- SEATTLE (Reuters) -- Computer
security experts issued a joint report on Wednesday saying that the ubiquitous
reach of Microsoft Corp.'s software on desktops worldwide has made computer
networks a national security risk susceptible to "massive, cascading
- The report, unveiled at the Computer & Communications
Industry Association's meeting of industry leaders and government officials
in Washington, D.C., saying that Microsoft is now the number one target
for malicious computer virus writers. The report's authors told CCIA --
which is funded by Microsoft rivals -- that the software's complexity has
made it particularly vulnerable to attacks.
- So far this year, two major viruses emerged that took
advantage of flaws in Microsoft software.
- Slammer, which targeted computers running Microsoft's
server-based software for databases, slowed down Internet traffic across
the globe and shut down flight reservation systems and cash machines in
the United States.
- The Blaster worm burrowed through hundreds of thousands
of computers, destroying data and launching attacks on other computers.
- "The nature of the platform that dominates every
desktop everywhere is such that its dominance, coupled with its insecurity,
cannot be ignored and is a matter of corporate and national policy,"
said Dan Geer, a security consultant and chief technology officer of @Stake,
a computer security company.
- Geer, along with other well-known computer security experts
Rebecca Bace, Peter Gutmann, Perry Metzger, Charles Pfleeger, John Quarterman,
and Bruce Schneier, said they issued their report to raise awareness of
the risk to national security by using a single, wide-spread software system.
- The report's authors said the report was a reflection
of their own views and not necessarily those of the CCIA, an industry trade
group of Microsoft's competitors that has a long history of suing the world's
largest software maker.
- But in response to the report, Americans for Technology
Leadership, an industry trade group backed by Microsoft and other companies
and organizations, called the report an attempt by the CCIA to exploit
the "serious issue of cyber-security."
- "Cyber-security is an industry-wide problem that
will not be solved by malicious finger pointing and political attacks,"
Jim Prendergast, executive director of Americans for Technology Leadership,
said in a statement.
- IS MONOPOLY THE PROBLEM?
- Microsoft, which launched its Trustworthy Computing initiative
in early 2002 to make its software more secure and reliable, said it is
continuing to work with its customers and the government to make its software
"as secure, private and reliable as possible."
- "Microsoft considers security for all of our customers
-- from government networks to individual PC users -- to be our top priority,"
said Microsoft spokeswoman Ginny Terzano. "The widespread use of Microsoft
products around the world means we are constantly working to be responsive
when vulnerabilities occur."
- But the security experts said the issue of computer security
had more to do with the ubiquity of Microsoft's software than any flaws
in the software.
- The best solution, the report's authors argued, is to
adopt a mix of different computer systems that will reduce the risk of
a single security incident crippling a company or a government agency.
- "Having more than one operating system running inside
your enterprise would be a substantial improvement," said Geer.
- Bruce Schneier, a co-author of the report and chief technology
officer of network monitoring firm Counterpane Security, noted a recent
initiative by Japan, Korea and China to develop an alternative operating
system to Microsoft's Windows to enhance security.
- "I wouldn't put all of the blame on Microsoft,"
Schneier said, "the problem is the monoculture."
- Copyright © 2003 Reuters Limited. All rights reserved.
Republication or redistribution of Reuters content is expressly prohibited
without the prior written consent of Reuters. Reuters shall not be liable
for any errors or delays in the content, or for any actions taken in reliance