A trade group has urged the US Department of Homeland Security to reconsider its recent decision to use Microsoft as its preferred supplier of desktop and server software, citing recent security problems. Quote from the Computer & Communications Industry Association (CCIA) report: “Because of these recent developments, historical experience, and the inherent risks associated with lack of diversity, we ask that you reconsider your heavy reliance on a single, flawed software platform to protect our national security.”
scarey to think how much of your personal data might be stored in insecure goverment systems sometimes..
About time someone spoke up to them about this. Yeah, I like a patched up Windows 2000 Pro as a desktop (w/ AV of course) but come on, DHS should be using SELinux or a BSD, or both.
oh man that is just the braindead thing the us government does with precious resources. Waste it on a totally insecure and unstable operating system like windows. I dont get it unix has been around for 40 plus years and is tremendously superior to any other os as far as security and networking technologies but our government is totally relying on windows which has been around for bearly ten years. I am at a loss for words but i feel now more fear for our security than ever.
governments are no different from large organisations. the dudes who decide what OSs their department is running care more about their golf swing than security. it’s only when things go wrong that they’ll become concerned and even then they’ll probably just fire some people and call the attackers “terrorists”
If they realy cared about security they would spend more of our tax money on it. I heard on TV they had inteligence about something maybe happeming on 911, did they do anything, nope. What about the person who kept telling them about the power system needing upgraded then serprise serprise the blackout of 2003.
Care for giving a link to the report ?
Please don’t wake them up. Let their golf-playing bosses awake brutally when their systems will collapse.
You know it would be nice if you provided a linky !
people need to remember that the u s government has become
and is becoming ever more about money. if u are a big corporation and u place loads of money in the pockets of the
politicians they have in effect purchaesed the government.
this is a fact.
as long as it is legal for senators congressmen and presidents
to accept money other than their salaries for doing their jobs,
we will be saddled with this kind of problem, not just now but
in the future.
What this “trade group” won’t tell you is that they represent Microsoft competitors. Some balance.
Here ya go. Right from the horse’s rear end:
http://www.ccianet.org/ccia_in_brief.php3
“Our member companies range from Sun Microsystems, Fujitsu, Nokia, Nortel Networks, Tantivy, Time Domain, and Vion to AT&T, Verizon, NTT USA, Oracle, Intuit, Yahoo!, Sabre, and AOL.”
This is nothing more than a press release. Bought and paid for by other corporate competitors of Microsoft. And some of you think that your national security would be better in their hands?!? What a joke.
at work the NTs are always giving problems. last week the system crashed and we lost 2 very important files. we were not able to recover them and this negative incident at least happens twice a year. it took me almost two weeks to get all the data from a different source.
we are also running solaris and this one works fine. we have no complains about it. it does the job right.
plus we have several Macs and they work perfect. they haven’t crashed or anything like that. i work with them everyday and i wish we could have just all Macs at work.
…and forget about security. all the IT technicians don’t use Windows at home. they use Mac or Linux(Suse or Gentoo).
they always tell me to get Linux, Mac or Unix.
they better do something about this problem because is affecting everybody and we can’t rely on Windows any longer.
my suggestion: linux, Mac or Solaris….or something new.
-2501
can something as stupid as this come to be. If this is true (who knows, they may have been lying, we could have been decieved) then the fortress that is US National Security is full of gaping holes (often known as Windows), and you can bet that their enemies can look right through them or walk right in.
“Our member companies range from Sun Microsystems, Fujitsu, Nokia, Nortel Networks, Tantivy, Time Domain, and Vion to AT&T, Verizon, NTT USA, Oracle, Intuit, Yahoo!, Sabre, and AOL.”
This is nothing more than a press release. Bought and paid for by other corporate competitors of Microsoft. And some of you think that your national security would be better in their hands?!? What a joke
Compared to Microsoft? Well yes. At least some of the above companies consider security to be something more than a PR exercise. Just goes to show how much in the pocket of Big Money the governments our (mine, the UK, included) so they’ll go for whoever greases the most palms as apposed to who creates the best technology. Surely the Linux distro that the NSA tweaked for security would be a better option? Or OpenBSD? Or to be quite frank Solaris or the unhackable MacOS 9 (unhackable due to the fact it is such a bad network OS).
