 |
Can Openness Save the Internet?
by Santeri Kannisto, in Editorials - Sat, Oct 30th 2004 00:00 UTC
The usefulness of the Internet has been severely compromised by a
proliferation of spam, worms, crackers, and viruses. The Internet
has been stifled by harmful traffic (and its related expenses) which
have increased to a now intolerable level. According to the U.N.,
UNTAD, Symantec, F-prot, MessageLabs, and several market analysts,
the financial burden of dealing with harmful Internet traffic reached
tens of billions of Euros this year. Next year will see this increase
to hundreds of billions of Euros if the problems worsen as forecasts
predict. What is destroying the Internet, and can its collapse be
prevented?
Copyright notice: All reader-contributed material on freshmeat.net
is the property and responsibility of its author; for reprint rights, please contact the author
directly.
The problems arise from closed source
The Internet's problems can be explained as a result of the widespread
use of closed source software, particularly the products of the
Microsoft monopoly. Most Internet-based attacks exploit bugs in software
produced by Microsoft. Although bugs will be inevitable in any new
software, in closed source software, they can only be corrected by the
software producer itself. This last point is crucial to understanding
how closed source software makes the Internet unsafe.
The producers of closed source software have no interest in fixing their
software's bugs; they do not earn money for bugfixes. Microsoft saves
money by leaving its bugs uncorrected. Nor is Microsoft interested in
creating solutions based on open standards -- to do so would be to
diminish their monopoly. On the contrary, Microsoft works to maintain
its monopoly by ensuring that its software remains incompatible with
that of other vendors.
The problem for Microsoft is that buggy software hurts its image. In
an attempt change this perception, Microsoft has renamed its bugs
"vulnerabilities". A vulnerability is something that could be cured. A
bug, on the other hand, is an error that demands immediate correction.
In this way, Microsoft distances itself from the bugs and defects in its
software.
Closed source software also suffers from a trade-off between security
and usability. Generally, the more secure a program is, the more
difficult it is to use. When a supplier has to choose between security
and usability, security always loses. Usability simply sells more.
The public sector is the key
The government is the strongest supporter of closed source software,
having committed to long-lasting delivery agreements with Microsoft. It
is often claimed that closed source software is more secure and reliable
because of the size of the supplier. In surveys about Open Source, the
smaller numbers and sizes of suppliers are emphasized as risks, as is
the cost of moving from closed to Open Source software. The imagined
weakening of the Open Source software industry is simply a bogeyman used
to scare customers into remaining with closed source software. Such
arguments support existing power structures and supplier relationships,
but fall short of an objective evaluation of Open Source software.
The public sector's decision to use closed source software is critical,
because it also binds private persons and companies to proprietary,
closed source technologies. By making all public sector application
forms only available as Microsoft Word documents, the government forces
its citizens to adopt proprietary software, too. The same problem can
be seen in several public sector portals which require visitors to use
Microsoft's Internet Explorer browser. One of these is the educational
portal for schools, a Web site supported by the Board of Education that
directs its visitors into Microsoft's sphere of power.
The intractable problem of spam illustrates the weakness of the public
sector when dealing with problems caused by closed source software.
Legislation has criminalized spamming, but no one realistically expects
the police to be able to resolve such crimes. If I reported every piece
of spam I received to the police, they would be investigating over
10,000 cases per month.
Moving from closed to open source will only happen with the active
participation of both the public and private sectors. Currently, both
appear to be simply waiting and hoping that the problems of closed
source software (viruses and spam) will be solved by a miracle. But can
we really afford to wait until the Internet and email become unusable?
The cost of moving from closed source to Open Source is insignificant
compared to the cost of losing email and the Internet.
Alternatives to the Internet and email?
The Internet can be saved by a large scale shift to open standards, open
architecture, open file formats, and supplier-independent Open Source
software. Openness allows bugs to be immediately fixed by all users,
without requiring special permission from the software producer.
If we stay with closed source, we will have to replace the Internet with
one of the following alternatives:
Safest of all would be to take up traditional communication methods like
fax and postage again, instead of relying on email. But is it possible
to return to these old methods, given the increase in communication in
recent years? Both fax and post are very slow and clumsy.
Secondly, the Internet could be partially replaced with parallel, closed
company networks by using VPN (Virtual Private Network) technology. This
would allow messages and information to be transferred securely inside a
single company. Messaging and communication would be limited to members
of the network and the common, global nature of the Internet would be
lost.
A third alternative would be to restrict incoming email messages
to those from known senders. This would completely block spam, but
requires hard-to-maintain sender databases and turning client contact
information into Web-based forms. This method would require acceptance
and participation from all parties, an impossibility due to the
conflicting interests of the open and closed worlds.
Post Scriptum
With these words, I would like to say farewell to all the IT folks.
Yesterday was my last working day at SOT.
Starting tomorrow, I'll be concentrating on the important things in
life; happiness and traveling the world with my wife. Perhaps when the
Internet and email are dead, we'll at least find ourselves free from the
slavery of the IT and information society.
Helsinki, Finland, 2004-28-10
Author's bio:
Santeri Kannisto can be reached at santeri.kannisto@sot.com.
T-Shirts and Fame!
We're eager to find people interested in writing articles on
software-related topics. We're flexible on length, style, and
topic, so long as you know what you're talking about and back up
your opinions with facts. Anyone who writes an article gets a
t-shirt from ThinkGeek
in addition to 15 minutes of fame. If you think you'd like to try
your hand at it, let jeff.covey@freshmeat.net
know what you'd like to write about.
[Comments are disabled]
Comments
[»]
So true
by Hyperboole - Apr 10th 2005 11:02:37
I have to very sadly agree. And this problem is 99.9 %s Microsofts fault.
Looking at the http://www.opensource.org/halloween/ hallowen documents is
very nerving. In comparision with the opensource® software community,
Microsoft is unbeliavbly niave and has some very evil plans. One is to
change protocols so they control them to help hinder opensource®
development. And I think it is even quoted "we'll gain market monopoly
and fix the problems 3-4 years later." Well said
--
e-mail hyperboole@gmail.com
[reply]
[top]
[»]
A general comment on virus problems
by Izak Burger - Dec 16th 2004 09:43:25
Lets analyse the problem on a basic level, as four statements:
1. You have a complicated device that has the ability to execute programs.
You want this device to execute programs, that is why you have it in the
first place.
