Articles / Can Openness Save the Inter…

Can Openness Save the Internet?

The usefulness of the Internet has been severely compromised by a proliferation of spam, worms, crackers, and viruses. The Internet has been stifled by harmful traffic (and its related expenses) which have increased to a now intolerable level. According to the U.N., UNTAD, Symantec, F-prot, MessageLabs, and several market analysts, the financial burden of dealing with harmful Internet traffic reached tens of billions of Euros this year. Next year will see this increase to hundreds of billions of Euros if the problems worsen as forecasts predict. What is destroying the Internet, and can its collapse be prevented?

The problems arise from closed source

The Internet's problems can be explained as a result of the widespread use of closed source software, particularly the products of the Microsoft monopoly. Most Internet-based attacks exploit bugs in software produced by Microsoft. Although bugs will be inevitable in any new software, in closed source software, they can only be corrected by the software producer itself. This last point is crucial to understanding how closed source software makes the Internet unsafe.

The producers of closed source software have no interest in fixing their software's bugs; they do not earn money for bugfixes. Microsoft saves money by leaving its bugs uncorrected. Nor is Microsoft interested in creating solutions based on open standards -- to do so would be to diminish their monopoly. On the contrary, Microsoft works to maintain its monopoly by ensuring that its software remains incompatible with that of other vendors.

The problem for Microsoft is that buggy software hurts its image. In an attempt change this perception, Microsoft has renamed its bugs "vulnerabilities". A vulnerability is something that could be cured. A bug, on the other hand, is an error that demands immediate correction. In this way, Microsoft distances itself from the bugs and defects in its software.

Closed source software also suffers from a trade-off between security and usability. Generally, the more secure a program is, the more difficult it is to use. When a supplier has to choose between security and usability, security always loses. Usability simply sells more.

The public sector is the key

The government is the strongest supporter of closed source software, having committed to long-lasting delivery agreements with Microsoft. It is often claimed that closed source software is more secure and reliable because of the size of the supplier. In surveys about Open Source, the smaller numbers and sizes of suppliers are emphasized as risks, as is the cost of moving from closed to Open Source software. The imagined weakening of the Open Source software industry is simply a bogeyman used to scare customers into remaining with closed source software. Such arguments support existing power structures and supplier relationships, but fall short of an objective evaluation of Open Source software.

The public sector's decision to use closed source software is critical, because it also binds private persons and companies to proprietary, closed source technologies. By making all public sector application forms only available as Microsoft Word documents, the government forces its citizens to adopt proprietary software, too. The same problem can be seen in several public sector portals which require visitors to use Microsoft's Internet Explorer browser. One of these is the educational portal for schools, a Web site supported by the Board of Education that directs its visitors into Microsoft's sphere of power.

The intractable problem of spam illustrates the weakness of the public sector when dealing with problems caused by closed source software. Legislation has criminalized spamming, but no one realistically expects the police to be able to resolve such crimes. If I reported every piece of spam I received to the police, they would be investigating over 10,000 cases per month.

Moving from closed to open source will only happen with the active participation of both the public and private sectors. Currently, both appear to be simply waiting and hoping that the problems of closed source software (viruses and spam) will be solved by a miracle. But can we really afford to wait until the Internet and email become unusable? The cost of moving from closed source to Open Source is insignificant compared to the cost of losing email and the Internet.

Alternatives to the Internet and email?

The Internet can be saved by a large scale shift to open standards, open architecture, open file formats, and supplier-independent Open Source software. Openness allows bugs to be immediately fixed by all users, without requiring special permission from the software producer.

If we stay with closed source, we will have to replace the Internet with one of the following alternatives:

Safest of all would be to take up traditional communication methods like fax and postage again, instead of relying on email. But is it possible to return to these old methods, given the increase in communication in recent years? Both fax and post are very slow and clumsy.

Secondly, the Internet could be partially replaced with parallel, closed company networks by using VPN (Virtual Private Network) technology. This would allow messages and information to be transferred securely inside a single company. Messaging and communication would be limited to members of the network and the common, global nature of the Internet would be lost.

A third alternative would be to restrict incoming email messages to those from known senders. This would completely block spam, but requires hard-to-maintain sender databases and turning client contact information into Web-based forms. This method would require acceptance and participation from all parties, an impossibility due to the conflicting interests of the open and closed worlds.

