Re: Microsoft wins Homeland Security Bid ( Reuters)

[yossarian <yossarian () planet nl>]

The point I am missing here - we might not like M$ to have won, but who else
could? It is a government, so think big companies. Would you rather it was
Symantec or IBM? Or think about the big systems integrators EDS and CSC
style <yuk> would that be much better? Smaller players like Veridian or
Secureinfo - would we be served any better if they could actually make
themselves credible? Nah, don't think so - it was bound to be a big one. Big
organisations want big suppliers....

And think again, elections are coming up and funding is needed.

Of the companies I named, IMHO most would be worse than M$, so let's just
forget about the general dislike of Outlook and ActiveX and be realistic.
There is a wunderfull saying in dutch that roughly translates to "the devil
allways dumps on the big heap". And we all know that big heaps tend to smell
funny.

yossarian

----- Original Message -----
From: "Jason Coombs" <jasonc () science org>
To: "Brad Bemis" <Brad.Bemis () airborne com>;
<full-disclosure () lists netsys com>
Sent: Wednesday, July 16, 2003 9:55 PM
Subject: RE: [Full-disclosure] Microsoft wins Homeland Security Bid (
Reuters)


> Aloha, Brad.
>
> Nice essay. However, you miss the point entirely. It is inappropriate to
give
> Microsoft the benefit of the doubt.
>
> U.S. taxpayer money literally pours into Microsoft's coffers, the present
> contract win being just one example. In return, U.S. citizens receive a
> government that is unable to comprehend the most basic of information
security
> concepts because the computing platform used by so much of the U.S.
government
> is substandard and the vendors more concerned with appearances than
provable
> security.
>
> > Microsoft products can actually provide a great deal of security
> > (so long as you can implement an effective patch management
> > solution on top of your host hardening procedures).
> ...
> > Microsoft is going to work very hard with the DHS to provide a
> > secure baseline
>
> Microsoft will have to work hard, because they'll be working against
> themselves more than anyone else, and they are a formidable adversary.
Perhaps
> you do not understand what Microsoft did when they designed their
"Baseline
> Security Analyzer" software... By design this software performs as little
> scanning as possible so that the results of its analysis more often reveal
> "your baseline security is great!" -- they intentionally crippled this
tool's
> capabilities, giving admins a false sense of security and contributing to
the
> emergence of SQL Slammer. You're saying that you wish to both forgive them
> (and obviously, forget their past bad acts) and presume that they will
never
> do such a thing again... I sure hope you don't vote and that you never
find
> yourself burdened with the power to make important decisions.
>
> > security is a process, not a product.
>
> The first step in this process is to select technology and vendors that do
not
> actively work against the interests and requirements of security.
>
> > Comments stating that Microsoft will be incapable of providing an
> > appropriate service (or at least a service comparable to any
> > competitor in the marketplace) are biased and without merit.
>
> There is nothing wrong with bias; in fact, it is an essential security
> countermeasure.
>
> You are correct, though, that comments stating that Microsoft will be
> incapable of providing an appropriate service to the U.S. government are
> without merit -- provided that Microsoft selects Linux as the OS and
minimizes
> the number of features and the amount of software they deploy, they surely
are
> capable of providing a service that is comparable to any competitor in the
> marketplace. They're smart people. The problem is that these smart people
are
> forced to haul around a stinking mess of insecure code in order to advance
> their corporate brand marketing interests every time they do a job. This
is
> just plain harmful, and it has no place in government computing paid for
by
> taxpayers.
>
> Sincerely,
>
> Jason Coombs
> jasonc () science org
>
> -----Original Message-----
> From: full-disclosure-admin () lists netsys com
> [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Brad Bemis
> Sent: Wednesday, July 16, 2003 6:22 AM
> To: full-disclosure () lists netsys com
> Subject: RE: [Full-disclosure] Microsoft wins Homeland Security Bid (
> Reuters)
>
>
> I find it interesting that so many negative comments have been made about
> this.
>
> ...
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html