2. You want this device to communicate with the world, making a
communications device out of it. It is therefore connected to a big
network called "the internet".
3. You want information to flow freely between your communications device
(also called a computer) and the big network (also called the internet).
This is why many people have a computer in the first place. It does not
matter if the information is pictures of kittens or a physics phd
thesis.
4. You do NOT (or rather should not) want programs to flow freely between
your communications device and the big network.
Up steps the problems (or what I see as the problem):
The lines between information and programs has been blurred though. I
blame much of this on Microsoft, example: MS word macro viruses. Ordinary
Joe Bloggs does not know the difference. Attachments are things you can
look at, pictures 'n stuff, animated birthday cards and Powerpoint make me
feel good's, right?
Joe runs an OS that supports some sort of remote procedure call. Joe
never uses this and is blissfully unaware of it.
These two general "vulnerabilities" makes it simple to get a
program onto Joe's communications device. If we mail it to him, he will
run it for us! Or we can just look for a nice big hole in that RPC server
and install it ourselves. This in itself violates my statement 4.
Up steps the solution providers:
Lets put in a firewall to stop someone from acccessing Joe's RPC ports.
We can make some bucks along the way too...
And lets get him an antivirus to help him distinguish between the good and
bad attachments.
My problems with this:
I don't see why a firewall is needed to protect vulnerable RPC ports that
should not be there in the first place. I know many of the Microsoft tools
use them, but for crying out loud they can listen on 127.0.0.1 by default
and spare as a whole bunch of problems. Granted, by not opening up your
ports for all the world you are running an implicit sort of firewall, my
point is just that you don't need an EXTRA product to make it work.
An antivirus will never be good enough to detect all problems out there.
A couple of people have to be infected before it is detected, reported and
an update pushed out. If my statement 4 above is observed, none of this
would be necessary.
Executable content should not pass between the two, period. Not where our
mythical Joe is concerned.
A couple of analogies come to mind:
George Orwell, 1984: Make it impossible to say anything bad...
Foolproof is often equivalent to "No provision for
adjustment".
Basically Windows tries to be everything to everybody causing a LOT of
problems. What we need is less unsecured over-powerful under-admined
windows PC's and more set-top boxes (or their equivalents). In this sense
Opensource might even save us, as it is a lot simpler to build such a
no-nonsense tool that fit the Bloggs' lifestyle.
But that is just me... I've been harping on this "no executable
content" thing for way too long now...
Cheers,
[reply]
[top]
[»]
Re: A general comment on virus problems
by Melvin - Jan 17th 2005 14:59:11
> Basically Windows tries to be everything
> to everybody causing a LOT of problems.
This line of your post says a LOT... It remainds me of a quote I once
read on the qmail's author website:
"Security holes can't show up in features that don't exist."
It also has another quote that I love and always recomend to follow:
"Keep it simple, stupid."
Regards,
[reply]
[top]
[»]
Support Contracts
by A. Hawdon - Nov 19th 2004 11:15:52
The reason many companies choose the software/'solutions' they do is
because they have the present and the future to think about.
The present;
The IT departments of non-tech companies aren't stocked to the gills with
hackers and coders, therefore the deployment of many open-sourced solutions
is out of their reach due to the lack of documentation open-source projects
put out. Also these projects are managed by individuals in their spare
time - with the noteable exception of things like MySQL - so what happens
if the project leader gets hit by a bus, there'll be no funding available
to rope someone else in to take over and the project will likely stagnate
and die.
The future;
When things go wrong - and they always do - a decent support contract is
worth its weight in gold. No IT manager will take on a system where the
buck stops with them (except in cases where they have a department full of
coders/hackers). If you can enter into an agreement with the vendor so you
have someone to log a 'priority 1' call with who will HAVE to fix the issue
- then everything will be okay, and if it isn't, you have someone else to
blame.
So - on to the solution;
What we require are companies willing to offer support contracts for
open-source software. We either need heavy-weight companies offering this,
or a large number of small companies that the customer can chop and change
between should they need/want to. There also needs to be greater adoption
of open-source projects by commercial companies - providing they keep with
the spirit of the game. This adds a hell of a lot of weight to a project
and gives 'buyers' confidence that their investment won't be negated by the
'lead developer getting hit by a bus'.
All in all - until we get some proper documentation and support contracts
sorted as until we do nobody who values their job will take this stuff and
run with it.
[reply]
[top]
[»]
Windows is popular.
by Lev Shamardin - Nov 9th 2004 23:57:06
"The problems arise from closed source".
The problems arise from popularity, not from the closed source. It is a
fact that windows products are much more popular then opensourced. Due to
this there are lots of virus authors and other hackers efforts are devoted
to finding bugs in Microsoft products, not in opensourced ones. I believe
that many popular opensourced products have at least the same amount of
bugs as Microsoft's products have, we just don't know about it. And even if
a vendor or an opensource community will fix the bug rapidly it will not
have any effects as it could be seen with the Microsoft's case: noone will
care installing the bugfixes and patches! If you look at the history, you
could notice, that Microsoft had released patches for some critical bugs
weeks before the viruses exploiting those bugs appeared. In case of Linux
community it could be even worse, because Linux does not allow that easy
binary-patching as Windows software does, it is more difficult to install a
bugfix for an opensourced program. And nothing will change if there is a
bugfix, but it was not installed by the end user or a sysadmin.
"Alternatives to the Internet and email?"
"Safest of all would be to take up traditional communication methods like
fax and postage again, instead of relying on email."
We receive quite a lot of fax spam and junk mails in our office, and our
fax number is not even a well-known advertised fax number. Fax spam is even
more expensive for the spam recipient than the email one.
