Microsoft's market domination and security practices make the Redmond, Washington software empire a national security risk because they leave so much of the world's computer and technological infrastructure vulnerable to attack, a group of "leading computer science and network security experts" say in a report released September 24.
Introducing the report at the Computer & Communications Industry Association's meeting of industry and government leaders, the report basically corroborates an earlier charge from the CCIA's president, Ed Black, that government software policies on procurement and antitrust "are leading the nation in the wrong direction," according to an announcement of the report's release.
"As fast as the world's computing infrastructure is growing, vulnerability to attack is growing faster still," said the report's principal author, @Stake chief executive officer Dan Geer. "Microsoft's attempts to tightly integrate myriad applications with its operating system have significantly contributed to excessive complexity and vulnerability. This deterioration of security compounds when nearly all computers rely on a single operating system subject to the same vulnerabilities the world over."
In fact, Geer suggested Microsoft's actual or alleged denial of Windows interoperability to "legitimate non-Microsoft applications" make "an environment in which Microsoft programs interoperate efficiently only with Internet viruses."
Microsoft security vulnerabilities came under further scrutiny during the summer, as several potent and widespread viruses and worms like Blaster exploited them to wreak havoc on the Internet and on hundreds of thousands of computers at home and in the office.
Geer and his fellow authors – including computer security experts Rebecca Bace, Peter Gutmann, Perry Metzger, Charles P. Pfleeger, Ph.D., John S. Quarterman, and Bruce Schneier – said the integration that makes Microsoft software "excessively complex and vulnerable" also builds up Microsoft's desktop software domination, and "intentionally, on Microsoft's part."
That, the authors concluded, guarantees Microsoft will remain the number one target of malicious hackers and virus and worm writers.
"This report underscores and explains many of the dangers that we have warned of for some time," Black said as the report was released. "Microsoft's monopoly threatens consumers in a number of ways, but it is clear that it is now also a threat to our security, our safety, and even our national security."
That alluded to the five-year deal the U.S. Department of Homeland Security signed with Microsoft in July, contracting Microsoft to supply Windows to its 140,000 workers. The report said that the government made itself so dependent on Windows that the increasing security flaws hikes the national security risk.
"Just as farmers diversify their crops or investors diversify their stocks to mitigate risk, so too should the federal government diversify the software it uses," the report said, adding a call for the federal government to demand Microsoft design applications to integrate more simply with other companies' programs and give those companies access to Microsoft code to simplify their ability to write programming compatible to Microsoft applications.
Geer said anti-trust questions are not economic alone. "Microsoft's monopoly and the means to achieving that monopoly via tight integration of applications contribute to the flaws and vulnerabilities in the software and provide viruses with a highly efficient vehicle for global distribution," he said. "When the government uses a product whose monopoly position undermines its security in this way, antitrust becomes a national security issue."
