Open Source Software vs. Commercial Software:
Migration from Windows to Linux
An IT Professional's Testimonial
A Little Politics: Windows vs. Linux
Advantages of Non-Commercialized (Open Source) Software
We've looked at a lot of examples of Linux being used in the world today. Let's dig in a little further and see why this is the case. Linux has many many advantages over Windows, but a lot of these reasons are widely unknown by most people.
The Monopoly Game
We've all probably played the game of Monopoly at one point or another. The object is to beat out the competition so that you can control the market and your profit. Unfortunately, this practice is commonly used in the real world. A company that has a monopoly is in the drivers seat and completely in control, which obviously helps the company, but hurts its customers in most cases. Most of us are aware of the famous court cases with Microsoft, and anti-trust laws. Fortunately, Microsoft's game of monopoly was thwarted several times by courts. However, Microsoft has been successful in buying up smaller companies to crush its competition, and has been very successful at doing so. By getting control of the market early, Microsoft has been able to keep a strong hold on many areas of computer software, like the PC operating systems with Windows. In the late 1990s, this put Microsoft in a very favorable position. However, recently Apple and open source software like Linux have finally started to show a significant share in some of the markets that Microsoft once controlled. This is interesting to note, as it means that customers are choosing other products besides Microsoft. What are the reasons for this? This will bring up a good debate, but my best guess is that others are realizing that quality software is available for free with open source products, and others may finally be catching Microsoft at its own game of monopoly and getting tired of dipping into their pocketbooks.
Let's look at overall picture of Linux and Windows in regards to open source (Linux) vs. closed source or commercial software (Windows). In the world of commercial software, companies develop and release their software in order to make a profit. This is all good, but there are some problems that can creep up because of this relationship of the software vendor, and its consumers. Obviously the software vendor is in the game to make money with its software. This can bring up potential issues. One issue that I have experienced over and over again is the software vendor dressing up its product in order to make a sale. The software can be made to look great during a demo, but when it comes time to actually using it, you can get completely different results. Or, how about the vendor releasing the software to make the sale before its features have been fully tested to be stable. This may sound far fetched, but don't forget when there's a profit to be made, the company is going to look at their bottom line. Rushing a product to the consumer will bring in the revenue faster.
Something else that a lot of us don't realize is that Microsoft and other vendors of commercial software have other clever ways to improve their bottom line, while digging in to the pockets of its customers. A lot of software is designed to lock in the customer, also known as vendor lock-in, which makes it very difficult for the customer to look at a competing product. Obviously this is a good goal as far as the company itself is concerned. But, this can cause huge headaches for the customer. Once a customer is locked in, companies will often limit versions of their software to force the customers to upgrade. For instance with Intuit Quicken, a personal finance program, customers are forced to upgrade every 3 years, if they want the software to remain 100% functional. If customers do not upgrade, some functions of their version will stop working, such as updating records online automatically. Open source, while not being a commercial product, is not victim to this type of activity.
Then there's the support side that should also be taken into consideration. When a software vendor offers its product to the consumer, it often times comes with technical support. This can be a free service provided by the vendor, but in a lot of cases charges will be applied if the consumer needs support (either a fee per incident or a annual maintenance fee will be charged). Yes the company makes a profit on the sale of the software, but often times the support costs heavily outweigh the initial purchase price of the product. Often times, the software is so proprietary that customers have no choice but to go to the vendor for support and pay for it. In this case, community bulletin boards and free resources are simply not available. This is a huge hidden cost that many do not see when they look at the initial price tag of a product, and can creep up very quickly if the product stops working or prohibits the business from doing its normal tasks. Esentially, it creates a form on a mini-monopoly on the product, forcing the customer to go to the software vendor for support. Many vendors charge outrageous fees like $175 per hour, or thousands of dollars per year for support contracts. And with support contracts, the customer is forced to pay up front, and may not even use the support for the term of the contract! This is just like flushing money right down the drain. All of this is because the software is proprietary and the source code is kept behind closed doors.
Then, there's the fateful issue of the company actually going out of business! This can be drastic if a consumer is dependent on its product. Obviously if a company goes out of business, either of two things can happen. Support for their software products will get completely dropped into nonexistence, where the customers are left completely helpless. Or, another company may buy the software assets and continue to develop and support the software from the old company. However, companies that develop the software also make business decisions as well, to simply drop development or support for their software. This has even happened with larger viewed companies like Microsoft. Recently in July 2009, Microsoft announced its decision to complete discountinue Microsoft Money, the personal finance software that had been developed and sold for over 10 years. Many customers used the software thinking that Microsoft would always exist, so it would be a safe investment. However, all that is needed is for the developing company to decide not to make a product any longer, leaving the customer completely helpless in this situation as well.