Compared to Microsoft? Well yes. At least some of the above companies consider security to be something more than a PR exercise.
Get real. Each of those companies releases just as many patches for their products. The difference is that MS is the largest software company in the world; therefore, it garners a lot more attention.
Just goes to show how much in the pocket of Big Money the governments our (mine, the UK, included) so they’ll go for whoever greases the most palms as apposed to who creates the best technology.
Who’s getting paid off? Details, please. Or is this just shotgun-spewed FUD?
Surely the Linux distro that the NSA tweaked for security would be a better option?
Rrrrrright. I want to run an OS that the spooks at the NSA backdoored. Are you high?!?
Or OpenBSD? Or to be quite frank Solaris or the unhackable MacOS 9 (unhackable due to the fact it is such a bad network OS).
We’re talking about desktops here. OpenBSD ain’t gonna cut it. Solaris?!? MacOS 9?!? Get real.
RE; dr_gonzo (IP: —.bas501.cwt.esat.net) – Posted on 2003-09-01 18:12:54
governments are no different from large organisations. the dudes who decide what OSs their department is running care more about their golf swing than security. it’s only when things go wrong that they’ll become concerned and even then they’ll probably just fire some people and call the attackers “terrorists”
The closer one would be, if everything is going perfectly the manager will say that it was HIM to made it all possible, however, if the whole thing turns to sh*t they use the IS staff as the sacrificial lamb.
NZ had the prime example when they replaced the National Police mainframe with a new setup and IBM had won the contract. The police minister was willing to ride the apparent “wave” of success until things turned south because his constant requests of adding bits and pieces (this was a long way after the design phase) , who was the scrificial lamb? IBM of course. Instead of the police minister taking partial responsibility, he blamed all and sundry.
RE: sog (IP: —.nyc.rr.com) – Posted on 2003-09-01 17:27:55
oh man that is just the braindead thing the us government does with precious resources. Waste it on a totally insecure and unstable operating system like windows. I dont get it unix has been around for 40 plus years and is tremendously superior to any other os as far as security and networking technologies but our government is totally relying on windows which has been around for bearly ten years. I am at a loss for words but i feel now more fear for our security than ever.
I can’t work it out either. I mean, the US government as a $450billion deficit. If that deficit was used to fund the deployment of an end to end, rock solid UNIX solution then I could see the merit; it is an investment into the national security.
Who won the contract? Microsoft and Dell, based purely on cost. IIRC, wasn’t it GWB who said that no expense would be spared when it came to national security?
umm..hey fool, it is OPen Sourced, you can SEE if there are back doors, so a “secret back door” would not be very usefull for a secureity focused distrobution if any hacker can see it.
1) what would you have them do to stop 911 with information of “something will happen on 9/11 at some place in the US” tell everyone to stay home? but what if the attack relied on the people staying home? there was not enough info in one place at one time to make a focused enough picture to do anything. that is why the patriot act (with all its bad points, though with some good ones) was passed and the DHS was created.
2) the black out was the the US governments fault. the government does not own the equiptment nor the lines. companies must do the upgrades, and companies will not do it because the government said so. it takes, tax incentives and loosening of certain regulation to make upgrades worth while to teh companies.
“2) the black out was the the US governments fault. the government does not own the equiptment nor the lines. companies must do the upgrades, and companies will not do it because the government said so. it takes, tax incentives and loosening of certain regulation to make upgrades worth while to teh companies.”
What kind of crack are you on? The blackout happened because the companies are not regulated and do not have to meet standards of service. In the FDR days, you are probably too young to remember, the utility companies were heavily regulated and they functioned as they were supposed to do.
I am wasting my time here.
1) what would you have them do to stop 911 with information of “something will happen on 9/11 at some place in the US” tell everyone to stay home? but what if the attack relied on the people staying home? there was not enough info in one place at one time to make a focused enough picture to do anything. that is why the patriot act (with all its bad points, though with some good ones) was passed and the DHS was created.
