Subject: Top Officials Seek Alternatives to Microsoft
From: Keith Bostic <bostic@abyssinian.sleepycat.com>
Date: Sat, 11 Sep 1999 13:54:51 -0400 (EDT)

Top Officials Seek Alternatives to Microsoft
	-- by Stephen Trimble, FEDERAL TIMES STAFF WRITER

Concerned about security and an excessive reliance on Microsoft software,
senior administration officials plan to diversify the types of operating
systems software purchased by the government.

The National Security Council soon will create a new office to assess the
ways federal agencies could make greater use of open-source, or
nonproprietary, software that is freely available to anyone and has codes
that are not secret.

"One of the areas we are very interested in looking at is open-source
code," a senior White House official told Federal Times.

The effort ultimately could affect the types of software the government
purchases for network servers and desktop applications.

The government will buy $2 billion worth of software in 2000, according
to Federal Sources Inc., of Fairfax, Va., a market research company.

The initial purpose of the new software assessment office will be to
identify agencies and programs that will be candidates for trials of open
source software, said the White House official, who asked not to be
identified.

The General Services Administration and the National Institute of
Standards and Technology also are involved in creating the office. Its
location still is to be decided.

The new office will assess the costs and benefits of using open-source
software to operate many government computers. Also to be determined are
the cost and technical obstacles to communication between systems using
open-source and the proprietary software now in use.

The White House official declined to say how extensive is the
administration's plan to diversify its reliance on operating systems
software. A chief reason for the effort, according to advocates, is to
address concerns that Microsoft operating systems are vulnerable to
malicious computer viruses and hacker attacks. This is partly because the
Microsoft software is proprietary and security vulnerabilities are more
difficult to find and correct, said Przemek Klosowski, a NIST physicist
and leader of the Washington, D.C., Linux User's Group.

"Government should be vendor-neutral, and the government should not
formulate IT requirements that say only a single vendor is applicable,"
Klosowski said.

Klosowski said Linux is used on a limited basis for computer research
applications at Energy Department laboratories, NASA, NIST and the Defense
Department.

"I don't know of any large government Linux contracts," he added.

Another purpose of adopting different types of software is to diversify
the government's inventory of operating systems, so not all are vulnerable
to the same viruses and attacks, the White House official said.

Linux, an open-source operating system similar in functionality to
Microsoft Windows, is being given serious consideration as an alternative
for government computer users, the official said.

Access to the Linux source code "gives us some confidence," the White
House official said, adding that it simplifies patching security breeches
and correcting routine errors.

Created by a Finnish graduate student named Linus Torvalls in 1991,
Linux's open code is relentlessly scrutinized and tested by tens of
thousands of systems analysts worldwide, who constantly recommend
improvements, Klosowski said.

As a result, Linux boasts a robust code that rarely malfunctions and is
extremely difficult for hackers to crack, Klosowski said.

Microsoft, on the other hand, keeps its code secret and makes upgrades to
its products on a yearly basis, he said.

Microsoft software products have been the target of numerous computer
viruses.

One of the best known was the Melissa virus that struck thousands of
government and nongovernment computers in March by exploiting
vulnerabilities in Microsoft Word 97 and Microsoft Word 2000. In June,
another virus called ExploreZip targeted vulnerabilities in Microsoft
Windows 95, Windows 98 and Windows NT.

Microsoft officials argue their software products meet federal security
standards.

Microsoft's main server software, Microsoft Windows NT 3.5, for instance,
is certified under the federal security standard known as Federal
Information Processing Standard 140-1, said Quazi Zaman, advanced
technology manager for Microsoft Federal Systems of Washington, D.C. The
newest version of Microsoft's server operating system, called Microsoft
Windows NT 4.0, is undergoing certification and is expected to be
certified "in the next three months," Zaman said.

Zaman added that Microsoft has been considering making some of its
software products open source for two years.

"Open source is a very innovative way to develop software," Zaman said.
"The issue is how much of our own code we should put out in the open
source environment."

Zaman added that Microsoft likely would be willing to provide the National
Security Council with its code for security inspections if it is for
national security purposes. So far, he said, the NSC has not asked for
access to any of Microsoft's software code.

Zaman argued that government agencies are not excessively reliant on
Microsoft products, adding that other software suppliers, namely, database
software suppliers, have larger shares of the federal software market.

The project to increase the government's use of open-source operating
systems likely will present formidable challenges.

The government already relies extensively on Microsoft products for
desktop and, increasingly, server applications. Thus, there are sure to
be communications problems between systems that use different software,
said John Gilligan, the Energy Department's chief information officer.

The concept also appears to run counter to the government's 3-year-old
effort to concentrate on buying commercial, easy-to-use software, said
Payton Smith of Federal Sources Inc.

Regardless of security concerns, Smith added, a multitude of software
systems within an agency often can lead to interoperability problems.

"The more variations you have in the software, the more problems and the
more costs you're going to have," Smith said.

The White House official acknowledged that concerns over costs and
interoperability issues must be settled for the project to succeed.

"That's exactly the issues we're looking at," the official said.  "Both
costs and interoperability are critical issues."