Editorial comment: Scary hackers

[InfoSec News <isn () C4I ORG>]

http://markets.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT332XA3XEC&live=true

Published: October 29 2000 19:47GMT
Last Updated: October 29 2000 19:55GMT

Scary stories are being told about how computer hackers infiltrated
Microsoft's internal network. But if the company is correct they
merely wandered around the network and looked at the source code for a
future product. There is little in this to chill the spine, even
around Hallowe'en.

The worrying part is the thought that hackers may have copied or
sabotaged the secret source code for its programs. The company says no
important code - such as that for the Windows operating system - was
copied, and no programs were damaged or altered.

But what if they had been? Many groups, such as Microsoft, see
intellectual property as their core asset, to be kept under wraps at
all costs. If those secrets become publicly known, surely they have
lost their value?

No. Microsoft's strengths stem not from the individual techniques of
its programmers but from its ability to design products skilfully,
manage the process of creation, and exploit its brand. None of these
is threatened by knowledge of the company's source code. A weaker
software group might gain some benefit from knowing the source code
for Windows or Word but it would not be transformed into a second
Microsoft.

The value of intellectual property lies not in the property itself but
in the human systems that create and exploit it and the legal rights
to use the property. Without those systems and rights, intellectual
property is worthless. So, even if all Microsoft's source code is now
on a hard disk in St Petersburg, the hackers may find it hard to
extract much commercial benefit.

The fear of sabotage has greater resonance. The worry is that access
to Microsoft's network could have allowed hackers to subtly modify
source code, making later releases of Microsoft's programs damaged or
vulnerable. Even inspecting the source code might make it easier for
hackers to attack computers around the world.

This is an exaggerated fear - and in any case the company says it did
not happen. But it reveals public concern about over-reliance on
Microsoft. If Windows were only one of a number of competing operating
systems, the possibility that it might become vulnerable would be a
minor inconvenience. Anyone seriously worried by the threat could
simply switch.

The knowledge that there is no practical alternative gives such fears
their power. Resentment about this dependence was one of the motives
for the recent Microsoft antitrust case. Like all ghost stories, this
one has a deeper message: beware over-reliance on a single set of
programs, and a single set of programmers.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".