Former Fed Says XP Poses a Security Threat

A computer forensics expert and retired federal agent is trying to convince the U.S. government that Windows XP is a threat to national security and its distribution should be postponed.

Michael Anderson, president of New Technologies, says data scrubbing features in Windows XP Professional will make it impossible for federal agents and law enforcement to find and reconstruct digital evidence buried on computers, particularly those seized from terrorists.

While Anderson concedes that XP's data scrubbing and encrypted file system features are desired by law enforcement and others for keeping data secure, he says the timing of XP is bad.

"This is an intelligence issue," says Anderson, who provides computer forensics training, software, and consulting to military and law enforcement agencies. "The government and Microsoft need to think this thing through."

Going Too Far?

Some security experts are unconvinced, however.

"This may be going a little too far," says Charles Kolodgy, an analyst with market research firm IDC. "Do you ban shredding, burning of paper?" Kolodgy also says the argument is ironic given that Microsoft is often criticized for leaving so many security features disabled by default. Others say privacy is also an issue.

But Anderson, who retired in 1996 from the U.S. Treasury, where he was a special agent, says the government should force Microsoft to postpone the release of the Professional version of XP in light of the September 11 terrorist attacks. Windows XP launches October 25, ironically, at an event in New York City.

Anderson, whose business is based in Oregon, has detailed his concerns in letters to his state's congressional representatives in Washington, D.C.

Calling on Congress

A spokesperson for Senator Ron Wyden (D-Oregon), a member of the Select Committee on Intelligence, says the senator was forwarding Anderson's letter to Attorney General John Ashcroft. "We are asking the Justice Department to take a look. We think it is their issue," the spokesperson says.

Chuck Guzis, president of Sydex, which develops data conversion and emulation software, also has written to Congress.

"We just need to delay this software," he says. "We don't have the [forensics] tools or methodology in place to combat XP."

Anderson's concerns stem from the fact that even when data is deleted from a computer it still resides on the hard drive for a period of time. This is known as ambient data. Experts can reconstruct ambient data to recover files and e-mail messages. Such work was done to produce evidence in the trial of Iran-Contra figure General Oliver North and in the Monica Lewinsky scandal.

Windows XP Professional has a feature called data recovery. By default, that mechanism is turned off, meaning that ambient data is "scrubbed" from the hard drive. Anderson says that means terrorists could use it to hide their digital tracks.

"XP will slam the door on all that forensics work," Anderson says. But Microsoft says security in XP as in other Microsoft products isn't created in a vacuum.

"We work with others in the industry and government agencies to develop security policies that take into account law enforcement concerns," says Jim Desler, the corporate spokesperson for Microsoft.

He acknowledges that savvy terrorists can use third-party tools, such as Evidence Eraser by Mad Hornet, to stifle forensics work but says Windows XP makes it available by default to anyone buying XP Professional.