[Am-info] Anti-Trust Remedy Threatens Security, says Allchin

Felmon Davis davisf@union.edu
Thu, 16 May 2002 17:29:35 -0400 

On Thursday 16 May 2002 03:15 pm, Fred A. Miller wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Anti-Trust Remedy Threatens Security, says Microsoft Exec
> Microsoft's senior vice president for Windows Jim Allchin says
> the proposed anti-trust remedy - which includes making public the
> source code to Internet Explorer -- would threaten the security of
> the software; as more technical information about the systems is
> disclosed, creators of malware would have more insight into how
> they work. Additionally, copy protections could be circumvented,
> allowing for the dissemination of pirated movies and music.
> http://zdnet.com.com/2100-1104-901088.html
> [Editor's (Schultz) Note: Mr. Allchin certainly has a vivid
> imagination. If what Allchin says is true, then open operating
> systems such as OpenBSD must be compromised proportionately far
> more than are Windows systems, something that is not even close to
> being true.]
>

Can someone explain this one to me? It seems to me that (a) what 
Allchin says is right, to a degree, and that (b) the implication that 
Schultz drolly draws isn't valid.

(a) If MS 'exposes' API's then software producers can even 
_inadvertently_ produce untoward effects esp. if they don't follow a 
certain regimen. I thought that's why MS has gone to such length to 
have some kind of 'registration' for device drivers. Doesn't it stand 
to reason that the more open the system is, the more possibility 
there is for instability (with further implications for security) -- 
unless a certain regimen is enforced?

(b) Why doesn't this imply that, say, Linux is very insecure? The 
operating system _itself_ enforces a certain regimen. With file 
permissions, memory protection, etc., there's only so much a bit of 
software can do (unless run as root). Finally, Open Source allows for 
maximum bugtesting (and removal) while proprietary software restricts 
the scope of debugging to the owners of the software and of the 
operating system.

But this doesn't alter the fact that opening API's _on Windows_ (or 
on OS/2 for that matter) would compromise stability and/or security.

Where am I wrong here?

Also, there's a doc floating about purporting to be (a translation 
of) the MS letter that prompted the Peruvian statesman's response; I 
can't vouch for its authenticity. Should I post it here? (Or I may be 
able to find a website.)

F.