Security

Microsoft critic dismissed by @Stake

A computer security expert who contributed to a paper deeply critical of Microsoft has been dismissed by his employer, a consulting company that works closely with the software giant.

A computer security expert who contributed to a paper deeply critical of Microsoft has been dismissed by his employer, a consulting company that works closely with the software giant.

Dan Geer, a longtime computer security researcher, and several colleagues released a controversial study on Wednesday that called the ubiquity of Microsoft software a hazard to the economy and to national security. Although independently financed and researched, the study was distributed by the Computer and Communications Industry Association (CCIA), a Washington-based trade association largely made up of Microsoft's rivals.

Cambridge, Mass-based @Stake, where Geer worked as chief technical officer, said in a statement Thursday that the researcher had not gotten his employers' approval for the study's release, and that he was no longer associated with the company.

"Participation in and release of the report was not sanctioned by @Stake," the security and consulting company said. "The values and opinions of the report are not in line with @Stake's views."

A Microsoft spokesman said the software maker had not pressured @Stake to make any decision on Geer's status. However, @Stake did call Microsoft late Tuesday night (after news of the report's contents first broke) to say that Geer's findings did not reflect his employer's opinions, the spokesman said.

"We had nothing to do with @Stake's internal personnel decision," Microsoft spokesman Sean Sundwell said.

Sundwell said that Microsoft used @Stake's services in developing security software for customers, and that the relationship extended several years back. An @Stake representative declined to comment beyond the contents of the company's statement.

In that statement, @Stake said Geer had not been associated with the company as of Sept. 23, the day before Geer's report (the report co-written by Geer) was actually released.

Security expert Bruce Schneier, another co-author of the report, said Geer had believed he was still employed when the two of them discussed their report on a conference call with reporters on Wednesday.

"When Dan was on the call, he was an employee," said Schneier, who serves as chief technical officer at Counterpane Internet Security. "They might have fired him 10 minutes later, but they didn't tell him."

Geer could not be immediately reached for comment.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.


The report, entitled "CyberInsecurity: The Cost of Monopoly," said that to rely on a single computing infrastructure such as Microsoft's Windows operating system created unnecessary risks to national infrastructure--particularly given the company's recent history of security flaws. Moreover, new security features being implemented in products by Microsoft simply made the problem worse, by locking customers even more tightly into the company's software, the authors said.

"The focus on Microsoft is simply that the clear and present danger can be ignored no longer," the authors wrote in the report, recommending that the government force the company to open up its technology and allow competing products to interoperate.

Schneier said the idea for the report had come from Geer and the other researchers, not from the CCIA or other Microsoft rivals. The group had found it hard to find other researchers to sign on to the idea, even if those approached agreed with the study's premises, he said.

"When we were conceiving and writing the report, a surprising number of researchers said 'No,' because of the fear of Microsoft," Schneier said. "Dan was not talking for @Stake. We were speaking as researchers. The fact that @Stake couldn't get around that shows the pressure that Microsoft brings to bear."