Australian Govt 'safe list' snubs Microsoft

[Metgod]

At least SOME government's are half-way intelligent. I'm still waiting for the US to be part of that list.... Afraid that's not gonna happen with people like Bush and others that support him. But of course, it's not just him..

Met


http://www.zdnet.com.au/newstech/security/story/0,2000024985,20270727,00.htm

By James Pearce
ZDNet Australia
17 December 2002

Microsoft's products have been left off a list compiled by the Defence
Signals Directorate that aims to evaluate and advise whether software
is appropriate for use by Australian Government agencies.

The Defence Signals Directorate Evaluated Product List (DSD EPL)
provides a listing of products that have been deemed appropriate for
use within the Australian Government for the protection of
non-national security electronic information, according to the
Directorate.

"The reason that there are currently no Microsoft products on the EPL
is that no Microsoft products have gone through evaluation in
Australia," the DSD told ZDNet Australia   in correspondence.
"However, the Microsoft Windows 2000 operating system has recently
completed evaluation under the equivalent US program, the Common
Criteria Evaluation and Validation Scheme (CCEVS)."

Windows 2000 Professional and Windows 2000 Server were passed by the
CCEVS on the 25 October this year. Australia, along with the US and
around 13 other countries, participates in the Common Criteria
Recognition Arrangement (CCRA), whose participants have agreed to
mutually recognise each other's product evaluations.

Government agencies were using Microsoft products years before any
were declared as safe by the DSD because the EPL is a recommendation,
rather than having regulatory force. According to the DSD, government
agencies have to comply with DSD guidelines only when using
cryptography to protect Commonwealth information, and must utilise a
DSD-approved firewall to protect connections between government and
public networks.

The DSD said one reason why some products aren't on the list is the
high cost that can be incurred by developers attempting to have their
product listed. This certainly has a deterring effect on the
proponents of open source software, who are trying to convince all
levels of government to convert to open source.

"We're very keen on seeing local [Australian] government look more
seriously at adopting open source technology, but people said it's not
on the evaluated product list by the DSD," Con Zymaris, CEO of
Cybersource told ZDNet Australia  . He said the only way to get an
open source system such as Linux on the EPL was to have a large
corporation decide it would be beneficial for them if the government
used Linux and therefore funded the research.

The issue of whether government agencies should use open source
software is a contentious one. The Initiative for Software Choice, a
US lobby-group backed by computing giants such as Microsoft, Intel and
Cisco Systems, is petitioning the US government to avoid open-source
software.

It is worried about a recent report by independent IT research
corporation MITRE, which concluded, among other things, that removal
of open source software would remove the demonstrated ability of that
software to be updated rapidly in response to new types of
cyberattack.

Zymaris believes there is a sea-change occurring in the government.
"In the past few months things seem to have become more positive," he
said. "There is a higher awareness rate, and the IT managers have a
more positive attitude [towards open source]."

"The government has particular ways and processes of doing things,"
added Zymaris. "We shouldn't say 'Hey! Change all that and do it our
way!', we should find the best way to work with them."

[Metgod]

Of course.. ask a good friend of mine in Australia what she thinks of John Howard.. and she'll say he is an idiot (well actually, she used a different word).

But you know.. all governments are corrupt in many ways (the US is making that very obvious even more than before), and all have idiots as part of their team. But at least this gov't got one thing right: MS doesn't know what security means.


Met

[Zerored]

The reason that there are currently no Microsoft products on the EPL is that no Microsoft products have gone through evaluation in
Australia,"
..but when they do, are THEY in for a surprise!.

He said the only way to get an
open source system such as Linux on the EPL was to have a large
corporation decide it would be beneficial for them if the government
used Linux and therefore funded the research.
 Very interesting indeed!

The DSD said one reason why some products aren't on the list is the
high cost that can be incurred by developers attempting to have their
product listed.

Microsoft products are just high regardless.

[Metgod]

High, yes.. but in what way.. well the answer to that is their products are widely used but yet.. they always have huge amount of flaws and security holes. And that many people (thus high) are against their crapware..

but unfortunately too many people will not look at everything or consider the facts. And they only look at one side of the story. Microsoft says something, so it must be true. WRONG ! They lie so much it pains me. Anyone remember when BO was released ? I don't mean BO2k but the original one. What was Microsoft's reaction ? Basically they denied all counts of having insecure operating systems. That this was not a risk of any sort. Of course, there are many backdoors in windows.. but like I said.. Microsoft said it so it must be true.. despite the obvious truth that their system can be compromised by running an executable file. And despite the common occurrence of DDoS attacks because of backdoor software that supposedly isn't a problem.

Anyone follow a recent (err I guess it isn't so recent actually) IE security hole ? Microsoft repeatedly claimed it was a minimal risk until other people went public claiming Microsoft was lying. And even then it took a bit of hitting them on the head to admit it. They changed the risk quite a few times.. more times than it should have been done anyhow. Another example of them lying and why they shouldn't be trusted for this kind of stuff.

Really, I do not see a good future for the computing industry or the world itself with this attitude.

[End overly sarcastic but oh so true message]


Met