"Secondly, the Internet could be partially replaced with parallel, closed
company networks by using VPN (Virtual Private Network) technology. This
would allow messages and information to be transferred securely inside a
single company."
In our company we have some internal email system which is not advertised
to the outside world. We do not receive any spam within internal email.
"A third alternative would be to restrict incoming email messages to those
from known senders."
It is not possible to strictly identify the sender of an email without
moving to SSL/X509 protocols. BTW, any web forms without anti-robot
protection can be easily spamed and any anti-robot protection annoyes your
customers.
[reply]
[top]
[»]
Re: How does popularity matter?
by stefan - Dec 1st 2005 19:07:54
> "The problems arise from closed
> source".
> The problems arise from popularity, not
> from the closed source. It is a fact
> that windows products are much more
> popular then opensourced. Due to this
> there are lots of virus authors and
> other hackers efforts are devoted to
> finding bugs in Microsoft products, not
> in opensourced ones. ...
Well, I'm hearing that argument since the mid '90ties, when viruses where
spread by floppy-disks for the MS-plattform exclusively.
I guess we have as much linux-users as we had windows-users in the mid
90ties, but that's of course a vague estimatition.
Do evil hackers concentrate only on popularity by percentage-use?
Of course your virus is spreading better, the more people it adresses, but
why don't we see 95% win-viruses, and 3% linux- and 2% mac-viruses? (bad
estimations again).
If OSS software is adressed so rarely by evil programs, shouldn't it be so
weak, that it would be easy to use its vulnerabilities?
Popularity can't be ignored, but we can't excuse every weakness of
Windows-Software by popularity.
We have to mention at least two facts - one mentioned before:
a) Windows is designed without security in mind.
b) The windows-culture is attracting attackers. Expensive programs lead to
unlicensed software, organized from dark channels, leading to fear by the
users, to be caught, and therefore they're avoiding updates. They often
believe to be spied out. And the closed character of the software makes it
hard to prove the opposite.
[reply]
[top]
[»]
What if I just doubt the premise?
by Rev. Adam Tauno Williams - Nov 7th 2004 09:59:24
"The usefulness of the Internet has been severely compromised by a
proliferation of spam, worms, crackers, and viruses. The Internet has been
stifled by harmful traffic (and its related expenses) which have increased
to a now intolerable level. According to the U.N., UNTAD, Symantec, F-prot,
MessageLabs, and several market analysts, the financial burden of dealing
with harmful Internet traffic reached tens of billions of Euros this
year."
Billions or euros? How? Honestly, how does someone come up with these
numbers. I am the sys-admin at an Internet connected company, we use all
the standard Internet facilities: SMTP, VPNs, IM, DNS, etc... We host an
e-commerce site for our customers, etc...
And dealing with 'hostile' traffic is just part of the daily grind, and
not really that big a deal. We've had a couple minor virus outbreaks
internally, none took down any critical systems; mail is easily enough
checked via a milter whose updates, etc... are totally automated. A coupld
of simple tweaks and I get nothing more that two or three SPAM messages a
day...
I just don't see this huge terrifying burden.
[reply]
[top]
[»]
Hogwash..
by Ron Fox - Nov 3rd 2004 13:34:06
The premise is hogwash:
<P>
As pointed out spam is due to an inherent weakness in an >open<
protocol, smtp.
With respect to virii: Open source, is not a gaurentee that problems will
be fixed, or that the fixes will be any good. What is really required is
an industry wide committment to putting quality into the software.
Unfortunately the pressure to be first to market militates against that in
the commercial realm.
[reply]
[top]
[»]
Re: open protocol vs. open host for spamming
by stefan - Dec 1st 2005 19:21:17
smtp is an open protocol, but isn't the mail sent from winboxes, where
trojan malware and rootkits took control for spamming?
Did we hear from Linux-clients which use smtp too, that sent spam?
[reply]
[top]
[»]
Spam has NOTHING to do with closed source
by AEB - Nov 1st 2004 08:00:20
How is spam a problem due to closed source? Spam would not happen if SMTP
(an open protocol around since 1982) required authentication and had
safegaurds in place to not allow email header spoofing, etc.
So how is this in any way related to Microsoft and/or closed source?
[reply]
[top]
[»]
Re: Learning from Weaknesses
by Melvin - Nov 2nd 2004 23:59:22
I kinda Agree on the SMTP point and I kinda disagree with putting all the
blame on Microsoft products for the
collapse of the internet...
Many of us love UNIX like OS, but I know for a fact that if those
systems would be used for the desktop as much often as Windows is right
now, the Internet-based attacks, exploit and bugs would be as many or even
worst than now.
Having Open Source Software in a big scale desktop user group could
rise several new problems, any malicious hacker could just do anything and
the average user could not do much to stop it... And AVs for this would be
so much harder to have than with MS Stuff.
To have a safer internet the guys who make standards should learn from its
current weakness and rewrite some old rules, mostly with e-mail.
SMTP and HTTP might be improved, I even think Gates has a
point on putting unique IDs on outgoing e-mails to make easier to catch
spammer sources.
[reply]
[top]
[»]
Re: Learning from Weaknesses
by Jude Berrt - Nov 8th 2004 13:59:12
> Many of us love UNIX like OS, but I know
> for a fact that if those systems would
> be used for the desktop as much often as
> Windows is right now, the Internet-based
> attacks, exploit and bugs would be as
> many or even worst than now.
How do you know this?
> And AVs for this would be so much
> harder to have than with MS Stuff.
You work for MS, don't you? There are already AV tools for *nix.
I mean, really, the article is pretty obviously flawed, but at least you
could point out its actual flaws, not imagined ones.
I'll stop feeding the trolls now.
--
We're out of dynamite. What we need now is a plan! --PCU
[reply]
[top]
[»]
Re: Learning from Weaknesses
by Melvin - Nov 8th 2004 16:11:25
> How do you know this?
Widows might be the most insecure system in the world but is also the most
used operating system in the world, I love Linux but I know the desktop
user base has probably no more than ten million people, most of them with
good computing knowledge.
