From: "Doug Geoffray" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, April 02, 2003 11:41 AM
Subject: Citrix and Window-Eyes


Hello,

I recently came across an email message sent to a public list regarding our
Citrix Metaframe solution that we were showing at CSUN a couple weeks
ago.  The email was written by Chris Hofstader who is an employee at
Freedom Scientific.  The complete email from Chris is as follows:

Hi,

GW demonstrated Window-Eyes running on a Citrix server that delivered
speech information to a client side PC at CSUN.

Freedom Scientific does not pre-announce unproven technologies.  We also do
not pre-announce any features or functionality that we do not know when we
might be able to release.  Finally, we do not pre-announce projects that
may or may not be in the research phase.

Running a screen reader on a Citrix or MS Terminal Services server is a
complex problem and I personally commend our friends at GW for getting so
far along in this matter.  Many of the hard problems are still
unsolved.  Specifically, how a screen reader can run on a server without
compromising system security and network integrity.  Once a screen reader
is installed on a server, it effectively has access to all of the same
information that the user does.  Hence, if the user works at the Social
Security Administration, the screen reader may be transmitting your entire
salary history.  Meanwhile, another bit of "spyware" can use the same
techniques as the screen reader, spoofing its identifier, and be posting
this information elsewhere.  So, what if the blind employee is at NSA, CIA,
Navy Intelligence, a health insurance company, a law firm or other
organization that handles very secure information?  Will CIOs permit such a
breach?

So, I am not willing to say where we stand vis a vis MS Terminal Services
or Citrix as I've no idea when we might be able to pull together a truly
satisfactory solution.

Thanks,
cdh

Chris Hofstader
VP/Software Engineering
Freedom Scientific, Inc.
11800 31st Ct. North
St. Petersburg, FL 33716

This concludes Chris' email.

First of all, I would like to thank Chris for providing this opportunity to
discuss some facts regarding Window-Eyes & Citrix, and refute some of the
rumors that have been floating around. I am sorry that many people may
regard messages from people like Chris, or me, as marketing hype, but I
feel that this issue needs to be addressed in a public forum as it
originally began. I will keep my comments related to Citrix. Other issues
such as pre-announcing unproven technologies, as described in Chris' second
paragraph, will be spoken for by the release history of Freedom Scientific.

Chris has made a number of statements regarding the functionality of
Window-Eyes and Citrix. This bothers me quite a bit seeing as how neither
Chris nor any of the Freedom Scientific staff is involved in the
development of Window-Eyes technologies. Citrix was kind enough to send two
representatives to our booth at CSUN, demonstrating their support in
Window-Eyes and our commitment to providing stable, secure, and reliable
remote access through the use of Citrix technologies. GW Micro also has a
history of our own that indicates our commitments to deliver those features
we feel are most important to our users.

Chris stated that, "Many of the hard problems are still unsolved." Without
any first hand knowledge of the development process of Window-Eyes, it is
difficult for me to understand how this statement can be made. With that in
mind, I would like to offer a few facts regarding the combination of
Window-Eyes and Citrix technologies. The following is an e-mail message
directly from Citrix that may help to dismiss any unfounded rumors:

1.   A screen reader, like a video driver, is a trusted component, because
it needs access to trusted system internals. Microsoft requires that such
components be digitally signed, and Microsoft Windows will check this at
installation.  Administrators should only install such digitally signed
components.

2.  Trusted components must clearly be trusted to uphold confidentiality,
integrity, and availability, and therefore must be carefully implemented to
avoid leaking information, corrupting information, or affecting
reliability. This is equally true whether the screen reader is implemented
on the client machine or on the presentation server.

3.   In highly sensitive or regulated environments, administrative controls
are always needed to isolate different categories of information to ensure
confidentiality, integrity, and availability.  Metaframe XP can simplify
this, since data is never transmitted to client machines.   In such
environments, server-based screen readers are unlikely to add much
complexity.

So, it doesn't make much difference whether the screen reader is on the
client or the server.

We offer FIPS compliant TLS/SSL encryption between our client and server.

http://www.citrix.com/site/resources/dynamic/legal2nd/Citrix_FR2_FIPS_140.pd
f

Our web site also has information about our Security Gateway feature.

I don't see how the addition of a screen reader has additional security
concerns.  Of course the reader has to be built correctly and not leak
data.  However, I don't see how it enables any additional spyware to be
installed on the system.  If it did, then a similar argument could be made
for screen readers on the local desktop.  Spyware is bad no matter where it
inserts itself.

No matter how you deploy data and applications, there are always security
concerns.  With Citrix the database and application are accessed on the
Metaframe server in your MIS shop instead of on every user's desktop.  You
must manage the security on the Metaframe servers.  You should still be
concerned about security on your client desktops, although we believe this
is simpler because less is running on them.  This is the basic Server Based
computing story.

This concludes the comments from Citrix.

I also verified with Citrix that information being ported via a serial port
to an external synthesizer or via sound images being piped to your local
sound card use the same encryption as all data sent to and received from
the server.

Security is a very big concern with GW Micro; we have taken great steps to
make Window-Eyes as secure as possible without compromising stability. In
fact, security concerns exist above all other Window-Eyes issues. We feel
that having a secure and stable product far outweighs the need of any bells
and whistles a given product may or may not have. If a product is not
stable, that in itself is a security risk. With the upcoming Window-Eyes
4.5 release, we have added an error reporting tool, similar to the one that
Microsoft uses, allowing a user to report crashes that involve (or may have
involved) Window-Eyes. GW Micro can analyze this information, determine
what caused the problem, and then resolve it. We have already experienced
great success with this tool during our private beta testing phase. Our
hope is that this feature will be one of the least utilized in the new
version of Window-Eyes, but the functionality is there if needed. This is
just one example of our commitment to both security and stability.

I am disappointed in the stance that Freedom Scientific has taken regarding
our solution to remote access via Citrix technologies. After all, our
common goal should be complete access for the user, period. Rest assured
that GW Micro will continue to be a leader in secure and stable remote
access.

Regards,
Doug

Doug Geoffray
GW Micro, Inc.
Voice 260-489-3671
Fax 260-489-2608
http://www.gwmicro.com


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html