Group: Security hurt by Microsoft monopoly

"CyberInsecurity: The Cost of Monopoly"

Microsoft Corp.'s dominance of the operating system market presents the government with a serious security risk, according to a white paper published late last month by the Computer and Communications Industry Association (CCIA).

The report, titled "CyberInsecurity: The Cost of Monopoly" and written by seven experts in technology security, argues that the complexity of Microsoft's products and the company's unwillingness to provide interoperability locks the government into a system that, once hacked or penetrated, is vulnerable.

"Most of the world's computers run Microsoft's operating systems; thus, most of the world's computers are vulnerable to the same viruses and worms at the same time," the report reads. "The only way to stop this is to avoid monoculture in computer operating systems, and for reasons just as reasonable and obvious as avoiding monoculture in farming."

Ed Black, president and chief executive officer of CCIA, said three points make Microsoft's dominance of the government market dangerous: ubiquity, complexity and lack of interoperability.

"The problems are much, much worse given the complexity of Microsoft's products and the flaws in them," Black said. "Because the government is locked in to using Microsoft products, it's hard for others to be introduced [into] an environment that doesn't offer much in the way of interoperability."

Dan Geer, chief technology officer at @stake Inc. and prime author of the paper, said the authors were courageous in swimming against the current to offer their opinions.

"This was an act of professional responsibility on the part of six brave people," Geer said. "We aren't the only people who feel this way, but we felt we needed to say something about it and attach our names to it."

Microsoft officials brushed aside the report, saying the company's products, although never entirely secure, offer the federal government the most complete and valuable software solutions available.

"Microsoft considers security for all of its customers — from government entities to individuals," said Sean Sundwald, a Microsoft spokesman.

Jim Prendergast, executive director of Americans for Technology Leadership, a Washington, D.C., consortium dedicated to limiting government regulation of technology, said CCIA's position has always been against Microsoft and the white paper is another swipe at the company.

"Microsoft has problems, as do other applications," Prendergast said. "But everybody knows who Microsoft is. This is an issue that shouldn't be politicized. CCIA is just obsessed with Microsoft."