by , 8:00 AM EDT, July 25th, 2003
This just isn't Microsoft's week.
Yet another security problem with one of Microsoft's products has reared it head, this time the problem is with Windows CE, Microsoft's earlier version of its PDA OS. It seems that the OS was used in an electronic voting system of which the source code was inadvertently left where Internet surfers could find it. A team of security gurus scrutinized the code and deemed it lacking adequate security. From the C|Net News article, Voting Machine Fails Inspection :
Using an earlier version of the source code that powers machines manufactured by Diebold Election Systems, the security experts--three from Johns Hopkins University and a colleague from Rice University--performed an audit and found numerous security holes.
"Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts," said the researchers in a paper published Wednesday on the Internet, concluding that "as a society, we must carefully consider the risks inherent in electronic voting, as it places our very democracy at risk."
The criticisms echo a fundamental issue that many security researchers have raised with most current systems: there is no way to verify that a vote was correctly recorded and no permanent record is kept.
The issues also come as direct recording electronic (DRE) voting systems are taking off. In the 2002 election, 19.6 percent of the electorate could have cast an electronic vote, up from 7.9 percent in 1996, according to Election Data Services .
...
Several issues became evident when the code was audited, said Avi Rubin, an associate professor of computer science at Johns Hopkins University and one of the authors of the paper.
For one, the manufacturer chose Windows CE as the operating system--a bad choice from a security standard, Rubin said. "Windows has a long history of new releases of patch just about every week," he said. "You can't run voting machines on Windows."
Read the entire article at C|Net.
We believe that Microsoft can make a good product if it sets it mind to it. Just look at Word and Excel, both great products, especially on the Mac (note that some might feel them to be a bit bloated). It seems, however, that with Big Redmond, 'good enough' is enough. That may be true when dealing with the average computer user, but 'good enough' won't cut it when things more fundamental are at stake.
In this case, Diebold should actually be the ones feeling the heat since it was they who decided to use Windows CE (of all things) on which to base their voting machines. There are a multitude of options, even some from Microsoft, that would have been a better choice. So, we're left scratching heads and wondering, "What were they thinking?"
While it is true that the code found on the Web is an older version, experts wonder how secure the current code is. We agree that, at the very least, an independent party should look over the code to ensure its integrity for such public uses.
The bottom line is this: When dealing in areas of national security or where lives are at stake, companies cannot afford to 'make do'. Our governmental representatives have an obligation to demand systems that work and are free of problems that could cause a person or our nation harm. It seems that with all the the flag waving in recent years, the only flags some companies hold dear are the corporate flags, and the only thing sacred is the bottom line.
What does all of this have to do with Apple, Macs, or OS X? Nothing, other than to say that we hope that if Apple were in Microsoft's shoes, they would fare better. We would like to think they would.
Notice that we purposefully avoided making the obvious jokes about voting machines and Florida. Everyone deserves a break now and again.