Debate Rages Over Microsoft Security Report

Industry players are hotly debating a controversial report released this week claiming that

flaws in Microsoft Corp.’s software combined with the company’s grip on the market is

causing a national security risk.

And to add more flame to the fiery debate, one of the authors was dismissed from his job

because of his involvement with the report.

”It is the combination of the two — the flaws in the software and the company’s monopoly

— that creates the magnitude of the problem described,” says Ed Black, president and CEO

of the Computer and Communication Industry Association, (CCIA) a Washington, D.C.-based

trade group often considered an “adversary” of Microsoft. ”There are several different

pieces that come together that create a perfect storm of insecurity.”

The CCIA released and backed the study, while several players in the security industry

authored the report, entitled ‘CyberInsecurity: The Cost of Monopoly’.

Daniel Geer, a

security consultant and, at the time, the chief technical officer of @Stake, a security

consulting firm, was the principal author.

A spokesperson for @Stake confirmed that Geer is no longer with the company since the

release of the report. The company released a statement saying that ”the values and

opinions of the report are not in line with @stake’s views” and that Geer is no longer

associated with the company. The spokesperson added that Microsoft did not push for or

participate in Geer’s dismissal.

”It shows that a raw nerve was hit,” says Black. ”The emperor never likes being told that

he has no clothes. Microsoft’s web of relationships is the seat of its power.”

What the report claims is that the large number of flaws in Microsoft’s popular software

combined with the fact that most companies around the world run that software is creating a

dangerous security risk.

”If you can penetrate one Windows system, you can penetrate millions of systems,” says

Black. ”We’re saying that when an entire nation, the entire industrialized world, is 96

percent dependent on a product with these flaws, there’s a serious problem… It’s a

cascading effect.”

And Black adds that the United States’ dependence on Microsoft’s software is directly

putting the country at risk.

”The infrastructure of every major industry, of the government, of our power system, are

all basically vulnerable,” he says. ”When they rely a great deal on a flawed system, they

are vulnerable.”

Chris Belthoff, a senior analyst with anti-virus company Sophos, Inc., says he agrees that

there is a risk here. Belthoff spends much of his time battling worms and viruses, like

Blaster and Sobig, that attack Microsoft Windows systems. And he says virus writers attack

those systems for two simple reasons — the flaws in the coding leave them vulnerable to

attack and Microsoft’s huge bite of market share gives them a wide and impressive target to

attack.

”Name another industry that is producing products as critical as this and there is only one

player holding on to most of the marketshare,” says Belthoff. ”And think about if those

products aren’t operating properly and so they could cripple the nation’s IT infrastructure.

”Do these people have an axe to grind?” Belthoff asks. ”Sure. Is that a legitimate axe to

be grinding? I’d say, yes it is.”

But not everyone agrees.

Dan Woolley, a long-time security player and now a vice president at Computer Associates,

which works closely with Microsoft, called the report and its charges ”bull.”

”I know what the guys are saying but it’s a little hard to swallow given that some of these

folks are into security products and are direct competitors with Microsoft,” says Woolley.

”Do they have a point? Yah. But the problem I see is if I’m a bad guy, I’m going to pick

the highest probability target I can get. That’s Microsoft. If you hit the right thing, you

can take down a lot of machines fast.”

Woolley says to claim that Microsoft is causing a national security risk is stretching

things.

”I don’t think the stuff is poorly built,” he adds. ”My contention, in general,

is that I don’t see another software manufacturer out there jumping through the hoops to try

to fix their products like Microsoft is.”

Ken Dunham of security company iDefense says he believes Microsoft is working hard on

securing its software but there’s a lot of flawed code to fix.

”Microsoft has increased usability of its software to become a software giant,” says

Dunham. ”The downside is that with all these features and functionalities added in, you get

more problems… Microsoft made this code and they need to make security a focal point. They

need to fix the code.”

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020