If Linux had a desktop user base of 300 million people, it would be as
"insecure" as Windows 'cause for me is a matter of numbers... Having the
kernel source code would make it easier for virus makers to make more
efficient maliciuos apps.
> You work for MS, don't you? There are
> already AV tools for *nix.
Nope, I don't have any affiliation with Microsoft, not that I wouldn't
like it... I think both MS and Unix like Operating Systems are pretty good
and they are very good productive environments.
So far, I prefer Windows for the Desktop and Linux-Unix for Internet based
Services.
Regards from Venezuela!
[reply]
[top]
[»]
Re: Learning from Weaknesses
by RegDwight - Jan 17th 2005 13:25:51
> If Linux had a desktop user base of 300
> million people, it would be as
> "insecure" as Windows 'cause for me is a
> matter of numbers
I am sorry, but I have to totally disagree with you on this.
If you were right, apache would be the most insecure server ever. I
don't have the exact figures handy, but I think their market share is about
70%. So they do happen to have a "user base of 300 million people".
Now, according to you, MS servers couldn't help but be much more safer,
much less vulnerable, much less targeted by attacks than apache ones. But,
guess what -- it's actually the other way round. Which proves you wrong.
Cheers,
Reg.
[reply]
[top]
[»]
Re: IIS vs Apache?
by Melvin - Jan 17th 2005 14:38:00
> If you were right, apache would be the
> most insecure server ever. I don't have
> the exact figures handy, but I think
> their market share is about 70%. So they
> do happen to have a "user base of 300
> million people".
Hi Reg.
You got a point!... I agree with you on the Apache vs IIS matter,
but I still think Linux
wouldn't be as "secure" if it had a bigger user base. I know I could be
wrong, in fact, there could be a lot of new measures and posible features
for Linux that could change my mind.
Anyways, IIS still runs on the most widely used operating system
family and Apache is far from being an user friendly personal server.
I could bet, there are more IIS and PWS running on PCs than the whole
Apache is over the net. This means that a lot more people has the hability
to test drive IIS than Apache, even if more people access Apache served web
pages.
Don't get me wrong, I love Apache and Linux but I still think is a matter
of numbers... Again, I might be wrong, I just give you my point of view.
[reply]
[top]
[»]
Re: IIS vs Apache?
by David BL - Mar 22nd 2005 02:08:44
> I agree with you on
> the Apache vs IIS matter, but I still
> think Linux wouldn't be as "secure" if
> it had a bigger user base.
That's the same senario if you take any software. The more poeple who uses
the software, the more errors get stumbled upon. (It's the put the monkey
infront of the keyboard test - You can always find new errors) But the
diffrence here is that most linux software is opensource. So not only do we
have the plesure to find errors but also they can be corrected without
compromiseing anything. And that is what takes distance from Microsoft. We
don't need to wait ages for a uniqe update to fix one bug/hole that infact
leads to a new bug/hole. Im not saying the same senario won't apear for
linux users (ofcourse they do) but there are so many eye's on the ball when
something get's fixed on linux software/patches/updates that they usaly
don't make errors. When do Microsoft throw the ball up in the air? -
Never.
> I know I could be wrong, in fact, there could be
> a lot of new measures and posible
> features for Linux that could change my
> mind.
One of the thing's iv'e always been happy about is that fact how linux
works with the protocols vs software and what possibilities there are.
Where Microsoft don't ever use the fully potentional functions given to you
in the rfc/protocol (or they just hide it for the public to use) Linux
always takes these small aspects along aswell.
But later on iv'e always reminded myself that it's not that the software
is better it's that the programmer who are makeing the software that are
widely more openminded. A Microsoft programmer don't have to think on
userfriendly or user functions as they already have their "standarts" so
they don't work outisde the thin red line they have. Where a programmer
that makes software for linux goes baserk in that way he add's all possible
functions he can to the software. This is also offent the course why linux
software can look so chubby and packed. But i love it, it goes without
saying that.
--
z/OS System Programmer
David BL
Denmark
-- ------------------------ ---- ---- -- -
[reply]
[top]
[»]
Linux Could Easily Rule the World
by Digital Darrell - Oct 31st 2004 08:02:52
As we all know, Linux is the backbone of the Internet. The largest
percentage of ISPs use Apache for eMail, and some flavor of Linux on their
servers. This Open Source system happily passes all the spam, viruses,
trojans, malware right along the internet wiring. It is not the job of the
infrastructure to clean up internet traffic, any more than it is the job of
a water pipe to clean up the water traveling through it.
ISPs can install SPAM filters, and do install firewalls to cut down on
intrusions, spoof attacks, DOS attacks, port scan attacks, and other
nasties from the trojans and hackers of the world. But, the ROOT of this
problem is indeed with the common user...the endpoint of Internet's traffic
flow. Many users, these days, have some form of virus scanner running, and
use the new personal firewalls, privacy guards, and malware programs. But,
the large majority of users, either in the home, or in the corporate world,
are not fully protected, and so, continue to be a point of distribution for
the junk that plagues us all.
I am a humble IT guy, and my corporate users are protected from external
intrusion by tight firewalls, and server-based virus scanning. On the
internal network, each user is now running a personal firewall, virus, and
malware scanner to protect from the occasional baddy that gets in through
e-mail. So, even with Microsoft software it is not too expensive to
protect the network. I estimate that about $50.00 per year per terminal is
the average cost. Not cheap, but not overwhelming for most companies.
Most of the attacks we experience are from trojans and the like taking
advantage of the "vulnerabilities" (massive gaping holes) in
Microsoft's Internet Explorer and Windows OS in general. Things have
improved somewhat since we replaced all Windows 98 OS software with Windows
2000 and XP. But, the holes are still there, due to the need to remain
backwards compatible with old program code. Microsoft is forced to leave
hooks into the kernel of the OS, so that old 8-bit and 16-bit code will
still run.
The network file-servers are easily configured these days with nice robust
Linux. A great workstation solution would be to replace Windows 2000 on the
desktop with something like Debian or Mandrake, kill Internet Explorer with
Mozilla FireFox, and Evolution or Mozilla Thunderbird for e-mail.
