[Am-info] Anti-Trust Remedy Threatens Security, says Allchin

Sujal Shah sujal@sujal.net
16 May 2002 19:08:51 -0400 

On Thu, 2002-05-16 at 17:29, Felmon Davis wrote:
[SNIP]
> 
> Can someone explain this one to me? It seems to me that (a) what 
> Allchin says is right, to a degree, and that (b) the implication that 
> Schultz drolly draws isn't valid.
> 
> (a) If MS 'exposes' API's then software producers can even 
> _inadvertently_ produce untoward effects esp. if they don't follow a 

[SNIP]

This is a difficult one to explain.  Allchin's point and your example
aren't the same thing.  You're talking about legitimate software vendors
using private or unpublished APIs rather than operating at the published
API level.  For example, using an IE internal function rather than the
one exposed by the IE COM classes.  This is a legitimate concern.  It
isn't however, what Allchin is talking about, and it isn't even a new
problem.  People have been doing this for whatever reason for a long
time.  This is often why smooth OS patches or upgrades cause problems
for certain classes of software (drivers, for example).

Allchin is implying that security will irreparably be damaged by a
disclosure of the IE source.  It's important to recognize the key point
in my statement.  He's playing the FUD factor by merely implying the
"irreparable" part. 

Another way of looking at this, which I believe is more accurate might
be that releasing the source code may expose insecurities that haven't
been vetted by their testing/debugging/security/Trusted Computing staff.
This will temporarily hurt security, but will eventually result in
better security as outside developers and bug hunters can also release
not just bug reports, but also suggested fixes directly to Microsoft.

> (b) Why doesn't this imply that, say, Linux is very insecure? The 
[SNIP]
> But this doesn't alter the fact that opening API's _on Windows_ (or 
> on OS/2 for that matter) would compromise stability and/or security.

It depends on your perspective.  Temporarily, they might run into
issues, but in the end it will result in stronger security, because
those professional bug hunters will have an easier time vetting the code
for Microsoft (the maximum bugtesting your alluded to).

The real objection Microsoft should be making is that even for a short
term "flood" of bugs/exploits, the cost for the computing community
would be enormous.  I believe that there will be a period of frequent
patches, but nothing that the Microsoft user community isn't already
dealing with on a regular basis.  Therefore, I don't really buy the cost
argument.  I could be convinced (I don't, obviously, have any numbers on
this).

The problem with this claim is that they would be implying or admitting
that it is likely that security flaws exist in their code.  I'm not sure
that they would ever want to say that.

Anyway, this is just off the top of my head, but I think your point is
interesting.

Finally, about the "Linux is insecure" bit, he is implying that.  He's
more than implying it, he's almost saying it outright.  But, Schultz is
on the mark there... open or closed really is orthogonal to systemic
security.  Other factors, like quality of coders, level of scrutiny from
the interested community, release schedule and type of user base have
more to do with bug reports.

Open source just tends to be more secure because it vets poor coders
(you can't hide behind a corporate name if you introduce poor code), has
a larger community of interested developers (since it's not limited to
one or several companies), and has a more technically savvy user base
(many of whom understand concepts of depth in security).   Of course,
open source developers release too often, in certain cases, and security
often lags behind the bleeding edge.  And inexperienced users who keep
upgrading can be problematic. :-)

Sujal

> 
> Where am I wrong here?
> 
> Also, there's a doc floating about purporting to be (a translation 
> of) the MS letter that prompted the Peruvian statesman's response; I 
> can't vouch for its authenticity. Should I post it here? (Or I may be 
> able to find a website.)
> 
> F.
> _______________________________________________
> Am-info mailing list
> Am-info@lists.essential.org
> http://lists.essential.org/mailman/listinfo/am-info
-- 
---- Sujal Shah --- sujal@sujal.net ---

        http://www.sujal.net

Now Playing: Fatboy Slim - Mad Flava
-- 
---- Sujal Shah --- sujal@sujal.net ---

        http://www.sujal.net

Now Playing: ABBA - I  Have A Dream