| Tuesday, May
21, 2002
On the
Microsoft Security issue, Eric urges calm
I'm very hard put to get excited over anything a
Microsoft exec says in court. The case descended into parody long ago with
no hope of delivering any improvement for the general public. The
complaints have consistently been about the wrong things, the examples
have ever been about meaningless items, and the solution sought have been
wrong. Meanwhile the things that are badly wrong with the industry
continue to loom overhead because nobody in the position to change things
will acknowledge it.
Even if MS wasn't regarded as especially insecure
I'd still be aghast at any mission critical system being dependent on
those or any other COTS products. 'Security by obscurity' is iffy when the
item is readily avaialble to all for determined hack attacks that are
merely impeded not stopped by a lack of documentation. The obscurity
approach could have value when a mission critical system doesn't expose
anything to the world that is available commercially for prolonged study.
Dan, there is a bit of a contradiction there.
Opening the source and then paying people to work on it loses much of the
purpose of letting the code out. Hiring a ton of additional programmers is
not the solution for anything except royalty checks for the author of 'The
Mythical Man Month.' No amount of money can overcome the biggest obstacle
to achieving a secure base at MS, which is the pain of transition.
Ultimately the only way this is going to work is by breaking a lot of
compatibility with existing code and published software. If it was just a
matter of throwing a couple billion bucks at the problem and vastly
improving their standing in the industry's regard I don't think they'd
hesitate to do so. But what is threatened here is more than a bit of cash
reserve, the threat goes against a much more important asset: the mountain
of software that keeps the vast majority of the world on Windows.
This is one of the places the monopoly accusation
falls apart. MS legitimately fears losing that advantage because other
companies are waiting to take advantage of such an opportunity. If they
truly had the world under their thumb there would be nothing to fear. They
need to learn the lesson of Apple's self-inflicted wound, Copeland. They
spent years and wasted many resources in a doomed attempt to fix all of
aging Mac OS's shortcomings instead of biting the bullet and starting from
scratch. Imagine how stronger Apple could be if the equivalent of OS X
shipped a couple years earlier.
That painful break must be made at MS. They might as
well take advantage of the opportunity and roll out a bunch of planned
stuff that would have to be brought in incrementally in the normal course
of things.
Eric Pobirs
But Bob Thompson says:
It seems to me that what's significant about all
this is not any technical issue, but rather the simple fact that a senior
Microsoft executive testified under oath that from a security standpoint
Windows is broken and cannot be fixed.
Regardless of the truth or technical merits of
Allchin's testimony, he has in effect stated officially and under oath
that Windows cannot be trusted. So what now should be the position of
those in a fiduciary role in organizations that use Windows and have a
legal responsibility to maintain their data securely? For example, what
happens if your doctor's records are hacked? If a lawsuit is brought for
wrongful release of your private records, how can the doctor defend
himself? In the past, his attorney could argue that he'd taken reasonable
and prudent precautions to prevent the release of your records. With
Allchin's testimony now public record, your attorney could argue, probably
successfully, that by continuing to use a known-defective product your
doctor had recklessly endangered the privacy of your data.
In Risk Management, the first principle is that if
you know about a problem, you have to at least attempt to fix it. If
someone is injured because of something you knew about and didn't fix,
you're in bad legal trouble. For example, we had our main sewer line
replaced last year. The city utilities division had to make a curb cut to
install the new line, and a few weeks ago Barbara noticed that the
concrete curb and gutter they'd poured had sunk several inches. She called
the city, and they sent someone out. I mentioned to the guy that we were
concerned because the previous night I'd noticed a woman walking her dog
had tripped and nearly fallen on the sunken gutter. "Well," he
said, "now that you've pointed that out to me, I have to put up an
orange cone to warn people until we get it fixed. Otherwise, we could be
sued."
It's the same situation with Windows and Allchin's
announcement. Now everyone knows that Windows has a sunken gutter and that
the maker of the product admits the existence of the problem, so the next
person to trip over it could sue because we were aware of that and did
nothing to fix the problem. It seems to me that if I were a corporate Risk
Manager, I'd be writing a memo this morning recommending that all of my
company's sensitive data immediately be relocated to a more secure
operating system.
