The Guide

Home

Search

Forum

Feedback

Credits

About Raj

Security Issues with MS Windows


*
 Introduction
*
 The Problem
*
 Why is this Misleading?
*
 So How is security breached?
*
 Can Things get shoddier?
*
 Other Resources
*
 Analysis and comparison with NSA guidelines
*
 World Class Authority
*
 Conclusions
*
 Further links for Reference


Has Microsoft Betrayed the Trust of Millions of Window Users?

Read about the questions around the world!

by TheGuide

Microsoft® Windows is unquestionably the most widely used operating system collection. It has millions of copies installed on personal computers in homes and offices throughout the world. Some statistics cite as high as 90% of the world's computers run on one or another version of Microsoft® Windows. Many foreign mission critical governmental, defense and financial operations depend on Windows in countries around the world.

Every operating system has its vulnerabilities. A catalogue of them for most of the popular operating systems is at: http://xforce.iss.net/.

Microsoft Windows have consistently proven to be the weakest of all the known operating systems. This can be inferred by the large numbers (too numerous to list) of viruses and Trojans which have been released over last 2 years e.g. Back Orifice, Melissa, NetBus to name a few. Experts believe that there are two basic problems which results in Windows being such such a insecure operating system--one it is based on technologies which are inherently weak, two being a closed platform it does not have the benefit of being reviewed by peers; an enormous benefit an open source operating systems enjoy.

In additions to Windows inherent weaknesses, in last few months certain facts have been uncovered by independent security experts which suggest that Microsoft may have deliberately designed windows with a software key which give National Security Agency (NSA, US government spy agency) eased access to every copy of windows installed anywhere, using holes in existing networking software. This makes for a possibility of a major security compromise and giving access to US government (and others) any information stored on a Windows based computer system. It can also allow an open back door to install new or altered software, because of the compromise of Microsoft's Authenticode technology which depends upon the same software.

Debate regarding this has been raging over the Internet on different forums--specifically newsgroups related to security aspects of computer systems. To understand the risks, a person must understand just a few computer buzzwords. Because this is such a widespread problem, and so much information is already scattered across the Internet about it, this article as far more than the usual number of further information links.

Cryptography is one of most difficult aspect of computer systems to communicate to a person who is not used to going in depth on what goes on under the hood of a computer system. Simply stated, it is a a way of writing and transmitting data to keep it secret and verifiably unchanged. A simple introduction of "Cryptography" is given by Udhay Shankar: The science of secret writing.

It is the foundation of E-Commerce, and online banking. History shows us how crucial this can be. Failure to keep sensitive information secure because of compromised Crypto is one major contributing factor to the outcome of World War II, especially in Europe. The Allies had access to most of the Axis communications, because the mechanical equivalent of today's Crypto software facilities had been broken (compromised). The Nazis had a blind belief in the security of the system they were using.

Here we attempt to explain as simple as possible what this security breach is and give enough reference for the people who want to explore this issue in depth.

Important:
TheGuide recommends that for on-line mission critical computer systems, Windows MUST not be used.

Despite the prevalence of Windows on the computers of the world, it is not the only choice. There are many competing products which can run the same equipment. An article written for and posted on TheGuide some months ago,

About Computers, The Internet, and Alternatives for Operating System  by Bruce Gingery

gives many of the other options, with some explanations of how they are related to each other, and where more information is available.

There is enough evidence, as presented below, to raise a reasonable doubt about the easy access to Windows by outside agencies and that it is incumbent on businesses, governments, and individuals to step back and analyze just how much damage could occur if information on the computer were leaked to the worst possible foe, or their software was modified undetectably to perform differently, by use of this hole, either by itself, or through combination with one of the myriad of other security holes that have already been reported as bugs in Windows.

Please note: The NSAkey episode is only one of the reasons, why Windows cannot be relied on for mission critical applications. Security in Windows 95/98 is non-existent, and that in Windows NT is better, but still not mission-critical. See the following URLs for more information on Windows NT security. See:
http://www.ntbugtraq.com
http://www.tbtf.com/resource/ms-sec-exploits.html
http://www.ntsecurity.net/security/passworddll.htm

The Problem [Next]


Copyright © 1999 Dr. Raj Mehta. All rights reserved.