CCIA Blasts Government Dependency On Microsoft OS

A State Department spokeswoman confirmed that the discovery of the virus forced the shutdown of the department's OpenNet system as well as communications between its U.S. and international operations from noon until 9 p.m. last Tuesday.

She noted, however, that the OpenNet system stores unclassified information only and that the visa and immigration name-checking system--which contains the names of 78,000 suspected terrorists--was not infected or damaged.

"Due to the fast spreading of worms, the department quarantined communications between our domestic and overseas posts and consulates," read a statement issued by the State Department last week. "The department continues to use active network intrusion detection, firewall and antivirus, but unfortunately, these fast-growing computer viruses appear to be the wave of the future."

The incident is the latest headache for Microsoft and its CEO, Steve Ballmer, who recently said he was humbled by the outbreak of viruses--including Blaster and Welchia--that have wreaked havoc on Windows computers worldwide.

Microsoft declined to comment specifically on the State Department fiasco, but the Redmond, Wash.-based company is working to be responsive when vulnerabilities occur, said a company spokesman.

Hours after the State Department breach surfaced, one group of security experts claimed that the key security problem is the widespread use of Windows.

Microsoft's monopoly is bad not only for business but also for national security, according to the report issued by the Computer and Communications Industry Association (CCIA) last week. It recommends that the U.S. government diversify its operating systems to reduce the cascading effect of a rapidly spreading Windows infection.

"Our point is about mono-culture. You don't put all your eggs in one basket," said Dan Geer, CTO of Cambridge, Mass.-based @Stake Consulting, a principal author of the report. "Part of the solution has to be that our infrastructure has to have more diversity, and obviously that can't happen from Microsoft's side."

One software reseller said the approach is interesting but not practical. "Everyone else has a version of this problem--there are Mac OS-X, Unix and Linux viruses and worms as well. They get less attention, but they do exist," said John Parkinson, chief technologist for the North American Region at Cap Gemini Ernst and Young. "Increasing the diversity of the operating system is a theoretically interesting approach [for governments to prevent virus damage] and will happen on the server side, but on the desktop, a user doesn't use the OS; they use the [user interface]. The productivity hit would be intolerable."