[Previous entry: ""] [Main Index] [Next entry: "Ask your legislator"]

02/13/2004 Archived Entry: "security through obscurity"

No pity for Microsoft: First they announce a "critical" flaw in Windows NT/2000/XP/2003, which they've known about for half a year and finally got around to fixing. Then a court decides that, for the time being, Lindows.com can keep using the "Lindows" name. Now part of the Windows NT and 2000 source code has leaked out onto the 'Net.

There are two camps within the computer security world. One believes in "security through obscurity," arguing that if the source code is kept secret, crackers won't be able to exploit its weaknesses. That's Microsoft's strategy, and we've all seen how well that works.

The other camp believes in security through openness. Their argument is that crackers are going to find your security flaws anyway -- they always turn up -- but if the source code is widely available, there are more friendly eyes reviewing the code and finding the vulnerabilities. This model works for Linux -- widely viewed to be more secure than Windows, having fewer and less critical bugs, and fixing them more promptly when they occur. It also works for OpenBSD, one of the most secure operating systems you can get for your PC.

The problem with "security through obscurity" is that, if by some mischance your source code does leak out onto the net, your first line of defense is broken. Microsoft's security policy has always been to hope that flaws aren't found, and when they are found, patch them quickly ... or not so quickly, if they can keep it quiet. That's why some computer security specialists are worried that this leak will lead to a new round of Windows attacks.

Other specialists -- including Bruce Schneier, whom I respect -- and Microsoft are downplaying the risk. You'd expect that of Microsoft; they're already losing sales because of security issues, and in the distance they can hear the first rumblings of product liability lawsuits. (And if crackers can find holes in this code after a few weeks' inspection, what does it say about Microsoft's "Trustworthy Computing" team if they haven't found those holes in several years?)

Schneier is right that openness per se does not mean compromised security. If your code is truly secure -- well designed, well coded, and peer-reviewed -- open source just lets crackers confirm that fact. But if your code is sloppily written and not subject to security audits -- perhaps like You Know Who's -- publication might expose a few unsuspected back doors.

I admit, the conspiracy theorist within me is intrigued that only NT and 2000 were leaked, not XP. Could this leak be a subtle pressure to get firms to upgrade to XP or 2003? (Other conspiracy theories are more wide-ranging, arguing that open-source programmers will look at the code, thus tainting any contributions they make to Linux, and opening an avenue for legal attack by Microsoft.)

Naaah. I think the leak (about one CD-ROM's worth) was probably due to incompetence. But count on Microsoft's finely-tuned marketing machine to milk it for whatever it's worth.

brad

Powered By Greymatter