The Internet's problems can be explained as a result of the widespread use of closed source software, particularly the products of the Microsoft monopoly. Most Internet-based attacks exploit bugs in software produced by Microsoft. Although bugs will be inevitable in any new software, in closed source software, they can only be corrected by the software producer itself. This last point is crucial to understanding how closed source software makes the Internet unsafe.
The producers of closed source software have no interest in fixing their software's bugs; they do not earn money for bugfixes. Microsoft saves money by leaving its bugs uncorrected. Nor is Microsoft interested in creating solutions based on open standards -- to do so would be to diminish their monopoly. On the contrary, Microsoft works to maintain its monopoly by ensuring that its software remains incompatible with that of other vendors.
The problem for Microsoft is that buggy software hurts its image. In an attempt change this perception, Microsoft has renamed its bugs "vulnerabilities". A vulnerability is something that could be cured. A bug, on the other hand, is an error that demands immediate correction. In this way, Microsoft distances itself from the bugs and defects in its software.
Closed source software also suffers from a trade-off between security and usability. Generally, the more secure a program is, the more difficult it is to use. When a supplier has to choose between security and usability, security always loses. Usability simply sells more.
The government is the strongest supporter of closed source software, having committed to long-lasting delivery agreements with Microsoft. It is often claimed that closed source software is more secure and reliable because of the size of the supplier. In surveys about Open Source, the smaller numbers and sizes of suppliers are emphasized as risks, as is the cost of moving from closed to Open Source software. The imagined weakening of the Open Source software industry is simply a bogeyman used to scare customers into remaining with closed source software. Such arguments support existing power structures and supplier relationships, but fall short of an objective evaluation of Open Source software.
The public sector's decision to use closed source software is critical, because it also binds private persons and companies to proprietary, closed source technologies. By making all public sector application forms only available as Microsoft Word documents, the government forces its citizens to adopt proprietary software, too. The same problem can be seen in several public sector portals which require visitors to use Microsoft's Internet Explorer browser. One of these is the educational portal for schools, a Web site supported by the Board of Education that directs its visitors into Microsoft's sphere of power.
The intractable problem of spam illustrates the weakness of the public sector when dealing with problems caused by closed source software. Legislation has criminalized spamming, but no one realistically expects the police to be able to resolve such crimes. If I reported every piece of spam I received to the police, they would be investigating over 10,000 cases per month.
Moving from closed to open source will only happen with the active participation of both the public and private sectors. Currently, both appear to be simply waiting and hoping that the problems of closed source software (viruses and spam) will be solved by a miracle. But can we really afford to wait until the Internet and email become unusable? The cost of moving from closed source to Open Source is insignificant compared to the cost of losing email and the Internet.
If we stay with closed source, we will have to replace the Internet with one of the following alternatives:
Safest of all would be to take up traditional communication methods like fax and postage again, instead of relying on email. But is it possible to return to these old methods, given the increase in communication in recent years? Both fax and post are very slow and clumsy.
Secondly, the Internet could be partially replaced with parallel, closed company networks by using VPN (Virtual Private Network) technology. This would allow messages and information to be transferred securely inside a single company. Messaging and communication would be limited to members of the network and the common, global nature of the Internet would be lost.
A third alternative would be to restrict incoming email messages to those from known senders. This would completely block spam, but requires hard-to-maintain sender databases and turning client contact information into Web-based forms. This method would require acceptance and participation from all parties, an impossibility due to the conflicting interests of the open and closed worlds.
With these words, I would like to say farewell to all the IT folks. Yesterday was my last working day at SOT. Starting tomorrow, I'll be concentrating on the important things in life; happiness and traveling the world with my wife. Perhaps when the Internet and email are dead, we'll at least find ourselves free from the slavery of the IT and information society.
Helsinki, Finland, 2004-28-10