With Linux and open source software, you can bypass having to deal with a software vendor completely as nobody is trying to make a sale. The support group is the entire open source community, which will always be there. My point with this is not that Microsoft won't be around, as they will. But, when consumers are forced to buy 3rd party software by other vendors or expensive support from Microsoft itself for its own products, this is where issues like the above can come into play. With open source software, these worries are just about 100% nonexistent. There is a small risk that a particular open source software title may be replaced by another, but this is very uncommon and in the very rare cases that this should happen, there is a migration path already planned out to move from one open source product to the other. In either case, there will never be required costs involved.
There are even more examples of harm when we have one software vendor controlling the source code. Recently I came across a couple of very good examples of this. In late 2009 and into 2010, Dell came up with a couple of new and very innovative computer models. Most notably among the top of the list was the Latitude Z. This is the first all wireless model from Dell that even has wireless battery charging! I'm not making any mention of how much radiation output it has, I doubt you would find me sitting in front of it for very long. But, customers that quickly snatched up the Latitude Z for business environments would soon find a surprise. Dell decided not to release 64-bit drivers for Windows 7. Yes, Windows 7 was bundled with the laptop, but only the 32-bit version. Even though the Latitude Z's architecture can support a 64-bit operating system like Windows 7 64-bit, the laptop cannot operate that way because it would be missing essential drivers because of Dell's sole decision. Even representatives from Dell could not explain why no 64-bit drivers were released. This is an example of how one vendor like Dell that releases Windows drivers for a model laptop can prohibit the users the freedom of using the most out of the hardware.
Going with this example even further, take for example another situation that I came across where a company was considering the purchase of Dell's all-in-one model of desktop computers. The choice came up with the Inspiron 780, and the Vostro equivalent. As usual, the Vostro model was significantly cheaper when the two were compared. The Vostro is also a business-grade machine like the Inspiron, however it is usually not constructed with as high quality parts as the Inspiron. The Vostro had around a $100 savings over an identical Inspiron model. But, again, the Vostro model had no support for 64-bit versions of Windows because Dell chose not to release 64-bit drivers for it. So, if the company chose to run Windows 7 64-bit on the less expensive hardware option such as the Vostro, they could not fulfill their request and would be forced to purchase the more expensive Inspiron model. This is just senseless, considering again the Vostro's Intel architecture supports 64-bit operating systems. If the company chose to use 32-bit or 64-bit Linux, they would be free to install either and have it up and running in no time at all.
With Linux, both 32-bit and 64-bit versions of the same kernel are released. This means that you will find uniformity among both 32-bit and 64-bit versions of the kernel itself. So, if you picked up a machine like the Latitude Z and successfully got a 32-bit Linux kernel running, you could easily install a 64-bit kernel and get the same support for all of the hardware and get the most out of it. Again, this is because the Linux kernel is developed by the community, not like the Windows kernel which is developed by one entity alone (Microsoft).
Not only have we acknowledged that product support can be a big issue with closed source (commercial) software, but let's look at overall uniformity. With both open source and closed source software, there is uniformity, and at the same time some vast inconsistencies. However, I have found that the inconsistencies with closed source software greatly outweighs the number with open source. Why? The simple reason is found when you look at the overall goals of each. With closed source software, the goal of the software developers is to get the product out to market and make money. Therefore, you will have competing companies and individuals, trying to beat each other at their game in different areas of software. As a general rule, competition is good as it drives down costs and promotes innovation. But in the world of software development, competition can be quite harmful when there is a profit to be made as a result of software sales. As you get more companies competing over similar software, you develop a wide array of products that all do the same thing. Each company will obviously promote their own product as being superior over the competition. Things such as adding too many features can come up and make the products over bloated, or even just having too many products and choices for consumers. There is a lot of duplication of effort as a result.
