Note: This column represents the opinions
of the writer and as such, is not purported as fact
Sponsor's Message
|
Despite the fact that Microsoft's software does a pretty good job of allowing
every-day people to use their computers with a minimum of fuss and bother,
it is not without its detractors.
While deciding whether to love or hate Microsoft's wares is sometimes a decision
based more on industry politics than it is on objective analysis, even Billy
Boy himself admits that they're doing very poorly in one particular area:
Security.
Now Microsoft didn't get where it is today without making extensive use of
cunning tactics and spinmeisters, so they first addressed the matter of
their poor security record by launching a "Trustworthy Computing" initiative.
Check Out The Aardvark PC-Based Digital
Entertainment Centre Project
Updated 2-Dec-2002
This programme, we were told, would see thousands of MS-geeks pawing over
millions of lines of source code in a concerted effort to squash all those
nasty security holes that were lurking there.
Guess what?
It didn't work.
One only has to reflect on the massively disruptive effect of the Slammer
Worm that recently swept across the face of the globe in just a few minutes
to see what I mean. It
was only able to do so because of a security hole in Microsoft's SQL server
software.
Of course Microsoft's response was that they'd patched that hole already so it
was really a sysadmin problem, not a software one. Unfortunately for the
"what egg? what face?" crew at Microsoft, some of their own systems
were compromised by this very software flaw because the incredibly onerous
task of keeping buggy code patched to the latest release was too much even for
them.
So, having failed to convince the world that "Trustworthy Computing" was
anything more than just another press release from the rapidly rotating
offices of Microsoft's PR department, a new initiative was launched:
The "Government Security Programme"
This time they're once again claiming that they're "trustworthy" and to prove
it, they're going to make bits of Windows source code available to those
governments who sign up to some unknown terms and conditions (which might
even involve a long-term commitment to purchase -- who knows?)
The clear in intent is to try and steer governments away from Open Source
alternatives.
However, my question is: who really cares?
Shame on any government who thinks that the act of sharing
a few lines of source code will suddenly make Microsoft's code less
vulnerable to compromise by dedicated crackers.
It strikes me that if Billy's own boys have already spent many man-years
trawling this code for bugs and failed, there's probably not a lot of chance
that some civil servant is going to spot the next big vulnerability while
scanning idly through thousands of pages of C++ source.
And even if they did find a glaring hole -- they wouldn't be allowed to
fix it under the terms of the code-sharing agreement.
The whole thing smacks of just more spin from Redmond.
The decision-making process probably went something like this:
"How do we counter this Open Source threat?"
"Hey, I know, let's just pretend that we're open source too!"
"Great idea! It won't fool everyone but remember, we're talking about
politicians here -- they're not the sharpest knives in the draw eh?"
And thus was born the decision to let politicians oggle bits of code from MS
in the hope that it would produce warm, fuzzy feelings of security.
Let's hope that our politicians take a long hard look at just how ineffective
"Trustworth Computing" was and realise that being able to browse Billy's
source will do absolutely NOTHING to reduce the number of holes and the
effect those holes have on the security of systems that may form a critical
part of our governmental infrastructure.
But just what are the chances that they'll be smart enough to spot the
fact that this is nothing more than another cunning Microsoft ploy?
You tell me.
Yes, You Can Donate
Although the very kind folks at iHug continue to generously sponsor the
publication of Aardvark, the bills still exceed the income by a fairly
significant amount. It is with this in mind therefore that I'm once
again soliciting donations from anyone who feels they're getting some
value from this daily column and news index. I've gone the PayPal
way of accepting donations because the time involved in processing a bunch
of little credit-card billings sometimes exceeds the monetary value they
represent. Just click on the button to donate whatever you can afford.
NOTE: PayPal bills in US dollars so don't accidentally donate twice
what you were intending :-)
Contacting Aardvark
As always, readers are invited to submit their comments on material covered
in this column. If you'd like your comments published here then please
be sure to use this form and select For Publication.
Other media organisations seeking more information or republication rights
are also invited to contact me.
Add Aardvark To Your Own Website!
Got a moment? Want a little extra fresh content for your own website or
page?
Just add a
couple of lines of JavaScript
to your pages and you can get
a free summary of Aardvark's daily commentary -- automatically updated
each and every week-day.
Aardvark also makes a summary of this daily column available via XML using
the RSS format. More details can be found
here.
Contact me if you decide to use either of these feeds and
have any problems.
Linking Policy
Want to link to this site? Check out Aardvark's
Linking Policy.
|
Did you tell someone else about Aardvark today? If not then do it
now!
|
|
| 
= open in new window