the security components, according to a Cryptonym statement. Apparently there are two keys used by Windows, one of which belongs to Microsoft and allows the secure loading of encryption services, but the second was annotated in the code with the letters NSA. Fernandes' investigation was building on the work of encryption experts Nicko van Someren and Adi Shamir, according to the company statement.

The holder of the second key, if it is indeed the NSA (the acronym by which the National Security Agency is often referred), could easily load unauthorized security services on any copy of Microsoft Windows, according to Cryptonym.

Although in fairness, maybe MS' code just sucks and there is no nafarious plot :)

[JRandomFreeper]

I hate the cr@p that MS produces, but this is over the top. If there is a real risk, it is the responsibility of the purchasing agent to evaluate. Caveat emptor.

/john

[GingisK]

Microsoft executive Jim Allchin has admitted that some code critical to the security of Microsoft products is so flawed it could not be safely disclosed to other developers or the public.

If you'd ever seen MS code, such as that in Windows CE, you'd understand why they want to keep it all secret from not only the public but developers as well. One word: pedestrian.

[steve-b]

If there is a real risk, it is the responsibility of the purchasing agent to evaluate.

It is well-established law that the seller is responsible if he knows of a significant risk, conceals it from the buyer, and the buyer could not reasonably know the risk on his own. All three conditions would be met here (unless, of course, Allchin is perjuring himself).

[JRandomFreeper]

conceals it from the buyer

M$'s flaws are glaring. No one needs to see the source code to know that. I won't employ M$ products in any mission critical positions within my business, so why should the government?

/john

[NativeNewYorker]

A buggy, virus prone, closed source software monoculture is a big, fat target.

[NativeNewYorker]

You mean Red Flag Linux!

[Still Using Air]

  to ALL: I personally use WinXP Pro and Win2K Pro in a multiboot environment. I have no issues with either. I am also not in a 'mission critical' situation, I simply make websites and graphics...and for that, XP is awesome. I run my own 3rd party firewall and don't click on stupid stuff. Common sense stuff.

  My guess is, you are all running Linux or Unix to be able to rag MS as easily as you do? I've run 3 different flavors of Linux on my boxes in the last 3 years, and aside from all the manual configurations of hardware and protocols, etc, there are STILL no programs for Linux that I can use in my business.
One final thing... my WinXP and 2K are so stable, I have a hard time believing I'm using Windows, as I don't seem to have to reboot 10 times a day anymore (from using 9X), and when a program decides it's going to crash, it doesn't take the whole O/S with it anymore. There ARE no perfect Operating Systems, there NEVER will be. Period. So we just choose the system that works best for us. Maybe the gov. should consider NOT using MS if it's so bad, eh?

[NativeNewYorker]

I use W2K because my industry (finance) is standardized on the MS platform. I've toyed with SuSE/K desktop and loved it, but my sunk learning curve expense in MS is too great for me to migrate to an OS unsupported by my industry.

That said, if I were running a large commercial/govt enterprise where security and stability were central issues (as opposed to interoperability with 99% of my vendors) I'd choose Linux without a second thought.

Why the govt would use an insecure, unstable OS is beyond me.

[Myrddin]

The military doesn't have to use Microsoft software. If you examine the software license (who really reads that in detail?), Microsoft covers the fitness issue to shield themselves from liability. Use of the software is at the end user's risk. Allchin is correct to point out that there is a security consequence to exposing the source code. It makes it much easier to find new ways to hack the software. The worms that exploit buffer overruns could never have been created without intimate knowledge of the software source code and the target CPU implementation. Cyber attack is a new front in military engagement. It is stupid to provide resources to our enemies. BTW, it cuts both ways. The bad boys are running pirated MS software too.

[NativeNewYorker]

Welcome to FR. I commend 2 books to your attention:

Against the Dead Hand, by Brink Lindsey and Basic Economics, by Thomas Sowell.

You may find answers there.

[Myrddin]

The Univac 1100 series that I used at PacBell was operated in a military environment with a completely different set of microcode. Our staff cut their teeth on the AN/UYK-7. The support procedures were similar, but the machines were not object code compatible.