Forwarded from: Tony | AVIEN / EWS <tonyat_private> I agree with the point that it may be unwise to put ALL your eggs in one basket, but I disagree with the stance that Microsoft's security history should affect the decision. Anyone subscribing to mailing lists like Bugtraq or the Secunia Security Advisories knows that there are hundreds of new vulnerabilities discovered every week in pretty much every application and operating system around. The reason that Microsoft is targeted for worms and viruses in my opinion is not because their software is more vulnerable- it is because of their marketshare. The malicious coders of the world want to attack the most target-rich environment. If you are trying to infect as many computers as possible then aiming for the home user market, especially broadband users, provides a broader and easier target than writing a worm or virus that attacks Linux operating systems or Oracle databases. If the DHS were to go with alternate applications and platforms they may very well still find themselves under the gun because of who they are and what they represent. No matter what software they choose they will be targeted and it will be incumbent upon them to secure their networks and computers in every way possible. Tony Bradley, CISSP, MCSE2k, MCSA, MCP, A+ About.com Guide for Internet / Network Security http://netsecurity.about.com -----Original Message----- From: owner-isnat_private [mailto:owner-isnat_private] On Behalf Of InfoSec News Sent: Thursday, August 28, 2003 3:24 AM To: isnat_private Subject: [ISN] Industry group wants DHS agency to review deal with Microsoft Fowarded from: William Knowles <wkat_private> http://www.computerworld.com/securitytopics/security/story/0,10801,84434 ,00.html Story by Todd R. Weiss AUGUST 27, 2003 COMPUTERWORLD The Computer & Communications Industry Association (CCIA) is criticizing last month's decision by the U.S. Department of Homeland Security (DHS) to exclusively use Microsoft Corp. software, arguing that recent computer virus and worm attacks against Microsoft products are evidence that such a decision is a poor choice. In a letter today to Tom Ridge, the secretary of the DHS, Ed Black, the CEO and president of the Washington-based CCIA, asked the agency to "reconsider" its decision to use Microsoft software inside an agency with critical security needs. "We believe that for software to be truly secure it must be well written from the outset, with security considerations given a high priority," Black wrote in his letter. "Unfortunately, there is ample evidence that for many years economic, marketing and even anticompetitive goals were far more important considerations than security for Microsoft's software developers, and these broader objectives were often achieved at the cost of adequate security. "Also, from a security standpoint, the lack of diversity within a networked system amplifies the risk emanating from any vulnerabilities that do exist," he wrote. "But diversity is difficult without interoperability, and the benefits of interoperating with more robust systems can be blocked if any dominant player does not cooperate in fostering interoperability." The DHS awarded Microsoft a $90 million enterprise software deal last month, just two days after company Chairman Bill Gates met with Ridge in Washington. A DHS spokesman couldn't be reached for comment on the CCIA letter late this afternoon. A spokesman for Microsoft was also unavailable by deadline. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Aug 29 2003 - 04:26:07 PDT