Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : LINUX -- Ignore unavailable to you. Want to Upgrade?

To: Rusty Johnson who wrote (2437)	8/19/2002 5:19:43 PM
From: Rusty Johnson	Read Replies (1) \| Respond to of 2617

Did MS Lobbying Stop NSA Work On SELinux? news.com.com A better Linux Strong support for the open-source operating system within the government came from a surprising quarter in early 2001 with the release of Security-Enhanced Linux from the National Security Agency, which for decades stymied researchers' and technology companies' efforts to create broadly available strong encryption. SE Linux adds military-strength architecture improvements to Linux, the most obvious security improvement being mandatory access controls, or MACs, based on technology developed by Secure Computing Corp. The Cyberspace Policy Institute plans to also add authentication and key management features to the operating system. Such technologies make computers much less susceptible to attacks. Mark Westerman, managing partner with network consultant Westcam, installed the SE Linux access controls on a critical server for one of his customers after a common security flaw, known as a buffer overflow, allowed a hacker to take control of the company's server. Westerman configured the access rules but left the buffer overflow unpatched on the server as a test. When the hacker came back a second time to the server and attempted to gain control of the process, the access controls limited what the attacker could do. Instead of taking control of the computer, the hacker could only crash the service that had the buffer overflow, but did no other damage. "With the access controls, the customer doesn't have to worry about the next buffer overflow that comes along," said Westerman at a panel discussion at this week's LinuxWorld Conference and Expo. "SE Linux gives you military grade security at open-source cost." Microsoft vs. the NSA SE Linux may be the NSA's last direct contribution to open-source security, however. Because of loud criticism, the NSA will have a far less direct role in the creation of more secure versions of open-source software. "We didn't fully understand the consequences of releasing software under the GPL (General Public License)," said Dick Schafer, deputy director of the NSA. "We received a lot of loud complaints regarding our efforts with SE Linux." Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business. While stressing that the agency received a loud chorus of support as well, the chagrined Schafer said that the issue was contentious enough that "we won't be doing anything like that again." Sources familiar with events said that aggressive Microsoft lobbying efforts have contributed to a halt on any further work. "Microsoft was worried that the NSA's releasing open-source software would compete with American proprietary software," said a source familiar with the complaints against the NSA who asked not to be identified. Microsoft would not comment directly on its lobbying efforts, but did stress that it wanted to ensure the government continued to fund commercial ventures. "The federal government plays an important role in funding basic software research," said a Microsoft representative. "Our interest is in helping to ensure that the government licenses its research in ways that take into account a stated goal of the U.S. government: to promote commercialization of public research." The debate over whether the government should fund open source projects has been raging for some time. In July, MITRE, a defense contractor and think tank, released a much-awaited report sponsored by the Department of Defense endorsing the use of open-source software in the government. "Open source methods and products are well worth considering seriously in a wide range of government applications," the report concluded. After news of the favorable report leaked out in May, a second report appeared in early June from the Alexis de Tocqueville Institution, a newcomer to the open-source debate, calling such software insecure. A press release preceding the report breathlessly announced "open-source software may offer target for terrorists." Many critics have claimed that Microsoft funded the report, but a Microsoft representative denied that charge, saying that while the software giant does fund the institution, it doesn't fund any specific research.