One real example of this type of issue is that of PDF technology. Adobe created the PDF file format originally as a new way to store documents in digital form while allowing cross platform compatibility (Windows, Macintosh, Linux, or any operating system that has a compatible viewer to open PDF files). Originally Adobe was one of the few companies to offer products to create and view PDF files, mainly because they developed the technology in the first place. But, slowly over time more products have surfaced that do the same as Adobe's own products. Over time, more and more developers jumped on board and today, there is a huge array of products that both create and view PDF files. While this can be viewed as a good thing, I have seen many products appear and disappear over time, which has almost certainly caused some headache and grief for those that used the products. PDF technology has evolved over the years, adding features and improving the PDF format along the way. Older (and discontinued) products will not handle newer PDF files created by new software. But, most recently a larger issue came up. Up until Microsoft's Office 2007, any office application was unable to save or export in PDF format. However, with the release of Office 2007, Microsoft included PDF export functionality. However, conflicts between Adobe's Acrobat writer and Office 2007 have suddenly popped up. If you install Office 2007 and still want a PDF write on your computer in Windows, you must upgrade to a newer version of Adobe Acrobat (either obtain a free patch if one is available for your version, or re-buy the latest version). The alternative is to install the version of Acrobat you are using then install Office after. Acrobat cannot be installed if Office is already installed. Obviously, there exists a conflict between Microsoft and Adobe software on the same Windows computer. This can cause much grief as end users can be stuck in the middle, and are ultimately the ones that suffer simply because the developers are competing and the products don't work together. Other products are available such as CutePDF which also create PDF files, luckily, and can co-exist with Office 2007. However, some of these products are limited in functionality when compared to Adobe's own software.
Many articles have been posted about the PDF conflict between Adobe's Acrobat products and Office 2007. In fact, not only are there software conflicts on Windows computers, but there were originally legal conflicts between Microsoft and Adobe with PDF licensing when Office 2007 was being developed. Microsoft originally had a "Save As PDF" function in Office 2007, and had to remove it and add an optional free "PDF Export" plugin which Adobe has so far allowed without argument.
Now, let's look at open source software in this aspect. With open source, normally you do not have competition among parties, but cooperation and collaboration instead. None of the developers are out to make money or to try and beat the competition. Developers are in the game to make better software, and there is normally no duplication of effort. As a result, you do not have the flood of similar products that do the same function. Instead, you have very few. While some may argue that this limits the options for the end users, it actually simplifies the options so that the user does not have to "shop" for the product that best meets their requirements. Instead, they can find the one that best suits from the short list, and even develop it to their tastes (if they have the skills). Normally, the functionality has already been developed because end users are the driving force to develop the software. From the tremendous flexibility of the open source model, high quality software emerges, and in some cases beats the commercial alternatives.
So, let's look at the open source alternative to the example above in Windows with the PDF competition. In Fedora Linux for example, we have a PDF writer that can be added as part of the CUPS printing system. CUPS (or the Common Unix Printing System) comes by default with any new Fedora installation. It is a full featured print server suite. CUPS is used even on a standalone computer with only one printer, or can be used to connect multiple computers to a central print server or computer that has an attached printer. To get the PDF writer, simply download the "cups-pdf" package from Fedora and install it. You now have a PDF writer that shows up as an available printer. OpenOffice, similar to Microsoft Office 2007, has a built-in PDF export feature. However, unlike the Windows fiasco, the CUPS PDF writer and OpenOffice do not conflict at all. They are two separate entities (as they should be) and both work very well for their own purpose. There may be other PDF writers available for Fedora Linux, but not even close to the huge number of confusing alternatives in Windows. So, as a result, with Linux you have complete collaboration of developers that have created two PDF products that do what they were designed to do, without any problems or conflicts. In the end, the end users benefit from this.
Software Piracy: Non-Existent
Also take into account a very popular subject in the commercial software world: software piracy. This is probably one of the most fought problems by software vendors. And, with Windows, Microsoft has in recent years tried to attack the waves of software pirates all over the world. What have they done to compat this problem? Well, they have implemented a couple different mechanisms in Windows. One is called Product Activation, and the other they call Genuine Advantage. Product Activation requires you to activate Windows after you install it, either by phone or by Internet. Genuine Advantage is a Windows update that Microsoft started to release a few years ago in Windows XP and is part of Windows Vista. It does a check of Windows when it boots, and if you are running a pirated or illegal version of Windows you will get a popup message on your screen saying so. Also, the Genuine Advantage mechanism also blocks the computer from getting the latest Windows updates on Microsoft's website. So, Microsoft has clearly needed to take action to try and combat software piracy. But if you step back for a minute and consider this: software piracy in Linux doesn't exist! Yes, in the world of open source software, nobody is tracking who is making copies of it and handing it out. Therefore, there are no measures that need to be taken to prevent piracy. This is another example of my earlier point that the simpler the better... and this is another prime example where Linux is much simpler. Luckily if you are using a legal version of Windows, the software piracy checks are completely transparent... well, almost. I have seen one case where Genuine Advantage reported an illegal version of Windows XP, when it was a 100% legal and purchase version. I will go into further detail on this problem further down.
