SYS-CON.TV Webcasts
Jackbe: The Big A(architecture in AJAX)
Instantiations: Eclipse Rich Internet Platform with Taylor and Milinkovich
Yahoo!: Applying AJAX to Speed User's Journey
Enerjy Webcast: Java Code Quality Management
App Server Shoot-out: Microsoft, IBM, JBoss, Sun, BEA, and Oracle
Comments
By Roger Strukhoff
Richard Davies wrote: The UK has a good crop of technology pioneers in cloud computing - for example ElasticHosts, FlexiScale, Flexiant, OnApp - and also some strong government initiatives such as G-Cloud. We will have to see whether this kind of technical leadership converts into swift mass-market adoption or not.
Jan. 8, 2012 11:38 AM EST
Cloud Expo on Google News
Did you read today's front page stories & breaking news?

SYS-CON.TV: RIA Shoot-Out! AJAX, Flex, Silverlight, and JavaFX

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
SYS-CON.TV
Top Links You Must Click On


TURNER'S VIEWPOINT: The Emperor's New Clothes
TURNER'S VIEWPOINT: The Emperor's New Clothes

By: James Turner
Feb. 15, 2004 12:00 AM

One of the major debates in the Open Source vs Proprietary Software debate has always been which one offers more security against intruders and other malfactors. The traditional wisdom has been that Open Source has the advantage of more eyes on the code, scouring it for vulnerabilities, while proprietary software has the advantage that hackers don't have the ability to look for security holes in the source code itself, since it is closely held.

The revelation this week that source code to major portions of two popular Microsoft operating systems are being passed throughout the Net brings this debate to an end. I, personally, have always suspected that the source code to proprietary OSes would always been available to a buyer with the right amount of money. After all, it just takes one disgruntled worker with a high-capacity USB RAM drive on his keychain to smuggle the goods out of a building. But now that millions of lines of code to Windows NT 4.0 and Windows 2000 are readily available to anyone with a modem, there can be no denial of the brutal truth.

So in light of this new world order of software, what's the new conventional wisdom? Open Source remains as it has always been, an arena where malicious forces are free to search for holes to exploit, while armies of developers busily patch and repair any problems they find. But on the other hand, Microsoft in particular is being called out for walking around naked.

It's the worst of all possible worlds for Microsoft users. They have no abilility to fix problems found in Microsoft operating systems themselves, since only Microsoft can issue patches. On the other hand, the forces of evil now have the ability to look at the actual sources and hand-craft viruses and worms to weasel into Microsoft systems. So now it will be a handful of Microsoft developers against the world.

In fact, it's even worse. Since downloading a copy of the stolen code places you in violation of the Digital Millennium Copyright Act, you can't even look at the source to see how bad the problem might be. Obviously, some Russian Mafia coder will have no such compunctions not to do it. So the guys in the White Hats are still technically left in the dark, while the Black Hats have a whole new resource to exploit.

Considering that in the era before the release of the Windows source code, Microsoft often appeared unable to keep up with the flood of exploits aimed against their operating systems, one can only imagine what the world will be like now their dirty laundry has been exposed to the light of day. Get ready for your twice-daily mandatory security patches, folks.

Published Feb. 15, 2004— Reads 17,884 — Feedback 2
Copyright © 2004 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
Related Stories
▪ Microsoft's Source Code Leak - A Different Perspective
▪ Windows 2000 Source Code Leak "Is a Disaster for Open Source, Too"
▪ TURNER'S VIEWPOINT: Why Do Java Developers Like to Make Things So Hard?
▪ Breaking News: Cisco's IOS Source Code Stolen
About James Turner
James Turner is president of Black Bear Software. James was formerly senior editor of Linux.SYS-CON.com and has also written for Wired, Christian Science Monitor, and other publications. He is currently working on his third book on open source development.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

it's almost a ritual for me to run these patches. i've set up a cool tool to automate it across my company's platform

Read Shattering Windows: Is a Disaster Lurking?
http://www.eweek.com/print_article/0,3048,a=109729,00.asp

The Shatter Attack exposes inherent vulnerabilities in the overall design of Microsoft's operating system application interface . Microsoft has known about this class of vulnerability since 1994.
http://security.tombom.co.uk/moreshatter.html
This has been more than long enough for Microsoft to develop a more secure alternative API and deprecate the unsecureable GDI interface. Instead Microsoft continued to develop applications using the unsecure APIs and promote their use with the Microsoft development tools for third party developers.

