World Governments Choosing Linux for National Security
By Jim Krane, The Associated Press, 3 December 2001
Dec 03, 2001—NEW YORK—For reasons of national security and national pride, government officials in countries like China, France and Germany are increasingly adopting the free, open-source computer operating system known as Linux.
In some cases, the software being replaced is produced by the Microsoft Corp., which, users say, is more prone to viruses and hackers.
“A lot of countries feel uncomfortable having the fate of their computer infrastructure in the hands of a large American software company,” said Eric Raymond of the Open Source Initiative, an advocacy group.
In China, the federal government is prodding its ministries toward homegrown versions of Linux, which unlike Microsoft's operating system doesn’t keep secret its core instructions, or source code.
The Chinese information and science ministries are investing in a version called Red Flag Linux “to pry the computer industry from the grip of operating systems giants like Microsoft,” the official People's Daily newspaper reported last spring.
Security experts tend to agree that computers are less prone to hacking and viruses when running open-source software like Linux or the Web server Apache. When vulnerabilities are found, programmers can fix them by tinkering with the code and publishing the results.
In France, the ministries of culture, defense and education have switched to Linux for reasons of security and uniformity, dropping programs from Microsoft, Sun and Lotus, a Public Works Ministry spokesman said.
Germany's minister for economy and technology, Margareta Wolf, has urged use of Linux in “security relevant” computer servers and says the government—currently overwhelmingly dependent on Microsoft—is looking into ways to convert other ministries.
Among the reasons Wolf cited was “protection from economic espionage.”
“Security through obscurity is the motto of yesterday,” Wolf said in July at a Stuttgart tech conference. “The slogan of today is security through transparency.”
Interior ministry spokesman Dirk Inger said Friday that the government is keen to decrease its susceptibility to Microsoft-crippling viruses: “Our desire is simply to use software products other than Microsoft's.”
Another rallying point for Europeans is the fact that Linus Torvalds, the programmer known as the father of Linux, is a native of Finland.
In China, as well, software is a matter of national pride.
The Chinese are keen to use their enormous market potential to boost Chinese products rather than foreign ones, said Li Gong, Sun Microsystems' chief representative in China.
“They don’t want to build an economy entirely on Western technology,” Gong said. “To be a strong nation, they have to have intellectual property.”
There are also unproven fears of so-called “back doors” in proprietary operating systems like Microsoft's Windows. Some governments fear they could be spied on by U.S. intelligence through a built-in secret channel.
Despite Microsoft's vigorous denials of their existence, the fear of “back doors” is particularly acute in China, where the government worries that the U.S. military could tap into and shut down its military command networks.
“What if the U.S. and China go to war?” Gong asked. “If these things get pushed to extremes, they don’t want to be dependent on a U.S. operating system.”
In March, a report in the respected German news magazine Der Spiegel claimed that country's defense ministry had banned Microsoft products because of an alleged “back door.”
The ministry later denied the claim.
Microsoft's director of security assurance Steve Lipner calls the back door references a persistent and baseless rumor.
“The logic of that conspiracy theory is pretty strained,” Lipner said.
The criticisms over security are tougher to dismiss.
Microsoft Web server software powers about 30 percent of the world's Web sites—and 62 percent of the sites that have been hacked, according to data collected by two Internet sites, Netcraft's Web Server Survey and the Alldas Defacement Archive.
Microsoft is also the prime target of virus writers. But that fact owes more to Microsoft's dominance in PC software than any particular vulnerabilities, said security consultant Chris Wysopal of (at)stake Inc.
Microsoft's Lipner said the company is now releasing “lockdown” tools to deal with the problem and is also no longer leaving “entry port” settings open by default on server software.
Even in the United States, where Microsoft dominates government computers, agencies such as the Department of Defense and the National Security Agency are experimenting with Linux.
IBM Corp. reports increasing sales of Linux systems to the federal government, along with a recent sale to the Chinese postal service.
The NSA, the intelligence agency charged with eavesdropping and code breaking, has even developed its own version, called Security-Enhanced Linux, available for free on its Web site.
A contractor that helped the NSA with the Linux project said the agency had “tried for years” to prod software companies to tighten holes in their operating systems.
Frustrated by the lack of success—and concerned about the protection of the country's computer infrastructure—NSA decided to create its own, said Tom Haigh, chief technical officer of San Jose, Calif.-based Secure Computing Corp.
“NSA feels it has a responsibility in that area,” Haigh said. “They understand better than anybody in the world the deficiencies of operating systems.”