How to obtain safe and sound computers?

Microsoft and the Cult of the Dead Cow. Microsoft had a problem. The `Windows' operating system is weak in deployment in large organisations. It has become essential for the IT staff of a company to be able to remotely manage the hundreds of computers spread over a large company, without needing to physically be in front of each of them when administrative tasks have to be performed. This is difficult using MS Windows.

The Cult of The Dead Cow is a non-profit group with a sense of humour. They released a remarkable product named `Back Orifice' which accomplishes many of these functions (the name of their product is a joke on the product from MS named `back office'). Back Orifice is a useful tool, allowing many administrative tasks to be done remotely. Back Orifice is available at zero cost, including the complete source code (which you can read, study, and improve). It works for both the traditional MS Windows and for their `New Technology' (NT) variant.

The only problem in this happy picture is that Back Orifice is a security disaster.

Back Orifice accomplishes these useful tasks by destroying the "computer security" that MS Windows is supposed to have. Anyone can install Back Orifice, without any authorisation, and remotely `administer' all MS Windows computers on his network (adding new users, trashing hard disks), regardless of the security checks that might exist in trying to prevent this.

This is acutely embarassing. For a decade, Microsoft has been trying to tell the world that it has grown out of its roots in trivial word processing and is now ready for serious, corporate computing. It has spent around ten billion dollars in trying to get there. That a program like Back Orifice can be written is a slap in the face.

The Competing Challenges. Stung by these failures, MS put a machine on the Internet, running the newest version of it's yet-to-be-released `Windows 2000' operating system, which is now being sold as the answer to all the weaknesses of MS Windows. MS challenged crackers from all over the world to break into it. Within three days the machine had crashed nine times, and crackers managed to break in.

Microsoft's competition is enjoying this. A few hours after Microsoft's challenge was announced, a Unix company matched it, with a greater reward: they offered to gift the computer to anyone who managed to break into it. Their machine, which runs a free implementation of Unix called Linux, withstood thousands of attacks without crashing or a breach of security.

What is going on here? What is the deep reason which explains the persistent failure by Microsoft to address the critical problem of security?

Microsoft has its roots in doing simple operating systems for non-critical tasks. A deeply rooted "one person, one machine" assumption derives from these roots. The user interface of MS Windows is wired right into the core of the operating system. That is how hostile programs (e.g. Back Orifice) can reach deep into the operating system core and infect it.

It is only a few years ago that Microsoft realised that there was no alternative but to jump into the Internet bandwagon, and take computer networks seriously. Instead of pondering the design of software for a networked environment, Microsoft tried to compete in the area of the Internet with its old product range, old skills, and old culture.

We can imagine furious "How Do We Get Out Of This Crisis" meetings taking place in Microsoft, as the security disasters shape up in the public eye. However it is hard to even estimate the cost of solving the problems. Many programs (such as MS Office) depend on the lack of security of MS Windows. The fact that the source code of MS Windows is not publicly scrutinised implies that a wide variety of subtle and unsubtle security flaws are likely to persist for longer.

The competitor, Unix, was designed from the ground up in an environment where (a) several people used the same machine, and (b) all computers were connected up in a network. The user interface of Unix is separated from the core, and the core itself is carefully protected from being touched by ordinary programs. This is why we don't see viruses for Unix. Any of the Unix flavours are immune to viruses, or to Back Orifice.

The Internet did not come as a surprise for Unix since the Unix community invented the Internet. The design of Unix and the Internet have gone hand in hand, with computer security being built in from the basic design stages. The Unix community has been able to tap into higher quality talent owing to strong links with the research and hacker communities.

Attacks over email. Around two years ago, connecting insecure systems inside an organisation to the net was achieved using a "firewall". The idea was to shield the low-grade security (e.g. owing to the use of Microsoft software) from the dangers of the Internet by putting an intervening buffer, which could be a computer running Unix. The firewall could be trusted to fend off attackers over the Internet, and the internal network would continue in its insecure practices.

This is obviously dangerous insofar as attacks by individuals inside the company are concerned. Imagine what one of your co-workers could do using Back Orifice. However, it did give a sense of peace to organisations who felt that they could continue to use software from Microsoft while benefiting from Internet connectivity.

This picture has become considerably more bleak owing to the rise of email attachments. If a MS Windows user clicks on the attachment to an email, he can unleash a virus which could bring down the entire company. Email flows through the firewall and is delivered to computers anywhere in the company; hence putting a firewall at the gates is of no use in blocking viruses that get inside riding on email.

Two years ago, the central problem in computer security was attacks to computers running Microsoft software over networks, and firewalls were adequate in blocking these. Today, the central vulnerability is email-based attacks on computers running Microsoft software. It is not possible to reliably block these.

A recent estimate for firms in the US places the costs owing to software viruses as being at $8 billion in the first half of 1999. This is more than the figure for all of 1998. These costs will escalate in the future. Every company in India has experienced problems with viruses; I know of even companies in the computer industry being brought to a standstill for several days owing to viruses. The extent to which MS Windows is used in the securities markets infrastructure in India (e.g. NSE, NSDL) is a vulnerability for our financial system.

The way forward. Back Orifice, Melissa, etc. all have one thing in common: Microsoft Windows. Today, every organisation seeks to embrace the Internet, so blocking email is not a practical option. Hence, organisations should look at adopting one of the alternatives to MS Windows.

Back up to Ajay Shah's media page