On Guard: WinME (Maginot Edition)

Revealing APIs won't endanger U.S. defenses.

If we understand the testimony of Microsoft executives, the companys Windows code and business practices are on active duty, helping defend the United States in its war on terror.

Appearing in U.S. District Court to fight the nine dissenting states proposed tougher antitrust remedies, Jim Allchin, Microsofts group vice president for platforms, testified that requirements to share APIs and protocols with partners would invite hackers to exploit security holes known only to Microsoft and hamper the ability of the government, particularly the Department of Defense, to conduct secure computing and manage the war in Afghanistan.

Its good to know that Windows—along with the many sophisticated, costly DOD weapons systems—is standing guard. Some of our defense systems are difficult to comprehend, even by specialists, but the Windows program is simpler. Heres how it works.

Microsoft produces code, some of which contains bugs and security holes, and then waits for the flaws to be discovered by users, exploited by hackers or even penetrated by adversaries. As the flaws are uncovered, Microsoft sends out patches.

It may be a slightly imperfect system, and our national computing systems are to some extent vulnerable during the bug-fix process, but its the best we can do.

Put another way, its a good thing to have our "live" national defense systems take part as a debugging testbed for Microsoft products. However, publishing the code and exposing it to scrutiny and testing from all comers—and only deploying it once its proved to be secure—would somehow not be good enough for our country.

Its rather odd because in his testimony, Allchin said publishing APIs and exposing code to extensive peer review has proved to produce the safest code available.

There may be plausible reasons for disagreeing with the stiffer remedies proposed by the nine states, but fear that disclosure of Microsoft APIs endangers the country is not one of them.