Wake up, you sleepwalkers

Last November, the director of the American SANS Institute, Alan Paller, was in London again to announce the latest Top 20 list of software vulnerabilities.

The event, which was held at the Department of Trade and Industry headquarters in London, attracted a big crowd and seemed to be going smoothly until he announced that, if only we keep our patches up to date, we will have security under control. The audience, he said, should go off and demand more money from their boards to help them keep their systems safe.

At this point, a figure rose in the audience, visibly incensed, and told Paller and all who would listen that this whole approach to patching vulnerabilities – in fact, our whole approach to security – had to change, and that we were all mad to focus our energies on fixing software that was fundamentally flawed.

That lone voice came from Eddie Bleasdale, a long-term advocate of open systems, and dedicated scourge of the Microsoft way.

"When Paller told them to ask their boards for more money, my pressure valve went," says Bleasdale. "IT security people have been asking for more money for the past 20 years and we're no more secure now than we were then."

Sony's recent clumsy attempt to manage piracy by installing rootkit software on people's computers, perfectly illustrates where we've gone wrong, according to Bleasdale. "We have no control over the software running on our computers, and you can't have trusted information systems without that control. We have gone down a blind alley," he says.

The source of all our problems, he says, goes back more than a decade to the release of Windows 95. "When Intel introduced the 386, the first processor with hardware memory management, we had an opportunity to build secure systems, but it was lost when Microsoft opted for backwards compatibility with Windows 3.1, rather than risk losing any market share by breaking compatibility."

At the time, as those of you with long memories will know, IBM was still competing with its OS/2 alternative, an operating system that did take advantage of hardware memory management and was inherently more secure. But "IBM's marketing was incompetent" and, well, the rest is history.

Ever since, we have worked with an operating system that allows you to download executable attachments, and this, according to Bleasdale, is the root of most of our problems.

"In Unixland or Linuxland, an attachment to an email is not treated as an executable file. If it is a file you want to execute, then you have to save it, change its attributes, and then execute. If it contains something nasty, provided you don't have super-user status, then the rest of the system is not destroyed," he says.

"In Linuxland we have bits of code that do a defined bit of work with a defined interface to the rest of the system. We can check the interfaces and make sure they do what they are supposed to do and are secure. So security is built-in by design."

He is also scathing about the blurring of boundaries between the Windows operating system and applications, particularly Internet Explorer. "Microsoft's monopoly has allowed it to integrate things like Internet Explorer into the operating system. So you have a bit of application code in the operating system. This was done purely for a marketing purpose, and has resulted in major security weaknesses."

Now, it would be easy to dismiss this kind of outburst as a mere carping against the status quo – after all, are we really all going to chuck out Windows tomorrow and follow the open road, as he suggests?

And Bleasdale has had a reputation as a stubborn operator since the mid 70s when he started his own Unix systems business (Bleasdale Computers) and then Netproject, to promote open systems.

In the 80s, for example, he tried unsuccessfully to sue the CCTA (at the time the Government's advisory body on computing) because it would not put his company on its list of approved microcomputer suppliers.

That sounds crazy until you look at the facts. The Government mandated the use of two operating systems, CP/M and BOS (remember them?), and decided that Unix had no future. He decided to challenge what he saw as bad judgement.

"When I went to the CCTA and said 'Hang on a minute, guys, these machines don't have hardware memory management – and therefore can't be made secure', they said 'Tough Eddie, you're a bad loser'."

His battles have continued ever since. In 1992, the London Ambulance Service launched a (Microsoft-based) computer-aided despatch system that went belly-up within hours, resulting in patient death and the eventual resignation of the LAS chief executive. Bleasdale was quickly on hand to remind the world that the (Unix-based) system he had designed for the West Midlands Ambulance Service had never broken down – and is still running.

In 2004, he was in the news again, this time claiming that Microsoft had squeezed him out of a deal with the London Borough of Newham. He had proposed a fully open solution, but the local authority eventually opted to remain with Microsoft, winning some hefty reductions on its software licences in the process.

Some cynics even suspected that the borough had only invited Bleasdale in to frighten Microsoft and force it to come up with the price reduction.

In similar circumstances, he proposed a secure messaging system for the police, only to be beaten to the deal in the end by Microsoft.

Although things went against him in the UK, he found a more favourable reception in Europe. He has worked closely with the European Commission in creating migration guidelines for those who want to move to open systems, and many of the fruits of that work can be seen on the EU website that deals with Interoperable Delivery of European eGovernment Services (http://europa.eu.int/idabc).

In the process, he has also developed what he calls the Secure Open Desktop Architecture (Soda) as a direct challenge to the Microsoft desktop model.

Even back in the UK, there are signs of some progress. He is now rolling out Soda at the Parrs Wood School in Didsbury, Manchester, using second-hand PCs donated by a bank, and with the backing of the DTI.

"The students use the same cash card they use in the school restaurant to log-on to the system. It might not be as good as a smart card, but it's certainly better than nothing," he explains.

"A standard software configuration is then downloaded to every client device. We have secure messaging between the client and the servers, and a method for the servers to identify themselves to the clients. This is a trusted infrastructure.

"When someone logs on to a device, there is an immediate checksum made to ensure that the software on the client device is valid. If it is not, the device is not allowed to operate. We think that gives us much better security. We can do it with current technology."

He doesn't expect everyone to follow suit, but he warns that companies need to start preparing for some inevitable major changes in their systems. For the most loyal of Microsoft's customers, this will come with Vista, its next-generation OS.

"But when is Vista coming out? I'd lay money it won't be out for another five years," he says. "So what are we going to do in the meantime, simply stand around twiddling our thumbs and waiting for Microsoft to deliver something?"

Microsoft, of course, puts the launch date rather earlier – some time this year – but that does not quieten Bleasdale or any of the rest of the Linux community. Because as well as demanding a lot more hardware to drive it, Vista will implement the Trusted Computing Platform that has support from Intel, Microsoft and a host of other manufacturers.

"We don't need a TCPA chip in our computers if we build systems in the first place that we can trust to run our applications," he says. "The TCPA is there simply for digital rights management. If people want to enforce their intellectual property, then good on them. But DRM should not lock down how people are able to use their computer. And this is the danger we face."

Sony's clumsy efforts to enforce its intellectual property rights remind us of where that can lead. "Trusted computing is all getting confused with digital rights management. The computer industry is sleepwalking into a massive problem."

But the tide could be turning in Bleasdale's favour. The one speech at the SANS event that met his approval came from Paul Dorey, head of information security for BP and a prominent member of the user pressure group, the Jericho Forum.

Jericho's emphasis on protecting data, rather than building ever more rigid outer defences, fits well with the clear architectural approach that Bleasdale has long espoused. And the influence exerted by Jericho members will definitely be felt in products appearing in three to five years' time.

For the moment, Bleasdale's advice is to make sure that you keep your options open until it is clear who will dominate the next generation of computing.

Unsurprisingly, he advocates a move to thin-client computing, with Linux as the operating system, the Firefox browser and the Thunderbird email client, as a big step to trusted computing.

But even if you do not buy that advice, he says, big changes are coming even if you stay with Microsoft, so why not rethink how you are doing things now.

If you would like to know more, or indeed take an opportunity to tell him he is wrong, you will be able to find him later this month (26 January), when he runs a conference called "Trusted computing and ensuring the security of e-business" at the DTI Conference Centre in central London.

Entrance is free. You can find all the details by visiting www.netproject.com.

Speakers include Alan Cox, the lead Linux kernel developer, and a senior developer from Microsoft. With Eddie Bleasdale in the chair, it should be a memorable showdown.