The Linux Threat
p2pnet.net News:- “The very nature of the open source process should rule Linux out of defense applications. Open Source procedures violate every principle of security. It welcomes everyone to contribute to Linux. Now that foreign intelligence agencies and terrorists know that Linux is going to control our most advanced defense systems, they can use fake identities to contribute subversive software that will soon be incorporated into our most advanced defense systems.”
The above came from Dan O’Dowd, ceo of Green Hills Software in a speech to the Net-Centric Operations Industry Forum in McLean, VA, as reported by CXOtoday.com here.
The company’s web page says it’s a, “provider of high performance compilers, software development tools and real-time operating systems (RTOS) for developers of embedded systems”.
Linux software, including contributions from Russia and China, “is spreading rapidly through the Defense Department because it can be freely downloaded from the Internet without a license agreement or up-front fees, bypassing legal, purchasing and security procedures,” says the report., going on:
“A recent survey conducted over a two-week period by the Mitre Group, found 251 Department of Defense deployments of Linux and other open source software.
“Linux has been selected to control the functionality, security and communications of critical defense systems including the Future Combat System, the Joint Tactical Radio System and the Global Information Grid.”
O’Dowd is also quoted as saying, “If Linux is compromised, our defenses could be disabled, spied on or commandeered. Every day new code is added to Linux in Russia, China and elsewhere throughout the world. Every day that code is incorporated into our command, control, communications and weapons systems. This must stop.”
Cheaper security isn’t the answer, he adds in the CXOtoday.com story:
“We need better security. One ‘back door’ in Linux, one infiltration, one virus, one worm, one Trojan horse and all of our most sophisticated network-centric defenses could crumble. We must not abandon provably secure solutions for the illusion that Linux will save money. We must not entrust national security to Linux,” O’Dowd concluded.”
April 12th, 2004 at 6:44 pm
I guess thats why they call it open source? So they can go over the code themselves? …
April 13th, 2004 at 1:48 am
One ‘back door’ in Linux, one infiltration, one virus, one worm, one Trojan horse and all of our most sophisticated network-centric defenses could crumble..
What about the thousands of malicious programs for Windows? And the leak of the source code…. one back door or 20,000 backdoors, spyware, viruses, and worms. Don’t get me wrong, the man makes some very interesting points, but come on, don’t pull the “back door” card, as if no other OS has exploits.
“If Linux is compromised, our defenses could be disabled, spied on or commandeered”
Another good point, but Windows is compromised on a daily basis. So the defense department uses Linux, great, now hire a couple of developers, and have them scan though the code before implementing. With Linux, you know what you are getting, and yes, you have the choice not to install it. With other OSes, you have what comes with it, no choice, not even a peek at the code that makes it all work.
In short, no platform will be free of exploits, holes, and malicious software, but with open source, at least the active developer can do something about it.
April 13th, 2004 at 7:34 am
I guess, Dan O’Dowd is too disturbed or does not actually understand the meaning of open source.
And US armed forces are not the only ones. I recall having seen Slackware distro, in 1997, being used by russinas for missile control computers.
I shall be eternally grateful to some one who can talk to Dan and make him understand the value/meaning of Linux.
Or am I wrong. Is Dan perpetuator of M$ FUD???
April 13th, 2004 at 2:28 pm
Nah… its not only MS that engages in FUD, after all.
This guy is seeing Linux as a new competator in his own market Real Time Operating Systems used for embedded devices. Its looking increasingly as though Linux will take this particular market over — not the 2.6 kernel itself, of course, but derivative compatible kernels built using 2.6 as a base.
MS has made some timid inroads in this area, but simply has not shown that much interest in it. I think we just have a guy who is frightened by new competition in an industry that was previously pretty insular.
April 13th, 2004 at 2:32 pm
Dan seems to be “riding the wave” of FUD that others have started, without trying to give his statements any meaningful direction, other than to alarm and cause concern.
Instead of over-reacting and saying “this must stop”, he should be taking advantage of his time in the limelight and offering a solution such as:
“rather than allow this type of practice to continue, more stringent
software implementation and integration processes need to be
adopted. While this is not guaranteed to eliminate the potential
threat posed by the un-controlled introduction of OpenSource
code into a sensitive environment, it _will_ allow us to better track it’s
adoption and from there, it’s potential impact to the projects in which
it’s already being used”
[Bottom Line]: Instead of blaming the technology, blame the process, fix the procedures, and review, review,review.
It’s either that, or only grant SSO’s the ability to download new code and don’t allow any downloads by unauthorized (non-SSO types) personnel.
’nuff said