I'm perfectly willing to believe Stratfor's full of it here, but please, Chuck or JC, do unravel their tangle a bit.
Carl ----------
Okay, but remember, you ask. My dilemma was where to start and how to position a point of view. I am still wondering. After enough obfuscation and in a world of cons and lies, it may be impossible to compose a coherent, linear, and rational response. I suppose this is the ultimate point to big lies.
First, let's go back to how MS and their version of a PC ended up in almost every office. They are cheap; cheap, relative to the mainframe, workstation, and skilled computer staff model. Better hardware, software, and more skilled, more knowledgeable people were always available, but they cost more. So that's number one. Almost all the business and government nightmares with computers flow from this base. PC's running MS are essentially consumer toys and were designed that way: cheap, ubiquitous, disposable (read: no user serviceable parts inside, use once and throw away). Likewise with the personnel. But the costs avoided, are just costs transferred somewhere else. Business and government got just what they paid for: cheaper labor, shitty equipment, crapy software.
This goes to the Summary part of the article, ``The real problem the United States and much of the world faces is that people are overwhelmingly dependent upon a single computer operating system that is exceedingly vulnerable to even simple attacks.''
Read the label boys. It says, capitalist pigware: disposable toy, no user serviceable parts inside.
>From the fourth paragraph of the analysis section,``It used to be
possible for a brilliant but unstable person to wreak havoc. Today, a
not particularly bright crackpot can achieve the same outcome.''
The internet was never secure and never will be, or if it becomes so, it will be useless as a communication system. Security and communication are fundamentally incompatible.
In the dark ages of fall 1979, I borrowed a thermal paper terminal with phone cups and logged onto the arpanet and explored at random, discovering I could go anywhere from air force bases in Asia to computer labs in London. I met somebody on-line playing games and they showed me how to log into MIT to play some game there. The route went from LHS Berkeley to Ames Research, and from there to MIT--coast to coast, toll free, for hours on end. I had no idea who my game partner and arpanet guide was until I ask what he was getting his family for Christmas. He misunderstood the question and said he was hoping to get new sneakers! Hmm. Then I asked how old he was assuming he was maybe late high school, early college. He was twelve! His approach to the arpanet was the same as that of D&D: what are the tricks to open the doors and get to the next level, where are the bad guys, what are their weapons, how can I score? By the time Clifford Stoll's book, `Cuckoo's Egg' came out in 1989 there was no mystery. Now if twelve year olds were cracking the arpanet twenty years ago, what on earth makes any one in business or government believe cyberspace isn't a complete circus?
Oh well, moving on. ``The vulnerability of these systems stems from the simple fact that they were never intended to be the center of such dependency''. No. Their vulnerability and dependency stems from the fact they are a communication medium available to the public through telecom systems.
``...the PC was to be a functioning system that provided the user unfettered access to his data, programs and even the operating system.''
No. The OS was turned into a closed black box so it could be sold as a product. This is the core idea behind MS and the software industry. Take the OS and all the programs, close them up by selling only the executable binaries and try to copyright those. Limit access to a few meaningless tweaks of the output. Therefore the system produced was essentially non-functional from a traditional point of view. Hence a consumer toy. The consumer concept derives from the idea of a traditional idiot user--give them very controlled and limited access to the functional components of the hardware and software. Security in this context takes the form of keeping the core system out of range of the user. Turned around in the commercial market, this means making black box software that is immutable, inaccessible, and not serviceable. Security priorities are directed toward protecting the commercial interest of the producer of the so-called product, not to the security of the user or user data.
``Out of this primitive connectivity [Bitnet], came the explosion of the World Wide Web...But the PC was never intended for this purpose - it was created for a single user. Efficient usage meant that much of the function of the operating system was hidden from the user''
First of all there were a variety of PC-like devices around that evolved out of network terminals and workstations. So the conceptual PC was disconnected from a network in order to make it a stand alone consumer product. On the other hand, modems predate PC's and were immediately used to re-connect the PC back to networks.
In about 1984-5, I came home from work one Friday night to find my kid and his little computer wiz buddy (eighth graders) with a cardboard box full of phone and computer parts in the middle of the floor. They had what looked like a trashed NorthStar (anybody remember those?) and were logging into Bitnet and bulletin boards. I thought it was cool, until I got the phone bill. For a flavor of this era try:
(http://www.geocities.com/SiliconValley/2260/vmcom11.html)
Go down to about page 6 and read to page 12. It explains e-mail and file transfers on CMS and cautions about abuse of both in 1984-5. For a rough tech history outline see:
(http://info.isoc.org/guest/zakon/Internet/History/HIT.html)
The PC was just a modem and an eighth grade imagination away from some kind of public network. Given that potential, it seems that MS kept the bulk of PC's from exploding into public network systems from the start. And, obviously hiding the OS has nothing to do with user efficiency (see above).
I am more or less convinced that the halt in PC development toward open public networks in the early to mid-eighties was a consequence of MS's inability to figure out how to control that development and profit from it. Therefore all the DOS based software needed like terminal emulation, modem scripts, protocols, remote logins, telnet and so on were developed outside MS.
It's important to remember that IBM was a business threat who dominated networks (via bitnet, vax/vms, unix, etc), so the whole direction MS took was away from networks, remote connections and so on. And as for the early nineties (Gore 1) idea that privatization of this public communication medium would some how fuel an innovative explosion, notice in the history outline above, most of the technical specs and standards, along with the organizational infrastructure fades from notice after the early nineties, under the mass of commercial crappola, i.e. the transformation from public communication media to commercial driven edu-tainment channel. But, I digress.