-- Robert Bruce Thompson thompson@ttgnet.com http://www.ttgnet.com
<http://www.ttgnet.com>
And Dan Spisak comments:
I realize I am the somewhat paranoid, Microsoft
distrusting, Linux loving guy around here. I have no problems whatsoever
with that. You say I shouldn't get overly excited at anything an MS exec
says in court. I fully acknowledge the fact that the MS trial is a
complete farcical and very likely not going to do much of anything to help
the end user and consumer. However, even acknowledging that you still have
an MS exec saying under oath that they feel their source code can't be
opened up to public review in the trial because they feel it would
compromise our national security at home and in Afghanistan! This is under
oath! This is either a true statement or Jim Allchin is asking someone to
kindly sue him for perjury. If, by some bizarre chance, our government is
using an MS Windows product in a battlefield environment then this is a
big problem. I, as a taxpaying customer have issues with my government
using an insecure product in such a demanding application that its relied
upon in a wartime environment. If this statement he made under oath is a
true one I would really like to know the details that backup that kind of
statement. I wonder if a Freedom of Information Act request would be able
to get supporting data to back that claim up if I could just figure out
how I would go about doing a request specific enough to get what I am
looking for.
My ideas regarding MS spending some of its cash
reserve to hire open source programmers to go over its code and do a
review & cleanup of it was a bit rash I will admit. You claim that MS
can't do any amount of code rewrite to fix it's problems, it needs to dump
its entire old codebase and start new like Apple did? However your
analysis of what Apple did and what MS should do is a bit off. MS already
tried dumping its codebase, it was called Cairo I seem to recall. Apple
did mild improvements and updates to its OS 8.X and OS 9.X even while they
had OS X out in the wild I seem to recall. Plus, OS X is a BSD-like Unix
OS based off the Mach kernel from Jobs days of NeXT and as such isn't
really a 100% from the ground up rewrite. Instead what Apple did was take
some technologies that had already proven themselves and put a consistent,
useable, friendly GUI ontop of that. OS X kicks ass because its the Mac
GUI with a Unix BSD-like backend powering it. This gives Apple a codebase
that has been through millions of man-hours of code testing, running,
review, and deployment in the real world. This is completely different
from when MS did Cairo, unless I am to believe that NT was based off of
VMS loosely (I forget where I had heard that one from).
So in essence your suggesting MS start over with a
"new" OS that in reality is a consistent GUI ontop of a proven
OS technology framework like say...UNIX? Hell, I'd buy that where do I
sign up? :)
And if Allchin is right about MS source code being
public as a threat to our National Security then how come you can get
access to it if you are a University, large corporation, or Austria....yet
they (MS) can't give it to the court? And if they are serious about this
national security spin of theirs then how the hell are they able to get
away with letting their source get into so many hands? Do all those people
have a security clearance?
I'm just looking for rational explanations and
answers to what seems to me the biggest load of BS I've run across in a
long time.
-Dan S.
And:
Dan Spisak comments:
"This is completely different from when
MS did Cairo, unless I am to believe that NT was based off of VMS loosely
(I forget where I had heard that one from)."
According to the book "Showstopper!!" by
Zachary Pascal, Dave Cutler from DEC who was a principle architect for the
VMS operating system, was brought in to Microsoft to head up the NT
("Cairo") effort. He saw it as an opportunity to bring a secure,
mainframe style OS to the masses. He didn't even want a GUI until it was
forced on him by the surprising success of Windows. In any case, I would
think we can safely call NT, and any operating system beyond sticks and
stones, a derivative work to some degree. I am not sure "Starting
from Scratch" would yield security in any case, just as starting car
designs from scratch does not lead to a better car, but probably one with
greater potential at the cost of short term problems and bugs.
Marlin Roberts
Clearwater Research, Inc.
Which is not the end of the story.
But I point out that long ago, everyone knew that UNIX could be hacked;
depending on the version. there were back doors left in UNIX by its
academic tinkerers, some long forgotten.
And Peter Glaskowsky has an
important comment below.
I suppose it was
inevitable:
Subject: And On The Gripping Hand:
I was curious about the origin of this expression,
"on the gripping hand," and so I did a google search on the
phrase. Not that I failed to get the gist of it, but for me it is a seldom
read phrase, and, well, I'm curious. Look what at the reference I found!
