Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Allchin Raises the Bar in Arrogance

    By
    Peter Coffee
    -
    May 8, 2002
    Share
    Facebook
    Twitter
    Linkedin

      Bill Gates is a tough act to follow, but Platforms Group VP Jim Allchin managed to raise the bar still higher in Microsofts drive to insult every possible party—including customers and partners, as well as the courts and its competitors—in the course of its antitrust defense.

      Two weeks ago, Gates testimony in the U.S. District Court suggested that PC makers would maximize short-term profits by selling defective products, incapable of performing the tasks for which they were bought, unless they were constrained by Microsofts benevolent dictatorship. The court record shows the opposite to be true: it was Microsoft, for example, that demanded Hewlett-Packards removal (Findings of Fact, paragraph 214) of an alternative introductory interface for new users, resulting in higher user support costs and an increased rate of PC returns to retailers.

      This week, Allchin implied that Microsofts security problems signify the weakness of existing technologies—as opposed to Microsofts implementations—and that future security can only be achieved by Microsoft innovations that are not subject to public disclosure or peer review. In the process, though, he flies in the face of proven encryption practices by defending, for example, the use of digital content rights management technologies that embed decryption keys in hardware products.

      Paragraph 23 of Allchins testimony, as analyzed by cryptography authority Bruce Schneier (CTO of Counterpane Internet Security Inc.), accurately describes the problem of digital rights management—but then, with its endorsement of “obfuscation” techniques, “claims that a solution that doesnt work will fix it,” in Schneiers words; “Every digital rights management system has been broken, and will be…theres no way to hide the key.

      “What [Allchin] seems to be saying,” added Schneier, is “We dont have time to wait for review, so we have to publish lousy stuff.” Schneier argues the opposite case: “Even if you must invent, and cant wait, you should publish—because then its discussed, instead of being broken in secret.”

      In paragraph 30, Allchin asserted: “The more creators of viruses know about how anti-virus mechanisms in Windows operating systems work, the easier it will be to create viruses to disable or destroy those mechanisms.” It didnt take inside knowledge for the Melissa attack to disable the anti-virus tools in Microsoft Office: All that was needed was a script that called widely published APIs, but that is not an argument against disclosing future APIs. It is, rather, a demonstration of a flawed design that fails to define distinct privilege levels for the system, for the user, and for untrusted foreign code.

      The worse the design, the stronger the moral as well as the technical imperative for full disclosure: obfuscation is, at best, a temporary defense against such flaws, and a temporary defense is only good enough if a vendor plans to produce a steady stream of flawed but novel technologies. As a tool for maximizing vendor revenues, this may make sense—but only until IT buyers catch on.

      Allchin practices additional obfuscation in the matter of Microsofts support for open standards. He praises SOAP in paragraph 58, and UDDI in paragraph 60; a few breaths later, in paragraph 63, he says that “Each of the standards essential to the .NET platform is available to the industry at large. Microsoft does not own those standards or control their development.” And yet, UDDI 2.0 carries only a guarantee of “reasonable and non-discriminatory” licensing terms, rather than the royalty-free licensing that has been the distinguishing feature of Web standards to date; crucial security protocols proposed for SOAP are likewise yet to be opened to royalty-free use.

      We would be remiss if we failed to acknowledge Allchins valid points. Yes, Microsoft has done an outstanding job of paving the way for Web services development in its newly released Visual Studio .Net, and Sun Microsystems has left itself open to criticism with its failure to pursue a clear path toward a neutral standards bodys control of the Java platform. Yes, Microsofts own implementations of Java have often set the standard for performance and even for their support of the full provisions of Suns specifications.

      Overall, however, the thrust of Allchins testimony—like that of Bill Gates before him—is that Microsoft knows best, and that the government and the industry should allow the company to continue with business as usual. Whether the topic is the technology and practice of security, the openness of Internet standards, or the freedom and vigor of IT competition, Microsoft management must be made to understand that business as usual is the last thing that its customers will accept.

      Peter Coffee
      Peter Coffee is Director of Platform Research at salesforce.com, where he serves as a liaison with the developer community to define the opportunity and clarify developers' technical requirements on the company's evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter company's first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×