``Also, in the interest of ease of use, the different applications became more tightly integrated with each other and within the file system.''
No. The relationship of application to OS is part of MS strategy to monopolize the application market, which is why they were convicted of high crimes and misdemeanors against capitalism. File formats, custom data structures, lack of conversion tools, restriction of information on i/o requirements of the OS and other means were used to destroy competitive software applications. Remember what happened to WordPerfect, Lotus, dBase?
``The outcome, of course, was the Microsoft-driven computer of today where the word processor, spread sheet, e-mail package, web browser and file system are intimately connected''
No. None of these packages are connected in any structurally dependent way. They are in fact purposefully disconnected so that they can be sold piece meal. However, the MS versions all work well with MS's OS due to in-house collusion.
``As a result, it is difficult today to figure out exactly what is going on inside your own computer. The integration of processes obfuscates the operating system.''
No. MS obfuscates what's going on so as to protect its monopoly. And of course there is no integration of processes.
All I have to do to find out what's going in unix is type either `top' or `ps aux' and I get a list. With `top' (table of processes?) every active process and all those in the background are displayed in real time ticks on the screen or in one window. It looks like this:
last pid: 1145; load averages: 0.47, 0.17, 0.06 up 0+13:00:32 00:11:01 48 processes: 3 running, 45 sleeping CPU states: 4.2% user, 0.0% nice, 1.9% system, 0.0% interrupt, 93.8% idle Mem: 31M Active, 14M Inact, 14M Wired, 8136K Cache, 8340K Buf, 1312K Free Swap: 202M Total, 900K Used, 201M Free
PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND
368 cgrimes 2 0 2464K 1304K select 0:04 4.20% 4.20% xterm
343 cgrimes 2 0 13064K 8980K RUN 2:56 2.00% 2.00% XF86_S3 1145 cgrimes 2 0 2164K 1476K select 0:00 0.23% 0.10% xclipboard
412 cgrimes 2 0 8208K 5704K select 4:25 0.00% 0.00% xemacs-21.1.9
.
.
.
The first process, xterm was the window I used to type in the command `top'. XF86_S3 is the video display server under X, the xclipboard is were I pasted the above text from the display window, before I pasted it here in xemacs. The other 44 processes were cut to keep this short.
If some process has taken over the CPU, I can kill it with `kill -9 pid#' and that's hopefully the end of that fucker. So the blue screen of death is an MS feature. And, it is a feature, not a bug. The feature is a self-destruct signal like `kill' evoked by the OS on itself. But it is a feature that is put there because if the OS provided a process table like the above, then the commercially imposed `black box' disappears, and the operating system becomes transparent. The OS is under no confusion and there is no problem at all providing some kind of ascii translation of internal registers. The opaque wall was put there to hide the OS so as to keep it proprietary and keep software competitors from producing applications, OS add-on utilities and other things that MS couldn't control and profit from.
``Microsoft triumphed because it provided for the easy exchange of files within the PC and between PCs.''
No. MS became a monopoly by preventing the easy exchange of file formats and ruined industry standard formats and protocols with the `embrace and extend' strategy.
``The Microsoft operating system took advantage of connectivity opportunities. Once the computer became connected, it was no longer under the sole control of the owner...''
No. Their OS was designed specifically to stand by itself disconnected from networks and provide none of the network connection services or protocols required, remember? After the fact, some limited provisions were put in by competitors. Then MS discovered the network market, but Novell and others had already done that, so MS put out NT and systematically tried to undermine existing server protocols, services and communication. As of Win95, connectivity was still produced by competitors or provided by isp's like AOL. (I have no idea what Win98 or Win2000 are like, since I stopped using MS entirely after Win95).
Since the lowly owner never controlled his/her own box in the first place, thanks to MS, hooking it up with a modem was hardly a turning point.
``The structure of the Microsoft OS made it extremely difficult to deal with maliciousness for two reasons...''
No. There is only one reason. The OS is a black box that was made to be unserviceable. It's produced as binary and is immutable. So it either works or it doesn't.
``Finding these tiny bits of malicious code on a server is mind-numbingly difficult...There is some software designed to detect this code. But it needs to be installed by people who are concerned with damage to other servers - altruism that is fairly rare.''
No. It's hard, but it's done everyday, all day by sys ads all over the world. And software patches for security holes are written daily, put up, downloaded and installed in mail, news, and file transfer software all day long--in the unix world. A similar system is run under NT, but every service call to MS costs plenty and companies pay through the nose for for service contracts. Altruism has nothing to do with any of it.
``Interoperability and interconnectivity were created without regard to security. And there can be none without transparency. You can't be secure if there is no method for knowing what is happening in your operating system. It is a perfect environment in which viruses can flourish.''
Well, this is mostly correct, but for the wrong reason. As to interoperability and interconnectivity, note the MS-speak flavor of these words. These words would have no meaning, if there were only network systems, because communication between points on a grid means point A is connected to B, just as B is connected to A. So, what?
Security and communication are fundamentally incompatible and were always at odds. The whole point to network maintenance requires access to source code to apply patches to security holes, limit out of control programs that hog resources, fix what's broken, filter out spam, and improve performance, etc, etc. None of this is possible in the MS world, except through the medium of binary patches that are applied blind under a service contract.
The MS black box mentality defeats transparency--you can't fix a binary, and therefore it is vulnerable to crashes from all kinds problems.
It's late and this is already too long. But you ask. A system administrator would do a lot better on the detail.
Chuck Grimes