I guess you know by now you're very widely read.
Strong in the force, eh?
on the gripping hand
on the gripping hand In the progression that
starts "On theone hand..." and continues "On the other
hand..." mainstream English may add "on the third hand..."
even though most people don't have three hands. Among hackers, it is just
as likely to be "on the gripping hand". This metaphor supplied
the title of Larry Niven & Jerry Pournelle's 1993 SF novel "The
Gripping Hand" which involved a species of hostile aliens with three
arms (the same species, in fact, referenced in juggling eggs). As with
TANSTAAFL and con, this usage one of the naturalized imports from SF
fandom frequently observed among hackers.
The Jargon Dictionary - http://info.astrian.net/jargon/terms/o/on_the_gripping_hand.html
Edward
Which proves that The Jargon
Dictionary doesn't always know what it is talking about. The metaphor was
Larry Niven's, from Motie physiology: they have two manipulating hands on
the right side of their body, and on the left they have a strong and well
developed hand. TANSTAAFL was
my father's, transmitted from me to Robert Heinlein and used by him, as
acknowledged in letters both to me and to reviewers. Ah well.
May 21, 2002
I had two experiences of direct contact with Gould
over the years. In one case, I wrote to point out to him that his comments
on the Irish famine in the 19th century were based on second hand sources
and did not reflect an accurate picture of what happened there. To my
surprise, he wrote back and acknowledged my point without too much debate.
I had done a fair amount of my doctoral work in this area, so he seemed
willing to cede my point on a topic where he really knew little.
The second encounter was years later and had to do
with a gratuitous remark he made about accountants when he was writing
about Lavoisier!! Yes, Gould could and often did make the strangest
connections, some of which were revealing and thought-provoking but some
of which were silly. In the case I am referring to, he let his Marxist
heritage slip out with a snide remark about the profit motives of
accountants. I called him on it, remarking in the process that I had
encountered just as many if not more evil and manipulative folks in the
halls of academia as I had in my life as a commercial executive. He wrote
back and somewhat defensively conceded my point about wickedness and greed
being ubiquitous, but then denied that he had meant what he said or about
as much.
Gould was really what in the nineteenth century
would have been called a natural historian. In those days, figures like
Darwin, Lyell, Wallace, Spenser, and so forth were public figures whose
views were part of the mainstream intellectual debate. Today, we have too
few of this kind. In this respect, he served his greatest role as a gadfly
for creationists and other benighted ideologues who would impose their
views on public institutions. I recall his visit here to Memphis about ten
years ago where a goodly part of his public presentation was taken up with
refuting the "representatives of the 16th century" in the
audience. But ironically, Gould could be just as obsessive and
unresponsive to the facts when it came to sociobiology and the role of
genetics in shaping human behavior and capabilities.
In this case, I agree that the good the man did will
live after him, while his foibles and very human shortcomings will most
likely be forgotten.
Bob Sweeney Memphis, TN
The current trend seems to be to
recall the evil. But we will see.
Now for GOOD
NEWS!
It looks like they found the reclusive Nigerian
wanting to send you money!!!!!
http://zdnet.com.com/2100-1105-918960.html
Allan Mason BA MpA Financial Analyst
And then we have
Dear Dr. Pournelle,
Transportation Secretary Norman Mineta does not want
pilots arming tnemselves to protect their own aircraft. He prefers that
armed Air Marshals do the job. This kind of decision reminds me that
Attorney General Janet Reno authorized the group of armed thugs that ended
up cooking a church congregation in Texas. As I recall the news, the
people that trained Reno's Keystone Cops also trained the Air Marshals. I
guess Mineta feels he cannot decide who will pilot aircraft, and cannot
stand the loss of control. I prefer armed pilots anytime. Besides, they
will be on every flight which is more than the air marshals can promise.
Mineta can leave any time.
regards,
William L. Jones wljones@dallas.net
Which needs no comment. The pilots
want to be armed. The government doesn't want them to be. As usual, we
obey Caesar.
Peter
Glaskowsky on the Windows question:
It sounds to me as if Allchin is referring to faults
in the definition or actual implementation of protocols and APIs embodied
in Microsoft code-- not coding faults per se. My thinking is that coding
faults could be corrected before the code is released, but protocol and
API problems have to be preserved to support interoperability with
existing systems.