With commercial software comes licensing agreements. These agreements can be very simple to very complex. However the focus here is to compare Windows and Linux, in which two completely different approaches are taken. With Microsoft, licenses are purchased for each of its products. Whether for a home user or a large company, licenses need to be purchased in order to use the software for each and every computer it is installed on. OK so purchasing licenses can't be that big of a deal, right? Take into consideration that purchasing a software license is the easy part, but deciding which license or licensing program to go with and tracking the licenses is another story.
For the average home user, managing licenses is pretty much nonexistent. The issues start to get really complex in corporate environments. Take for example purchasing a retail copy of Windows XP. You purchase the product, and you get one license to install it on any computer of your choice. But, with small businesses all the way up to large companies, license management is a big deal. Tracking software licenses for a company can be very confusing and time consuming, and the time needed to manage them can compound very quickly. In my opinion, businesses have much better things to do than sit around and decide what type of licensing scheme to use, track licenses, keep lists of licenses and computers and make sure they are all updated and legal on a continuous basis. All of the effort is put into license management, while the chance of actually being audited is slim to none in most cases. It's more of an honesty system really. Even companies with 10 computers can find themselves in a licensing mess if things are not kept clean from the start. It's easy to buy and install the software... but taking the time to record the license and file it away is another matter. Imagine corporations with thousands of computers, and the headaches that can evolve in tracking all of the licenses for each and every computer. There are different editions, and components to each edition of software. Some companies simply give up on managing their software licenses, mainly because it is just too much work and wastes valuable time that the employees could otherwise spend doing some productive for the company. Let's face it, it doesn't help the company any when its employees are busy managing its software licenses. This doesn't improve production or help the company achieve more sales. In most cases companies will discover that they are missing licenses and need to purchase more licenses to stay legal. Licenses get misplaced, forgotten, and are usually not top priority when software purchases are made. Microsoft has solutions aimed to make the licensing process easier, for a hefty price. I will go into this in more detail a little later, but keep this in mind: Linux falls under the GNU General Public License , which states that the users of the software can make copies, distribute it, install it, and use it any way desired. As I have stated, this means that by using Linux and open source software, no licenses need to be tracked, period. This is huge. This means that a company can use Linux and all of the open source software it desires, and the only thing the company needs to focus on is installing and using the software to aid the company directly. This means that its employees will never need to put any of their time into license management. In large corporations, this can mean hundreds of hours are freed up that can be devoted to promoting the company instead. The more the computers, the more that any individual or business will save in the long run.
Software Activation Woes
Not only does licensing come into play with commercial software like Windows, but so does software activation. What exactly is software activation? It is a built-in mechanism of commercial software that is meant to thwarte software piracy, and prove to the software vendor that you actually purchased and payed for your copy of the software. I can understand that any software vendor would hate software piracy of its product. But, when I remember that open source software doesn't even have software piracy because it can be legally copied and distributed, it reminds me that software activation is non-existent with open source. Open source takes such a different approach that it's difficult to fathom this concept at times. However, that being said, software activation can be somewhat disconcerting. Why? Well, for one, it can make people feel like crooks, especially if the activation process fails. And unfortunately, this is more common than you think. I have seen several instances where software activation for Microsoft products simply fails. When this happens, the software can become unusable and you must either try to connect over the Internet, a phone line, or call on the phone to prove that you own and are using a legal copy. It is not a pretty sight when the software activation process goes haywire. I have even seen times where the entire Windows operating system would have to be completely re-installed in order to fix a simple software activation issue.
I have also seen instances where active computers and servers have been modified (i.e. a hardware upgrade), which triggers Windows to require re-activation again or the machine will become unusable. I have also seen instances where Windows re-activation is triggered multiple times on the very same server, and activation then failed because it was done too many times. All of this, when the version of Windows was legitimately purchased! To me, this type of software activation is more like a time bomb than anything else. Especially on critical servers which must stay running at all costs without interruptions. Even on desktops, software activation is not as critical, but it can lock you out of our computer and is just a big inconvenience when it fails to work correctly. With Linux, ALL software activation woes go bye bye as nobody cares if the software is legal or not, because it is simply legal all of the time.
Not only does software activation go awry, but it often times submits personal information to the vendor when it is working correctly. For instance, Microsoft gathers information about your computer at the time you activate most of its software products. This helps them keep track of what computer(s) you have it installed on. I trust Microsoft, and I know that they have good intentions on the data that they collect. But, the fact that they are taking information from me and I don't know what exactly they are gathering (as there is no way to actually select which data is transmitted to them), it doesn't give me a very warm and fuzzy feeling. Even though I'm sure they keep the data secure, there is always the possibility that somebody could hack in and obtain it. I think it is relatively unknown as to which data that they collect, but I am guessing that it's not personal related anyway, as no personal information is collected for activation.
