Closed Source and the naked Emperor
For the past 8 years, I’ve read countless articles on Open Source and Closed Source security. I’ve endured bickering that asymptotically approaches infinite. I’ve tried to understand every possible argument, perspective and angle. And, today, I’ve come to a definitive conclusion.
The Emperor is butt naked. And the majority of the people can’t see it.
Before the storm
In the interest of full disclosure, and knowing this simple honest action will net me a thousand clogged ears and blind eyes, I must state the following: I’m an experienced Free Software and Open Source developer. I’ve been working on IT for my entire life using Open Source practices (and I’ve never managed to stay comfortable in Closed Source-type environments for more than two months). I’ve been using Open Source since it was practical to have it on my computer (which was inextricably tied to the availability of Internet connections in my country, a Third World place named Ecuador).
Let’s get started
Recently, a Microsoft security official said phishing is a problem because there’s no patch for human stupidity. Which, in other words, is the exact equivalent of saying that people’s computers get infected by malware because they’re stupid.
Are users really stupid?
Are you, Mr. Reader, stupid enough to fall for a phishing scam? Are you, Mr. Reader, stupid enough to install a virus on your computer? Are you, Mr. Reader, stupid enough to be aware that the latest screen saver you downloaded contains spyware?
I bet you’re not.
Textbook facts:
- Now, for those of you who don’t know software engineering: a bug is a condition in a computer program, the result of human error at the software manufacturing stage.
- Normally, bugs only diminish your productivity. But, due to their nature, some computer bugs can be leveraged into giving third parties or unwanted programs (viruses and their cousins) full access to your computer.
- Modern computers (and their operating systems) exploit a series of built-in mechanisms to provide separation between programs.
- Modern bugs are the gateways for malicious programs to get where they do not belong.
This is the truth. Malware gets into your computer when your computer software has bugs. No bugs, no malicious activity.
In a way, viruses are a problem of the past… and not because of antivirus software!
In other words: with a properly built, bug-free computer system, no virus attack is possible, or (as is the case with Microsoft Windows) able to obliterate your computer and your information. Attaining bug-free computer programs is very hard (some would argue it’s undoable). But building completely secure systems is possible. It’s so possible that they have already been built.
This is not just my “opinion” or “educated guess”. This is something real, derived directly from cutting-edge science and engineering.
And here’s another textbook fact: malware (malicious software) is spreading because of the poor quality and the irresponsible attitudes of Closed Source software houses (with their flagship operating system, Microsoft Windows).
The Emperor is naked. Why doesn’t anybody notice it?
The Closed Source camp has completely succeeded at the task of convincing the entire planet that the spread of malware is the responsibility of computer users everywhere. It’s a concerted effort of PR quotes in mainstream media, such as the quote from the Microsoft security official in the article I mentioned earlier.
They’ve lead the world to believe that bugs in their software are not only an unsurmountable “inconvenience”, but that you have to pay for “protection” in the form of antiviruses and antispyware. And, to top it, it’s “your fault” when a virus gets on your computer.
Why the lie sticks
Of course, the spread of a vulgar lie like this one is only possible because only a microscopic portion of the populace understands software engineering. Not that you, me or anyone else is at fault. I know nothing about engine repair. And why should I be forced to know? But the point is simple: computers (like microwave ovens) are the postmodern “black magic” — hocus pocus — and people, in absence of knowledge, have always tended to believe what the expert wizard said. Not far ago, people believed a ten pound rock would fall ten times faster than a one-pounder. And this is about the only piece of truth to the “blame the user for the virus” lie.
Under the hood, Microsoft Windows and related software has tens of thousands of known bugs, and (judging by the available statistical data) many more unknown bugs. Scarce days pass between discoveries of previously unknown bugs, bugs that malicious programs continually use to destroy your work and to endanger your personal life. Will you ever know if there’s a bug going undetected, Mr. Reader? You will never, ever know, because they won’t let you see under the hood. Ever. It’s in their best interest to break your legs and then sell you crutches, each pair more “sophisticated” than the old one.
How can we sidestep this issue? Isn’t Windows mandatory?
How can Microsoft get away with a blatant lie? Simple. You have no other choice but to believe them. You will never be able to prove them wrong, because they have the source, and you do not.
Fortunately, you do have a choice. Use Open Source software. Use Linux, use Firefox, use OpenOffice.org. The real security innovations and cutting-edge advancements are happening in our camp, not the Closed Source camp.
Open Source is simply better — don’t just take my word for it, give it a run.
June 27th, 2006 at 18:57
El emperador está en pelotas… cómo llegamos a la Edad Oscura de la seguridad informática…
¿Cómo es posible que en el 2006 todavía tengamos que tener antivirus y cosas por el estilo? Veamos cómo nos han convencido de aquello….