Unfortunately, until the home user in general (which includes all the
bosses and executives of corporations, who make the final buying decisions)
accepts Linux on the desktop, we are going to continue dealing with this
nasty internet traffic that makes our lives more complicated. It is a sad
FACT that software makers like Pagemaker, Photoshop, Dreamweaver, Word,
Excel, Access, and all the other Windows-based programs will NOT port their
software over to a Linux environment. There are simply not enough users.
There are open source equivalents, like the Gimp, OpenOffice, etc. But,
people who have spent literally years of their lives learning how to use
certain software will not give it up easily, even if the open source
solutions are way better and much less costly. As an example, an entire
generation of seamstresses and tailors had to die, before the sewing
machine was accepted into general use.
In my opinion, what is the primary obstacle to desktop acceptance of
Linux? Well, as an IT guy I can install and make Linux work on my home
computer, and my work computers. But regular USERS cannot! What is the
primary obstacle to the home user using Linux instead of Windows? SOFTWARE
INSTALLATION!
Here is an example, from my own use of Linux on the desktop, compared to
Microsoft Windows. Last week, I finally became so fed up with the crappy
Internet Explorer that I let one of my Linux guru buddies (thanks, Issac)
talk me into trying Mozilla Firefox. It was love at first use! I
instantly replaced all my Windows users Internet Explorers at the office
with FireFox, and everyone is very happy with the speed, lack of errors,
and simplicity of the interface. The Windows installation was VERY simple
and fast, with full import of all “Favorites” URL links.
So, I decided get rid of the old Netscape running on my Mandrake terminal
at home, and switch my own personal Linux box to FireFox. Surely, the
installation would be as simple on Linux as it was on Windows, right?
NOPE! Not even close! I am writing the following paragraphs from the
perspective of a relatively new user of Linux.
I installed FireFox by figuring out how to unzip a GZ file, then created a
directory for the installation files. After I successfully installed the
software, I happily opened up my KDE menu to run FireFox. What! It is not
there on the menu, and no icons on the desktop either. Hmmm! So I opened
up my file manager and browsed down to the directory containing the FireFox
installation. I clicked on promising files in the plethora of directories,
with no results. Finally, I found a file called “FireFox,” which was an
“executable text file” or script that runs FireFox. Of course, when I
clicked it a little window opened that asked whether I wanted to do the
following: Display, Run in Terminal, Cancel, or Run the software. I could
run it from there. I finally figured out that I could copy the file to the
Mandrake desktop and it would execute FirFox without trouble.
Now, what is the difference? On Windows, I simply installed it and
started using it immediately. On Linux, I had to jump through several
hoops that a normal computer user would never begin to figure out. Things
have improved drastically since the “old days” in which I would have to go
out and CHMOD a file or two on every program I installed on Linux, IF, I
could even figure out where the installer installed it in the first
place.
To many of you full-time Linux heads out there this may sound silly, and
you may be inclined to scream “RTFM”, when in fact no manual exists, other
than Google. I am a computer tech with massive Windows networking
experience (WAN and LAN), and have been in the computer business since the
days of the Commodore 64.
My opinion is simple. When Linux (as secure as it is) starts acting like
Windows in MORE than the appearance of screens, it could in fact dethrone
Microsoft on the desktop. At that point, even normal users would ask for
Linux instead of Windows, and software makers everywhere would port their
software over to Linux. Even Microsoft would be inclined to do so, since
they are all about making massive quantities of money. (Is Microsoft Linux
very far away?) Look at the Macintosh. A good portion of the software it
runs is Microsoft-based. DO we want Microsoft’s software running on our
Linux terminals? Most current Linux-heads would scream a resounding “NO!”
But, realistically, until enough users switch to Linux to make Microsoft
take notice and start thinking about porting their software, Linux has not
yet arrived on the desktop. Everyday Windows users MUST have their
familiar software available, BEFORE they will switch.
Some may say…but what about using WINE to run your Windows software. To
this I say, “yeah, right!” Can you imagine a normal user, who can’t even
find his installation of FireFox to do a WINE configuration. Nope! And,
that is not to mention the hard-core gamers running EverQuest, Anarchy
Online, EVE, Star Wars, and the many other MMORPGs that will ONLY run on
Windows.
The OS is of little importance to users. It is the SOFTWARE that excites
them. Linux does not have the software yet, because there are too few
desktop users. That is primarily because it is simply to complex to
install software on Linux. Linux is fast, slick, and beautiful in
appearance, and it is stable as a rock. But, it is unusable by a normal
user, and so…is dead in the water. Until Linux programmers wake up to the
fact that users must install software successfully and make a working
installation system, Linux will never move past the server-base where it
lives now.
To many Linux users and developers, that is just fine. They have their
highly-complex OS that keep everyone else away, and they like it that way!
But, out here in the real world, we are plagued with trojans, viruses,
malware, demonized Active-X controls, and all sorts of nasty things to kill
our data and make our lives complicated and miserable. The majority of
these problems are due to the unsecure Microsoft world we live in. Please,
Linux-heads, help we mere users escape this horrible situation. This is a
call to Linux guys with a heart. Please, make us an OS that is secure and
that we can use WITHOUT 3000 hours of command-line and script
indoctrination.
You hold the solution to the Internet’s problems in your heart, head, and
hands!
--
Digital Darrell
[reply]
[top]
[»]
Re: Linux Could Easily Rule the World
by Jim - Jan 9th 2005 13:05:43
Digital Darrell,
You are right on. Even apple users find it simple to install and use
software. I have dabbled in Linux for years and find myself returning to
windows saying, "I don't have time for this learning curve". I have been
told there are some installation apps out there for Linux. I often have
felt that the Linux communities commitment to become a dominate OS is
false.
--
Jim
[reply]
[top]
[»]
lack of action incomprehensible
by wouter - Oct 30th 2004 20:24:32
I think it's hard to limit any discussion about the current state of the
internet without having to digress into discussions about post-industrial
nihilism, apathy, dangers of extreme capitalism and deterioration of higher
values, lack of education, uninquisitivity and blind faith in large parts
of the world. Don't think too far.
