RE: Industry group wants DHS agency to review deal with Microsoft

[InfoSec News <isn () c4i org>]

Forwarded from: Tony | AVIEN / EWS <tony () avien org>

I agree with the point that it may be unwise to put ALL your eggs in
one basket, but I disagree with the stance that Microsoft's security
history should affect the decision.

Anyone subscribing to mailing lists like Bugtraq or the Secunia
Security Advisories knows that there are hundreds of new
vulnerabilities discovered every week in pretty much every application
and operating system around.

The reason that Microsoft is targeted for worms and viruses in my
opinion is not because their software is more vulnerable- it is
because of their marketshare. The malicious coders of the world want
to attack the most target-rich environment. If you are trying to
infect as many computers as possible then aiming for the home user
market, especially broadband users, provides a broader and easier
target than writing a worm or virus that attacks Linux operating
systems or Oracle databases.

If the DHS were to go with alternate applications and platforms they
may very well still find themselves under the gun because of who they
are and what they represent. No matter what software they choose they
will be targeted and it will be incumbent upon them to secure their
networks and computers in every way possible.


Tony Bradley, CISSP, MCSE2k, MCSA, MCP, A+
About.com Guide for Internet / Network Security
http://netsecurity.about.com 

  


-----Original Message-----
From: owner-isn () attrition org [mailto:owner-isn () attrition org] On Behalf
Of InfoSec News
Sent: Thursday, August 28, 2003 3:24 AM
To: isn () attrition org
Subject: [ISN] Industry group wants DHS agency to review deal with
Microsoft 


Fowarded from: William Knowles <wk () c4i org>

http://www.computerworld.com/securitytopics/security/story/0,10801,84434
,00.html

Story by Todd R. Weiss 
AUGUST 27, 2003 
COMPUTERWORLD 

The Computer & Communications Industry Association (CCIA) is criticizing
last month's decision by the U.S. Department of Homeland Security (DHS)
to exclusively use Microsoft Corp. software, arguing that recent
computer virus and worm attacks against Microsoft products are evidence
that such a decision is a poor choice.

In a letter today to Tom Ridge, the secretary of the DHS, Ed Black, the
CEO and president of the Washington-based CCIA, asked the agency to
"reconsider" its decision to use Microsoft software inside an agency
with critical security needs.

"We believe that for software to be truly secure it must be well written
from the outset, with security considerations given a high priority,"
Black wrote in his letter. "Unfortunately, there is ample evidence that
for many years economic, marketing and even anticompetitive goals were
far more important considerations than security for Microsoft's software
developers, and these broader objectives were often achieved at the cost
of adequate security.

"Also, from a security standpoint, the lack of diversity within a
networked system amplifies the risk emanating from any vulnerabilities
that do exist," he wrote. "But diversity is difficult without
interoperability, and the benefits of interoperating with more robust
systems can be blocked if any dominant player does not cooperate in
fostering interoperability."

The DHS awarded Microsoft a $90 million enterprise software deal last
month, just two days after company Chairman Bill Gates met with Ridge in
Washington.

A DHS spokesman couldn't be reached for comment on the CCIA letter late
this afternoon. A spokesman for Microsoft was also unavailable by
deadline.

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.