June 28th, 2006 at 6:27
[...] Vía meneame llego a una interesantísima reflexión en inglés sobre los virus y otros problemas de seguridad en los sistemas operativos. Pero antes de exponeros la traducción del artículo, quizá queráis recordar el cuento de Andersen sobre El traje de Emperador, del que este es un pequeño (y malo) resumen: Había un emperador al que le encantaba vestirse con los más nuevos y exóticos vestidos. Siempre estaba cambiándose de ropa. Un día llegaron a la ciudad dos truhanes que quisieron timarle: decían que hacían las telas más bonitas del mundo, las más refinadas, y que además, estas telas eran invisibles para todos los que no merecieran su cargo o fuesen irremediablemente estúpidos. Todos los que veían a los timadores trabajar en el telar vacío alababan la calidad de la tela, por miedo a ser considerados ineptos. Pronto toda la ciudad hablaba de lo bonita que era la tela. El Emperador recibió su traje, que iba a estrenar en el desfile del día siguiente. Todos los ciudadanos decían en voz alta lo boníta que era la tela, y lo bien que le quedaba al Emperador, cuando éste iba en realidad desnudo. Nadie quería ser “el tonto” de la ciudad. Hasta que un niño, inocente, empezó a gritar que el emperador iba desnudo, despertando así a los demás… [...]
June 28th, 2006 at 22:40
nice article r-man. I enjoy your site- do you think you could fix your page code so that it scrolls smoothly and not dog-slow?
thanks!
June 29th, 2006 at 11:04
I would most deffinitely use linux, were it not for its compatibility issues. Such is the case with videogames. There are certain video games that I just cannot go without. If it were to come down to it, I would dual boot win2k and a linux distro, but I really don’t want to have to reboot my system everytime I want to play a game.
Another problem with linux is their compatibility issues with the nForce4 motherboards. Yes, many distros will not install for some reason on systems with an nForce4 mobo. I, not being an expert, have no idea why.
Finally, I would like to say I am in no way anti-linux, and I am NOT a windows fanboy. However, if I can’t run my games, I’m really not interested for the time being.
Ps., if there is a distro that’s 1.) Easy to use, and 2.) Will actually work, let me know about it.
June 29th, 2006 at 11:28
nuts, just a bit of food for thought- the reason you’re so locked into windows is Microsoft’s lock on the market. They are a convicted illegal monopolist who use every dirty tactic in the book- killing off competitors, stranglehold agreements with retailers and partners, spreading mass lies and propaganda, buying favorable legislation- to ensure that they are The Only One. In a truly free computing market we would have many good choices and much more interoperability, because that is what customers want. But microsoft doesn’t care what is good for us.
I’m not saying you need to give up windows gaming, just know the true reasons why you don’t always get the functionality you want on non-windows platforms.
June 29th, 2006 at 11:39
Nuts. A couple of things and I think you’ll be set. It’s extremely cool that you’ve put yourself in the middle of the road to start. Well done. It’s important to note that GNU/Linux was never supposed to be and hopefully never will be a microsoft replacement. It was meant to be an alternative OS. It’s important to realize that distinction. Some will say that linux is the only way to go and that anything else = bad. It’s never been that simple and I doubt it ever will be. If you need your games and you need MS for your games, well then use MS. I’m not a heavy gamer, and as such, am perfectly able to accomplish what I do with a home computer with GNULinux. The benefit that I gain by using GNULinux isn’t always seen on the surface. It isn’t just in the facts that I get free updates, that getting new software dosen’t cost me anything, or that I don’t worry about what my computer is doing when I’m not looking. My freedoms are respected and defended in regards to my software, and the software that I choose to use. I take my freedom and liberty very seriously, and as such choose not to use software that I 1. don’t own 2.can’t modify and 3. reports back to who-knows-who what I’m doing. There are other reasons as well. check out http://www.gnu.org for more.
In response to:
check out the latest offerings from ubuntu or suse but realize that not software that comes with these distros protects all of your freedoms
I’m curious: what distros? and after a quick google search noticed alot of nforce4 issues being resolved after loading NVidia’s propriatary drivers. Not something that I use on my nvidia m-boards but I’ve never run into issues with GNULinux+NVidia
Best of luck!
June 29th, 2006 at 11:42
bad link above for ubuntu. should be ubuntu.com not ubuntu.org.
July 1st, 2006 at 8:07
Another response to Nuts… I am using an nForce4 motherboard (Asus A8N-SLI Premium) running OpenSuSE 10.1 and have had NO problems whatsoever… Up until 3 weeks ago, my only knowledge of GNULinux was that it existed, nothing more. On this fact alone, I can guarantee you that there are distro’s of GNULinux that are absolutely and completely simple to install and use.
So to answer you first point - OpenSuSE 10,0 or 10.1 are totally painless to install and use. I cannot comment on any other distro’s because I have not tried them.
2nd point - OpenSuSE WILL actually work…. Anyone that can read and follow the simple installation instructions can install this distro without a problem.