Bill Gates' Memo putting security as a top priorty in January 2002 ...
http://www.theregister.co.uk/content/4/23715.html
... was reminiscent of announcements of the old "five year plans" from the old Soviet and Maoist regimes.
http://groups.google.com/groups?selm=slrna4k6r5.jhf.heretic@heretic.ihug...

In May 2002, under oath at the antitrust hearing Jim Allchin, group vice president for platforms at Microsoft, stated that, because the Windows operating systems contained inherent flaws, disclosing the Windows operating system source code could damage national security and even threaten the U.S. war effort.
http://www.eweek.com/article2/0,3959,5264,00.asp

By the way, In February 2003, Microsoft signed a pact with Chinese officials to reveal the Windows operating system source code. Bill Gates even hinted that China will be privy to all, not just part, of the source code its government wished to inspect.
http://zdnet.com.com/2100-1104-990526.html

Dispite gaining more favored trading status with the USA, there remains many embargos over technology transfers which could put the US at future risk.
http://www.newsmax.com/archives/articles/2003/10/9/160700.shtml

Either Jim Allchin lied under oath, to prevent code revelation being any part of the settlement, OR the Microsoft corporation is behaving traitorously, by exposing national security issues to foreign governments.

The exposure of Microsoft source code put users at risk because of the inherent design and implimentation flaws built into the source code.


Your Feedback
muscle wrote: it's almost a ritual for me to run these patches. i've set up a cool tool to automate it across my company's platform
David Mohring wrote: Read Shattering Windows: Is a Disaster Lurking? http://www.eweek.com/print_article/0,3048,a=109729,00.asp The Shatter Attack exposes inherent vulnerabilities in the overall design of Microsoft's operating system application interface . Microsoft has known about this class of vulnerability since 1994. http://security.tombom.co.uk/moreshatter.html This has been more than long enough for Microsoft to develop a more secure alternative API and deprecate the unsecureable GDI interface. Instead Microsoft continued to develop applications using the unsecure APIs and promote their use with the Microsoft development tools for third party developers. Bill Gates' Memo putting security as a top priorty in January 2002 ... http://www.theregister.co.uk/content/4/23715.html ... was reminiscent of announcements of the old "five year plans" from the old Soviet and Maoist regimes. http://gro...
Enterprise Open Source Magazine Latest Stories . . .
By Maureen O'Gara
Apache Deltacloud, the Red Hat-contributed ReSTful API that abstracts differences between clouds so services on any cloud can be managed – provided of course there’s a driver – has graduated from the Apache Foundation’s incubator and is now a full-fledged Top-Level Project (TLP). The...
By Jeremy Geelan
With Cloud Expo 2012 New York (10th Cloud Expo) just four months away, what better time to start introducing you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical and strategy sessions at the conference... We have technical and st...
By Maureen O'Gara
AMD said late Tuesday that its chief sales officer Emilio Ghilardi had left the company and that CEO and president Rory Read is going to do his job while a replacement is sought. AMD didn’t say why Ghilardi left but it’s assumed Read wants his own people. Read is relatively new to th...
By Hovhannes Avoyan
During the lifespan of M3 (Monitis Monitor Manager) there has always been something lacking – timers. M3 execution procedure was outlined in this previous article. The execution mentioned in the latter was a one-time-execution, whereas server monitoring requires periodic invocati...
By Maureen O'Gara
Red Hat is putting its bought-in Gluster scale-out NAS storage technology, acquired in October, on the Amazon cloud. It’s styled Red Hat Virtual Storage Appliance for Amazon Web Services and other clouds are supposed to follow in short order.
By Ignacio M. Llorente
A new episode of the screencast series is now available at the OpenNebula YouTube Channel. This screencast demonstrates the new easily-customizable self-service portal for cloud consumers. Its aim is to offer a simplified access to shared infrastructure for non-IT end users. The scree...
MORE »
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021

SYS-CON Featured Whitepapers
Most Read This Week
By Jeremy Geelan
By Bob Hockman
By Brian McCallion
By Steven Yaskin
By Jeremy Geelan
By Jeremy Geelan
By Udayan Banerjee
By Jeremy Hess
By Udayan Banerjee
By Maureen O'Gara
By Liz McMillan
By Hollis Tibbetts
ADS BY GOOGLE