Home Land Security
ron browning
ron_browning14223 at yahoo.com
Thu Aug 28 23:12:13 EDT 2003
To Whom It May Concern:
I would like to request that each receiver of this letter (my Congressman, two State Senators) start an inquiry on the Department of Home Land Security (DHLS). Recently, I learned that the DHLS decided that Microsoft (MS) XP would be the standard operating system for both DHLS and DHLS supported agencies. I believe this is an ill-considered decision.
I have programmed many applications on PCs, Minis, and Main Frames over 30 years. Ive learned that Microsoft Products are not secure! For example, the two major patches to XP Professional, do not address features or bugs, but are exclusively on security. The recent MSBlaster Virus hit XP Professional. One only has to run a program like Ad-ware or Spybot to view all the spy ware that is aimed at Microsoft machines.
Microsoft claims to be a target because they are the biggest game in town that is the target of hackers and virus makers. However, you cant have Active X, D-COM, and other distributive network programs, plus a secure OS at the same time. Microsoft, at a conference last year, revealed that six ports are left open for their use as a hidden feature. One of the ports is an RPC agent (Remote Procedure Call which allows another to take complete control of your computer.)
Now even if MS claims they will deliver an operating system with all ports closed, the problem still remains. For example, non-operating system programs like MS Office routinely try to open a port to send data to MS marketing. Fortunately, more secure operating systems exist. i.e., Linux, Solaris, BSD, and even Mac OS-X, to name a few. The real problem is that MS tries to be everything to everyone. Even were they to secure the existing XP operating system, when someone adds a media player, etc. these tries to open up the machine ports to collect statistics, thus leaving the whole operating system vulnerable.
To further illustrate look at WMI (Windows Management Instrumentation), which yields everything you want to know about anothers machine, except how to read the password file (also not well constructed.)
I have done consulting for some of the largest corporations and having traced down why certain decisions are made I believe that usually someone low on the totem pole picks something without adequate technical know-how. To make this point, consider the following two items: At one of our major US corporations with a large Navel contract, I stopped three million dollars worth of wrong equipment from being ordered. That equipment was the responsibility of an administrator, but this person merely placed a call to a new hire at the corporate help desk who in turn gave their opinion based on some catalogs without even interviewing or knowing what the equipment was going to be used for. At another major US Corporation, I interceded to stop an 800 million dollar order just before it was placed. Nearly 140 people in the business division had reviewed the specifications, and these people failed to communicate with any of the 30,000 + qualified Engineers. The basis of d!
ecision
by these unqualified was predicated on their use of spreadsheets, and these people were ordering machines that would have eventually been used Field Engineers and as diagnostic machines. I believe that this Home land Security pick is of a similar nature.
To make a Microsoft Operating system secure, I can say with certainly, that would ether have to use a different one or create one from scratch. I therefore ask for a congressional investigation on this decision.
I ask the receivers of this e-mail to review this e-mail, and add their own experiences and forward it to their appropriate representatives.
Concerned Citizen,
Ronald Lee Browning
---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nflug.org/pipermail/nflug/attachments/20030828/cdd8f8ea/attachment-0001.html
More information about the nflug
mailing list