Microsoft® Windows is unquestionably the most widely used operating
system collection. It has millions of copies installed on personal computers
in homes and offices throughout the world. Some statistics cite as high as
90% of the world's computers run on one or another version of Microsoft®
Windows. Many foreign mission critical governmental, defense and financial
operations depend on Windows in countries around the world.
Every operating system has its vulnerabilities. A catalogue of them for most of the popular operating systems is at: http://xforce.iss.net/.
Microsoft Windows have consistently proven to be the weakest of all the known operating systems. This can be inferred by the large numbers (too numerous to list) of viruses and Trojans which have been released over last 2 years e.g. Back Orifice, Melissa, NetBus to name a few. Experts believe that there are two basic problems which results in Windows being such such a insecure operating system--one it is based on technologies which are inherently weak, two being a closed platform it does not have the benefit of being reviewed by peers; an enormous benefit an open source operating systems enjoy.
In additions to Windows inherent weaknesses, in last few months certain facts have been uncovered by independent security experts which suggest that Microsoft may have deliberately designed windows with a software key which give National
Security Agency (NSA, US government spy agency)
eased access to every copy of windows installed anywhere, using holes in existing networking software. This makes for a possibility of a major security compromise and giving access to US government (and others) any information stored on a Windows based computer system. It can also allow
an open back door to install new or altered software, because of the
compromise of Microsoft's Authenticode technology which depends
upon the same software.
Debate regarding this has been raging over the Internet on different
forums--specifically newsgroups related to security aspects of computer
systems. To understand the risks, a person must understand just a few
computer buzzwords. Because this is such a
widespread problem, and so much information is already scattered across
the Internet about it, this article as far more than the usual number
of further information links.
Cryptography is one of most difficult aspect of computer systems to communicate to a person who is not used to going in depth on what goes on under the hood of a computer system. Simply stated, it is a a way of writing and transmitting data to keep it secret and verifiably unchanged. A simple introduction of "Cryptography" is given by Udhay Shankar: The science of secret writing.
It is the foundation of E-Commerce, and online banking. History
shows us how crucial this can be. Failure to keep sensitive information secure because of compromised Crypto is one major contributing factor to the outcome of World War II, especially in Europe. The Allies had access to most of the Axis communications, because the mechanical equivalent of today's Crypto software facilities had been broken
(compromised). The Nazis had a blind belief in the security of the
system they were using.
Here we attempt to explain as simple as possible what this security breach
is and give enough reference for the people who want to explore this issue in
depth.
Important:
TheGuide recommends that for on-line mission critical
computer systems, Windows MUST not be used.
Despite the prevalence of Windows on the computers of the world, it is not the only choice. There are many competing products which can run the same equipment. An article written for and posted on TheGuide some months ago,
About Computers, The Internet, and Alternatives
for Operating System
by Bruce Gingery
gives many of the other options, with some explanations of how they are
related to each other, and where more information is available.
There is enough evidence, as presented below, to raise
a reasonable doubt about the easy access to Windows by outside agencies and that it is incumbent on businesses, governments, and individuals to step back and analyze just how much damage could occur if information on the computer were leaked to the worst possible foe, or their software was modified undetectably to perform differently, by use of this hole, either by itself, or through combination with one of the myriad of other security holes that have already been reported as bugs in Windows.
Please note: The NSAkey episode is only one of the reasons, why Windows cannot be relied on for mission critical applications. Security in Windows 95/98 is non-existent, and that in Windows NT is better, but still not mission-critical. See the following URLs for more information on Windows NT security. See:
http://www.ntbugtraq.com
http://www.tbtf.com/resource/ms-sec-exploits.html
http://www.ntsecurity.net/security/passworddll.htm
The Problem