For example, Microsoft may have designed the Message
Queuing protocols to assume that the security validation for one message
applies to subsequent messages from the same nominal source, even when
there's no guarantee that all the messages came from the same source. Or
there could be some sequence of operations built into a Microsoft security
API that could be analyzed to reveal information about passwords, if the
source code for the operations could be analyzed to explain the
significance of intermediate results that are visible on a network.
In these examples, Microsoft may not be able to fix
the underlying problems without replacing code on every Windows machine on
Earth-- possibly every operating system and every application that uses
the affected protocol or API. Microsoft may believe that this solution
represents a greater effective cost than simply living with the risk that
someone will figure out how to exploit the vulnerability.
They may even be right.
There's an even more sinister interpretation
suggested by my colleague Kevin Krewell here at Microprocessor Report--
that the source code might reveal back doors Microsoft has installed in
these functions to facilitate remote monitoring by Microsoft or the US
government. A government connection would provide a much stronger
justification for withholding the source code-- and explain why the
government isn't trying particularly hard to persuade Microsoft to release
the source code. It would even explain why the government is willing to
continue using Windows in many government agencies despite the existence
of security flaws: if the government controls those "flaws," it
has little to fear from them. I don't really agree with this
interpretation, because it's more complex than necessary to explain the
facts, but it struck me as entirely possible and worth mentioning here.
Whichever explanation is true-- and especially if
they're both true-- if there's a stronger reason to prohibit the use of
Windows software for mission-critical applications in systems exposed to
the outside world, I haven't heard it. Windows in physically secure
networks may be okay, depending on the risks involved, but I'd insist on
OpenBSD or some equivalent open-source OS for anything subject to covert
attack.
. png
Which gives us a lot to think
about. Eric Pobirs
comments:
This appears to match my opinion on the subject.
Spending money on producing patches is not discouraged in Redmond but
breaking stuff in a way that compromises market value is anathema.
Given just a few clues there is a standing army out
there that will eventually detect every possible avenue of attack. They
can either take a massive hit by avoiding the issue until there is no
other option or they can minimize the bleeding by getting the needed
replacements ready and figuring out how to deploy while generating the
smallest possible mob of angry villagers with pitchforks and torches.
"You say he's superhumanly powerful and subject
to unpredictable bouts of homicidal rage. Hmmm, yes, we've had a few
reports on this and the techs are documenting the problem now. We expect
to have a patch available for download very soon. In the meantime be
careful with open flame and try not to make any sudden movements. Thank
you for calling, buh-bye."
I kind of doubt Krewell's theory if only on the
basis that the case has dragged on way too long if there strong incentive
during the previous administration for Windows Everywhere (c) as an intel
gathering asset. Not to mention that standing army of scrutinizers.
Remember the foofarah when the key labeled NSA was discovered a few years
ago? I would think that sent a lot of guys on a quest to find evidence for
a partnership.
More
from Eric on the operating system question
http://www.theinquirer.net/21050206.htm
By sheer coincidence this appeared today. Some of
his complaint are just whining though. Many of his desires can be achieved
if enough people are willing to pay the price for things like large
amounts of SSD space to accomodate instant on in a full blown desktop OS.
If MRAM scales up well we in a few years see portable that are never
rebooted unless absolutely necessary because they can go instantly into
and out of a zero power condition while maintaining the state of memory.
The memory would also have the admirable quality of only requiring power
when it is addressed, not for refressh.
Currently the price and capacity of MRAM isn't up to
the task but the companies involved know this would be a huge seller if
they can hit their goals.
Arron Rouse longs for the Amiga and
the Z88. I liked the Z88 a good bit -- they photographed me holding one in
the White House and used that in their ads (for which I didn't get paid,
of course; I agreed because I liked the machine) and I like the Amiga.
There was also the Atari which attempted a GUI but which had to nerf the
menu system because of Apple lawsuits, but even so could have improved the
breed.
So it goes.
But I do agree, the security
problems make it important that we think again about what we are doing... I
will probably copy all these threads to a special page; it seems we have
much more to learn.
g
TOP
CURRENT
VIEW |
CLICK HERE for
a Special Request. 
The
evil men do lives after them, the good is oft interred with their bones...