Post Scriptum

With these words, I would like to say farewell to all the IT folks. Yesterday was my last working day at SOT. Starting tomorrow, I'll be concentrating on the important things in life; happiness and traveling the world with my wife. Perhaps when the Internet and email are dead, we'll at least find ourselves free from the slavery of the IT and information society.

Helsinki, Finland, 2004-28-10

Recent comments

01 Dec 2005 19:21 Avatar wagnerstefan

Re: open protocol vs. open host for spamming
smtp is an open protocol, but isn't the mail sent from winboxes, where trojan malware and rootkits took control for spamming?

Did we hear from Linux-clients which use smtp too, that sent spam?

01 Dec 2005 19:07 Avatar wagnerstefan

Re: How does popularity matter?


> "The problems arise from closed

> source".

> The problems arise from popularity, not

> from the closed source. It is a fact

> that windows products are much more

> popular then opensourced. Due to this

> there are lots of virus authors and

> other hackers efforts are devoted to

> finding bugs in Microsoft products, not

> in opensourced ones. ...

Well, I'm hearing that argument since the mid '90ties, when viruses where spread by floppy-disks for the MS-plattform exclusively.

I guess we have as much linux-users as we had windows-users in the mid 90ties, but that's of course a vague estimatition.

Do evil hackers concentrate only on popularity by percentage-use?

Of course your virus is spreading better, the more people it adresses, but why don't we see 95% win-viruses, and 3% linux- and 2% mac-viruses? (bad estimations again).

If OSS software is adressed so rarely by evil programs, shouldn't it be so weak, that it would be easy to use its vulnerabilities?

Popularity can't be ignored, but we can't excuse every weakness of Windows-Software by popularity.

We have to mention at least two facts - one mentioned before:

a) Windows is designed without security in mind.

b) The windows-culture is attracting attackers. Expensive programs lead to unlicensed software, organized from dark channels, leading to fear by the users, to be caught, and therefore they're avoiding updates. They often believe to be spied out. And the closed character of the software makes it hard to prove the opposite.

10 Apr 2005 11:02 Avatar hyperboole

So true
I have to very sadly agree. And this problem is 99.9 %s Microsofts fault. Looking at the http://www.opensource.org/halloween/ hallowen documents is very nerving. In comparision with the opensource® software community, Microsoft is unbeliavbly niave and has some very evil plans. One is to change protocols so they control them to help hinder opensource® development. And I think it is even quoted "we'll gain market monopoly and fix the problems 3-4 years later." Well said

22 Mar 2005 02:08 Avatar davidbl

Re: IIS vs Apache?


> I agree with you on

> the Apache vs IIS matter, but I still

> think Linux wouldn't be as "secure" if

> it had a bigger user base.

That's the same senario if you take any software. The more poeple who uses the software, the more errors get stumbled upon. (It's the put the monkey infront of the keyboard test - You can always find new errors) But the diffrence here is that most linux software is opensource. So not only do we have the plesure to find errors but also they can be corrected without compromiseing anything. And that is what takes distance from Microsoft. We don't need to wait ages for a uniqe update to fix one bug/hole that infact leads to a new bug/hole. Im not saying the same senario won't apear for linux users (ofcourse they do) but there are so many eye's on the ball when something get's fixed on linux software/patches/updates that they usaly don't make errors. When do Microsoft throw the ball up in the air? - Never.

> I know I could be wrong, in fact, there could be

> a lot of new measures and posible

> features for Linux that could change my

> mind.

One of the thing's iv'e always been happy about is that fact how linux works with the protocols vs software and what possibilities there are. Where Microsoft don't ever use the fully potentional functions given to you in the rfc/protocol (or they just hide it for the public to use) Linux always takes these small aspects along aswell.

But later on iv'e always reminded myself that it's not that the software is better it's that the programmer who are makeing the software that are widely more openminded. A Microsoft programmer don't have to think on userfriendly or user functions as they already have their "standarts" so they don't work outisde the thin red line they have. Where a programmer that makes software for linux goes baserk in that way he add's all possible functions he can to the software. This is also offent the course why linux software can look so chubby and packed. But i love it, it goes without saying that.

17 Jan 2005 14:59 Avatar mdnava

Re: A general comment on virus problems

> Basically Windows tries to be everything
> to everybody causing a LOT of problems.

This line of your post says a LOT... It remainds me of a quote I once read (http://cr.yp.to/qmail/guarantee.html) on the qmail (http://www.qmail.org/)'s author website:

"Security holes can't show up in features that don't exist."

It also has another quote that I love and always recomend to follow:

"Keep it simple, stupid."

Regards,

Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.