There was information, however, the information was collected by two different agencies, CIA and FBI, who don’t exactly have the best reputation for working like a happy family.
2) the black out was the the US governments fault. the government does not own the equipment nor the lines. companies must do the upgrades, and companies will not do it because the government said so. it takes, tax incentives and loosening of certain regulation to make upgrades worth while to the companies.
Of course we’ll have the freemarketers claiming that thanks to “competition” we have cheaper electicity. I say, thanks to that cheaper power now we have a network falling to pieces.
It happened in Auckland, Syndey, Londom and New York. When are people going to take note than unbridled deregulation for the mear sake of deregulation isn’t the way to go.
I may sound like a socialist, however, I prefer having the “great heights” (Lenin) being owned by the government. This includes Power, Electricity, sewage treatment etc etc. Ultimately, these are things that people can’t afford to simply skimp maintainance on. The UK nuclear industry is the prime example. If it weren’t for Tony Blares bail out, along with the rail network, the whole thing would have fallen to pieces.
The heads of several nations warned the US government through various channels about 911. We ignored them.
Security has never been a national concern or priority. We needed a war. And Microsoft needed a monopoly. That’s what the government is here for. Insuring our way of life.
sure Linux has a bit of a learning curve but it is well worth it, it sure is more stable and secure, i have both Win98se & Win2k and Win98se breaks all the time & Win2k seems buggy & slow, but Redhat-9 & Slackware-9 run stable & smooth…
it does not seem to matter if i use RPM based distros, or use Slackware with gcc & compile the desktop & apps from source it all runs great for me…
I never said we did not have the information to give us who, what when, where, I said it was not all in one place, hence making it impossable to make one picture.
as for the regulation, I agree, there should be more regulation on the companies in the terms of caps on all parts of the power industry, from providers to producers, and the government should just tell the industry to do the upgrades and regulate them to make changes every 10 years to improove efficency, etc, but they are not totaly unregulated.
….as usual. Arrogant bunch. Wait until this “security organization” gets whacked by an epidemic invasion.
The point is “diversity.” But then, that’s a concept that goes way beyond you, of course.
Question:
If Windows is so secure, how come applications are STILL BEING WRITTEN in such a way that they FAIL if you try to harden a file system?
In fact, why weren’t Windows file systems hardened in the first place, as a default, on Windows NT 4.0, to give the application developers A TASTE OF PROPERLY SECURED DESIGN?
I’m waiting……got a GOOD answer, besides “Well, MS had to make sure everyone could slip right into NT real fast, to shut out everyone else…..
Get real. Each of those companies releases just as many patches for their products. The difference is that MS is the largest software company in the world; therefore, it garners a lot more attention.
Really? I haven’t been keeping careful count, but it seems like there have been as many patches for severe security problems for MS-Windows in the past couple months as there have been for either Mac OS X or Solaris in the past couple years, and there’s only ever been one severe security patch for OpenBSD ever… Other OSes do release their fair share of patches, but I’d be interested in seeing a breakdown of what percentage are for severe security issues, minor security issues, performance improvements, new hardware requirements, new features, enhancements, etc.
Why is is that people have a problem if a group of Microsoft’s competitors complain about security? Do they feel that others are ganging up on poor little Microsoft?
Is there any organization of software vendors, not including Microsoft, that would be considered anything but their competitors any more?
Of course, any such list would have to be examined to answer the question:
How long will it be before the Microsoft supporters in that list are either driven out of business or consumed by Microsoft?
Another question related to this: How many members of such a list support other platforms besides Microsoft platforms, *without* finding it difficult to do so, or *without* being pressured by Microsoft not to?
Also: How many on that list support Microsoft exclusively, because there are “no viable alternatives?”
Of course this association is all Microsoft’s competitors. Maybe the rest of us are getting tired of the monopoly, and a monopoly’s natural tendency to slip into complacency at every level except those which would further its monopoly position.
Security will NOT be one of those area, at anything like a full-bore level, until they have viable competitors which are available and heavily used by major government and corporate organizations.
Until then, we’ll get only what’s necessary to keep the status quo, or maintain that monopoly, whichever is cheaper.