Microsoft Attacks Open Source In Pentagon, Issues New Windows Security Warning

The Washington Post is reporting that Microsoft has been aggressively campaigning against the use of Open Source software at the Pentagon. The paper quotes military sources who described Microsoftis contacts as a "barage," with the emphasis of those contacts being on security concerns and the idea that Open Source is a threat to intellectual property. Microsoftis attempts to discredit Open Source software may be falling on deaf ears, however. From the article:

But the effort may have backfired. A May 10 report prepared for the Defense Department concluded that open source often results in more secure, less expensive applications and that, if anything, its use should be expanded.

"Banning open source would have immediate, broad, and strongly negative impacts on the ability of many sensitive and security-focused DOD groups to protect themselves against cyberattacks," said the report, by Mitre Corp.

A Microsoft Corp. spokesman acknowledged discussions between the company and the Pentagon but denied urging a ban on open-source software. He also said Microsoft did not focus on potential security flaws.

Microsoft also said open-source software is inherently less secure because the code is available for the world to examine for flaws, making it possible for hackers or criminals to exploit them. Proprietary software, the company argued, is more secure because of its closed nature.

Jonathan Shapiro, who teaches computer science at Johns Hopkins University, said: "There is data that when the customer can inspect the code the vendor is more responsive. . . . Microsoft is in a very weak position to make this argument. Whose software is the largest, most consistent source of security flaws? Itis Microsoft."

Read the full Washington Post article. There is much more information than what we quoted, and it is a very good read and an important issue. In ironically related news, Microsoft today released yet another security warning for Windows NT and Windows 2000. From a C|Net report:

Microsoft warned Windows NT and 2000 users on Wednesday of a new flaw in its debugger tools that could let attackers give themselves complete control of a system once theyive gained basic access to that system.

The vulnerability involves a flaw in the debuggeris authorization feature. The flaw lets any user run any program on the system, with the highest privileges. The hole could be used in conjunction with other Windows vulnerabilities that allow a remote attacker to run as a local user, said Marc Maiffret, chief hacking officer with network-protection company eEye Digital Security.

Microsoft gave the vulnerability a "critical" rating for client systems but would not estimate what portion of Windows NT 4.0 and Windows 2000 computers might be vulnerable to the new flaw.

You can read that full article at C|Net.