Perhaps there should be an obligatory license for people (like a drivers
license) so their ignorance wouldn't make things worse, but even such a
license it can't protect us from their apathy, stupidity or greed - both
from the writers of spam and virusses, and the people who help spread the
virusses or react to spam emails.
In my opinion, the internet was better seven years ago, mostly unspoiled,
before the low-life crud, big corporate noise and average Joe showed up and
everything turned into banners, spam and virusses; but ofcourse, it depends
on what you want out of it, free knowledge or backgrounds of kittens and
sports cars.
I really, honestly, do not understand how anti-spam people can claim that
most of the worlds spam comes from the same 10-20 people (seems true when I
check the thousands of spam emails I get every month) and those people
still walk around freely. I think known-senders, your third solution, is
the only viable one. Combined with some temporary email addresses and a
well kept secret one you defend with blood, sweat, tears and a baseball
bat.
It seems we live in a open, free and democratic society, and thus must
learn to live with everything being lowered to the standards of the masses
- and sadly enough that includes get-rich-quick schemes, chainmails,
virusses, point-and-click operating systems and instant sys admins.
Owning an island would be great, sometimes.
About Microsoft... ofcourse they should be held accountable for their
bugs, but if you make all developers accountable, opensource developers
would be exposed to the same scrutiny, creating a difficult situation.
That's why I think it's most important that there are alternatives, a truly
open market, and not dominance by a company that really isn't too
interested in improving the whole internet (open standards) or the quality
of their own products (security).
It would probably help if the government would be, just once, on the side
of the people and kick such companies around a bit rather than the other
way around. Since Microsoft seems to pay a lot of money to politicians and
election campaigns in the US, this quickly becomes a very wide discussion
again.
Mankind gets what it deserves, sorry if you're a better person than most.
[reply]
[top]
[»]
re:
by ljones - Oct 30th 2004 17:37:10
I don't think the author of the original post here is being alarmist. Spam,
malware, software that uploads junk to your pc and soforth is becoming a
bigger and bigger problem.
While I'm all for switching the internet over to open source software, I
really don't think it's ever going to happen. What everyone seems to forget
is to make that sort of switch dosen't just require a technical change -
it would require a social and possibly even a political change too.
It's taken something like 20 years for computers to be even accepted in
the home. It's taken that long for people to even begin to accept
computers. And it needed a social change too - even this.
The problem then is will we get that social change that's needed to switch
from propietary to open source? Unlikely from what I see. It would be
easier in some countries than others, but those countries whose entire
philiosiphy is built around making money being the be-all and end-all of
everything, or putting money above all else are going to find it the
hardest to change. In some countries it's the case that money pratically
rules and that big business is pushed onto people pratically at every point
in their lives :( .
Certianly, microsoft are responsible for a lot of what is happening.
After all it's largely thier OS that is at fault with all its security
problems. Microsoft love to paint the picture of their OS as being
something wonderful when it isn't. Remember the near-hysteria when Win95
was released? When people just go mad for a product based purely on hype
you can hardly call it a reasoned and considered and well-thought out
choice.
Microsoft too love to push the idea that you don't need to be a technical
expert, too. Remember that MS advertising campaign that portrayed (was it)
either hackers or computer technicians as basically being dinosaurs? It's
that sort of stupid message that just dosen't help. A PC is a complex
thing; if you get into someone else's car you would want them to be a
competent driver; a PC is arguably a lot more complex than a car. So to say
you need no brains to operate one is ludicrus.
And it's microsoft's use of propietary stands and their messing up of free
standards that causes a fair amount of trouble too. Rembember Kerbeous and
microsoft misusing a protocol? And what about IE and Windows with all those
lovely hooks right into the OS - all there waiting for some spammer to come
along and mess up your computer for you. Microsoft certianly should share a
large proportion of the blame - after all it's their software that is
running most stuff.
The users too I think although they can't be entirely blame should at
least do more than *nothing* if they want to use a PC. What I mean is this:
If you're an end user actually learn the basics about PCs. Again you
wouldn't jump in your car without having a few driving lessons would you?!
There are unfortunatly those end users out there who just see
"Microsoft" and "PC" and never think to question these
two things. They see those spammy tv ads with overpaid actors with windows
and graphics flying around their bedrooms or living rooms and can access
all kinds of stuff by pressing one mouse button (junk advertising) but yet
are first to scream and shout when they turn the PC on and when something
is less than 100% optimal or something minor just dosen't work.
I remember .... in the past, you know - to be a computer programmer - to
call yourself a computer programmer you had to either have something like a
qualification or a degree and actually *know* a programming language.
Compare that to today when you get lots of fools out there who proclaim
themselves to be programmers when all they can do is write 3 lines of HTML.
That's not knowing how to use your computer properly, and it's not being a
programmer either. Total Ignorance is no excuse.
It's not just microsoft, however. They are certianly the worst but there
are several other companies that are almost as bad. And just because a
company declares it will use OSS dosen't mean to say it won't try to
copyright and magically turn in it into propietary software at some later
stage - a warning to all those who trust IBM. IBM could always do a
microsoft at some point in the future.
It would be a good thing though if we could move the internet over to OSS,
but really I don't think it's going to happen any time soon. The
corporations and companies out there simply excert and have too much power
and money; it's very hard to fight them let alone get your message across.
Unfortunatly there seems to be 2 ideas of what the internet should be - one
is having the internet as OSS and having everyone able to access informtion
while the other is just having everything propietary and turning the
internet into just one huge electronic shopping mall. x.x
Guess which one's unfortunatly winning at the moment? :(
(Me personally I do not use windows, I will never use it and I have no
intrest it any longer. )
PS, apologies for going OT.
ljones
[reply]
[top]
[»]
re:
by ljones - Oct 30th 2004 17:42:08
I forgot to add too: how's about this as an idea. How's about the internet
and whatever powers it - not as some huge grand moneymaking scheme or some
enormous electronic shopping mall but instead have the internet as a public
service? Would that work? :)
ljones
[reply]
[top]
[»]
re:
by Rev. Adam Tauno Williams - Nov 7th 2004 19:11:58
> instead have the internet as a public
> service? Would that work? :)
Yes, but lots of things that 'would work' are totally impossible for
political reasons. Heck, in the US of A we don't even have the public will
to make health care available to most citizens.
[reply]
[top]
[»]
Whose fault is it anyway?
by Mike - Oct 30th 2004 13:37:07
As another poster said, this is the age of the "Personal
Computer". Now all us tech-heads love this fact, but normals hate
having to use a computer. Most people just use Windows, and just run the
software that came with it. Yet we insist they have the opportunity to
install and run anything they like. If they were allowed to live without
this unused functionality, they'd be much less vulnerable.
Spam and virus blocking is the responsibility of the ISP, not the
user.
The cost of malware may be high, but it is borne by those who fail to
defend against it. Companies which use the Internet as a cheap WAN should
expect an associated drop in security. Drop the V from VPN and you're much
more secure. Industry needs to sort this out because it's only hurting
itself.
And let's not forget that there's a whole world out there still using
Windows '98. They are the workhorses of the virus. You can blame MS for
that, but there's not a lot they can do about it now.
--
--
Mike
[reply]
[top]
[»]
Bugfixing by everyone
by jrisidore - Oct 30th 2004 04:55:50
As you state with open source / free software everyone is allowed to fix
bugs themselves. This surely is right, but far from reality. Only a
minority of the users are developers and even of them only few care to fix
a bug by theirselves. The majority simply waits for the distributor or
original author to release a fixed version.
Changing all software from proprietary to free software will not abandon
the security issue unless you change the attitude of the users. It helps,
yes, since bugs are spotted faster and more people will do code reviews.
But if the users don't care or even know about security that advantage does
not mean much.
[reply]
[top]
[»]
"The sky is falling"
by joe83 - Oct 30th 2004 02:05:36
I am neither a user or fan of Microsoft, but blaming all the current
internet problems on them is silly. Malware writers, spammers,etc target
MS products for the simple reason that MS is the predominant OS in use thus
offering a more target rich environment.The answer IMO is educating users.
I can't count the times I've helped people repair their machines and found
systems with no firewall or antivirus installed, users operating with admin
privileges and machines with hundreds of spyware programs installed. An
uninformed user will continue to have their system exploited . Take for
example the current wave of phishing scams. Uninformed users will fall for
these scams regardless of OS or software.
In closing let me state I found the tone of the article to be needlessly
alarmist .
[reply]
[top]
[»]
Re: "The sky is falling"
by spamviz - Oct 30th 2004 04:54:44
> I am neither a user or fan of Microsoft,
> but blaming all the current internet
> problems on them is silly. Malware
> writers, spammers,etc target MS
> products for the simple reason that MS
> is the predominant OS in use thus
> offering a more target rich
> environment.The answer IMO is educating
> users. I can't count the times I've
> helped people repair their machines and
> found systems with no firewall or
> antivirus installed, users operating
> with admin privileges and machines with
> hundreds of spyware programs installed.
> An uninformed user will continue to have
> their system exploited . Take for
> example the current wave of phishing
> scams. Uninformed users will fall for
> these scams regardless of OS or
> software.
> In closing let me state I found the tone
> of the article to be needlessly alarmist
> .
I wish the article's author a happy retirement.
I too am proud to be Windows free, and do not wish to be thought as
defending that OS.
Yet I also agree that pointing at any one operating system while
disregarding the fact that it happens to be the largest easy target is an
over simplification of the problem.
Considering just one aspect of the problem, spam;
The receivers of unwanted email out number the senders by 5 to 6 orders of
magnitude.
Better education and better tools in the hands of that larger number will
be a big step in controlling it.
--
SpamViz
[reply]
[top]
[»]
Re: "The sky is falling"
by Web Smart - Oct 30th 2004 10:15:27
With the age of personal computers, the target users are common people, not
technical experts. You want patients to interact with specialist doctors
and students with poetry teachers. None of them would and could enter into
Firewalls and Secured environments and try to understand differences with
http: and https:
Those issues were not meant for them. The patient connecting with
her dictor's office gets reassured to enter her username/password and feels
comfortable that she is accessing her medical records fully authenticated
with her user account.
Why do you expect her or her doctor to know firewalls ? They must know
their own profession and providing virus free, secure connection is OS and
Network Service providers' business.
It is THEIR failure to provide users with foolproof connections and
user accounts. DO NOT BLAME USERS for you finding their PCs
without firewalls, anti-virus softwares etc. Why anti-virus is sold
seperately and it is not part of OS ? To milk the user later on with
upselling of anti-virus ? Why she pays to buy low security OS and keep on
worrying about which anti-virus is best and how to install it and how to
upgrade it and where to read how to protect your dumb OS against spam and
virus attacks.
Learn to write your OS better, dumbheads. Sometimes people watching the
entire scenario from the top might be wondering if it is as part of
dirty plot against innocent users.
--
*** expect a bit delay if you demand impossible from me ***
[reply]
[top]
[»]
Re: "The sky is falling"
by Nate - Nov 1st 2004 04:48:43
> anti-virus softwares etc. Why anti-virus
> is sold seperately and it is not part of
> OS ? To milk the user later on with
> upselling of anti-virus ? Why she pays
> to buy low security OS and keep on
> worrying about which anti-virus is best
> and how to install it and how to upgrade
> it and where to read how to protect your
> dumb OS against spam and virus attacks.
While I agree that the average user shouldn't (and oftentimes can't) be
expected to choose and maintain security software on their computer.
This _doesn't_ mean A-V software should be included in the operating
system, just like a browser shouldn't be embedded in the OS.
Companies like Dell and Gateway, who supply computers and software
packages to consumers should be the ones making sure their product has A-V
software with it. And I'm fairly certain they do.
Including anti-virus in the operating system itself will just destory
competition, in turn destroying the incentive to have a better
product.
Who wants to spend $150 on Norton AV when Windows comes with Microsoft
Virus-Block?
[reply]
[top]
[»]
Re: "The sky is falling"
by Web Smart - Nov 1st 2004 20:04:11
>
> While I agree that the average user
> shouldn't (and oftentimes can't) be
> expected to choose and maintain security
> software on their computer.
> This _doesn't_ mean A-V software should
> be included in the operating system,
> just like a browser shouldn't be
> embedded in the OS.
> Companies like Dell and Gateway, who
> supply computers and software packages
> to consumers should be the ones making
> sure their product has A-V software with
> it. And I'm fairly certain they do.
> Including anti-virus in the operating
> system itself will just destory
> competition, in turn destroying the
> incentive to have a better product.
> Who wants to spend $150 on Norton AV
> when Windows comes with Microsoft
> Virus-Block?
You want customers to pay $150 for you bring out a weak product ? If your
OS does not understand virus attack and prevent it, it is DUMB OS. Why
customers should pay for it in the first place. You want a competition at
the cost of a healthy product and good operating environment ?
Escalating your argument in same way, food companies should give you
rotten junk food so that you fall ill and medicine companies and doctors,
hospitals make a living out of you.
Clothing companies should sell you dresses which get torn and fade in just
first washing, so that you need to go to market and buy again.
If Microsoft comes out with an OS which itself blocks viruses, it is then
charging for a product that deserves a payment. Lots of robust and more
secure than microsoft OSs comes for free.
what are you recommending ?
OPEN YOUR EYES
--
*** expect a bit delay if you demand impossible from me ***
[reply]
[top]
[»]
Re: "The sky is falling"
by Nate - Nov 8th 2004 04:39:28
>
> You want customers to pay $150 for you
> bring out a weak product ? If your OS
> does not understand virus attack and
> prevent it, it is DUMB OS. Why customers
> should pay for it in the first place.
> You want a competition at the cost of a
> healthy product and good operating
> environment ?
>
> Escalating your argument in same way,
> food companies should give you rotten
> junk food so that you fall ill and
> medicine companies and doctors,
> hospitals make a living out of you.
>
> Clothing companies should sell you
> dresses which get torn and fade in just
> first washing, so that you need to go to
> market and buy again.
>
> If Microsoft comes out with an OS which
> itself blocks viruses, it is then
> charging for a product that deserves a
> payment. Lots of robust and more secure
> than microsoft OSs comes for free.
>
> what are you recommending ?
> OPEN YOUR EYES
This is where fact blends with opinion.
I believe Microsoft should be selling a core OS for a lower price.
Your analogy is a little skewed.
You can be expected to wear clothes without any 'configuration'.
Microsoft is selling the fabric, and you make the clothes yourself. The OS
is nothing without the software.
If you put your clothes in a closet without mothballs, it's your own fault
when you get moth-eaten shirts.
If a fabric company is bundling mothballs with it's product, it will be
busy combatting bigger, stronger moths while it should be making a better
fabric.
[reply]
[top]
[»]
Re: "The sky is falling"
by antrik - Nov 12th 2004 19:02:16
> DO NOT BLAME USERS
While better designed software can certainly help (the "security center"
in XP
SP2 is an ENORMOUS improvement, for example), it remains a fact that
user
education is the decisive part. Do you expect doors to automatically
prevent
opening to dupers? Certainly not. Why would you expect that from
computers? The
reason why people are reasonably safe against the "classical" forms of
fraud is
that children are taught from small on not to trust strangers at the door.
The
same needs to happen in the IT world.
[reply]
[top]
[»]
Re: "The sky is falling"
by WaltSullivan - Oct 30th 2004 11:20:50
>... Malware
> writers, spammers,etc target MS
> products for the simple reason that MS
> is the predominant OS in use thus
> offering a more target rich
> environment.The answer IMO is educating
> users.
>...
False reasoning - See "Security Report: Windows vs Linux" at
http://www.theregister.co.uk/security/security_report_windows_vs_linux/
Apache is the most used web server (68%, according to a recent Netcraft
survey), but Microsoft IIS is the most attacked, because it's closed,
intentionally interdependant on other Microsoft software, and easy to
attack.
I agree that User Education is very important, but educating users to keep
they information in formats they don't have to rent from Microsoft is part
of that education, IMHO.
[reply]
[top]
[»]
Re: "The sky is falling"
by PerlChild - Oct 30th 2004 12:09:29
> scams. Uninformed users will fall for
> these scams regardless of OS or
> software.
Most of these users aren't just uninformed, to the samples of those users
I've met, requiring of them to keep informed is worst than having a
non-functional Internet.
Now, conceptually, the Internet is built on the idea that participation is
very much requirement-free, since the protocols were built back when it was
a privilege to connect. Right now, it's considered a free speech issues in
some countries. The basic protocols haven't been updated enough that we
can consider excluding participants who behave obnoxiously on the technical
level. On the legal/social level, those processes are slow, and the layer
between physical identification/authentication is weak and permeable.
Perhaps one solution would be to upgrade protocols where improper behaviour
is automatically detected, and the network routes around the problem caused
by the rogue node, another would be to endure the problem, since the
social/political/legal implications do not allow a simple solution(think of
the censorship implications of having hardware-defined "acceptable" tcp/ip
behaviour. There isn't much room in the middle, either you consider it a
privilege, and can revoke it, or you consider it a right, and need
justifiable cause to revoke it.
It's pretty obvious to me that many of the problems due to closed source,
and the fears about open-source, have a single source, accountability.
Closed-source companies are so big they can hardly be considered to be
accountable to anyone but their shareholders, and open-source companies are
so many that tracking who is accountable for a particular bit of code is
not administratively easy. Now keep in mind I'm not saying open-source is
less accountable than closed source(the opposite is true, and that's my
main point of agreement with the original article: open-source keeps
transparency in the process), but, from the point of view of less
technically-savvy, lazy administrators, it seems that way.
Unfortunately, we don't have savviness requirements for public office yet,
even in technical positions. Perhaps that's one area where we can identify
improvements.
[reply]
[top]
|
|