Starting with Windows 7, Microsoft started requiring the end user to consent to information being collected on the PC and sent to Microsoft -- see figure below. No details are given as to what information exactly is gathered or sent to the mothership at Microsoft.
What's more frightening about this is that Microsoft has openly admitted that they support gathering as much information from the end user as needed. At the RSA Security Conference in March 2010, Microsoft's Scott Charney openly stated that one of Microsoft's solutions to widely spreading malware (viruses, spyware, etc.) is to monitor consumers' PCs and quarantine them as necessary to prevent the spread of viruses [8A]:
"I actually think the health care model ... might be an interesting way to think about the problem," Charney said. With medical diseases, there are education programs, but there are also social programs to inspect people and quarantine the sick.
This model could work to fight computer viruses too, he said. When a computer user allows malware to run on his computer, "you're not just accepting it for yourself, you're contaminating everyone around you," he said.
The solution that Charney talked about is actually called Network Access Control (NAC) or Network Access Protection (NAP). This is basically saying that Microsoft believes that people's computers should be more closely monitored for health, and if they throw up a flag that says they are infected with malicious software then they should essentially be quarantined and not allowed to connect to the Internet. But who would do the monitoring? Microsoft or the ISP (Internet Service Provider)? These details were not provided, but either way it was clear that Microsoft approved their own plan to more closely watch Windows computers, more than they already do today.
But back to activation issues in general. Other third party products however can be a little more aggressive, and nobody knows what exactly the activation process can be doing or what it is gathering and transmitting. This starts to inch a little more towards spyware, which is even more aggressive and maliciously collects personal data and transmits it to a source over the Internet. However, by using open source software and Linux, I can rest assured that I will not be installing software and transmitting any sort of personal data, since nobody really needs to know anything since there is no activation necessary at all. More recently with Fedora 10, there is an optional service called "smolt" that gathers hardware data from your computer and sends it to developers that work on the Linux kernel. This is intended to give these developers feedback so they know what types of hardware are more common than others. But, with this being said, this service is turned off by default with Fedora, so nothing is sent at all unless you enable this service. Software activation of commercial software often sents data whether you like it or not, because it is required in order to use the software.
The number of unlimited developers working on Linux and open source, is probably the single most important aspect of open source software. This is the model first invented by Richard Stallman, the founder of the free software movement in the 1980s. So you are probably wondering why this is so important. Well, by having developers from all over the world contributing to a single group of projects, all that encompass open source software, you essentially have an unlimited pool of developers, all contributing to the entire realm of software. This is why open source is so successful. The scores and scores of these developers all have the power to share source code, which is what Stallman designed the GNU General Public License for. So, with this design, all of these developers have the power to work together in unison rather than competing against each other, and in the end emerges stable, useful, and powerful software. This is what Linux is. Whereas with commercial software, each competing company is essentially reinventing the wheel, trying to accomplish the same task as their competition but doing it their own way. This is counterproductive. With open source, you are not reinventing the wheel at all, and everybody is cooperating together with the same goal: to publish quality and useful software.
This concept is demonstrated by the fact that Linux is good at taking an idea from Microsoft, and actually improving upon it. Take for instance Samba in Linux, the Windows file server. In Windows, you set up a system and create shares, and this allows users to connect to those shares and access files over the network. Linux can do the same with Samba so that you can connect Windows to Linux and vice versa, however Samba is actually more flexible and has been documented to perform better (faster) than Windows sharing itself. How can this be when Windows sharing originated with and is part of Windows? My best guess for the answer goes back to the point that I made earlier about Linux having a virtually unlimited number of developers or programmers, since it is open source. I mentioned Microsoft having a limited number of developers in comparison to open source; they are a company and therefore will always have a finite number of employees (and developers). Microsoft invented Windows file sharing, but with the unlimited number of developers with Linux and wider resources available, an improved implementation of Windows file sharing was created in Linux. In my experience with Linux Samba compared to Windows file sharing, Samba is noticeably faster in performance, especially on older hardware.
Microsoft has surely invented some great technology, but as I have already pointed out, sometimes they fall short. Another example of this is the FAT32 filesystem that Microsoft itself invented. FAT32 proved to be a very extensive filesystem and is still used today, most commonly on flash drives. It is know to be a cross compatible filesystem, supported on multiple platforms. But, it is said not to perform very well on larger partitions, particularly larger than 32 GB in size. So, based on the performance drawbacks, Microsoft does not support formatting the FAT32 filesystem to a partition that is larger than 32 GB in size. However, 3rd party programs do format drives with the FAT32 filesystem on partitions larger than 32 GB, and in fact they work fine. A lot of external hard drives, some up to 1 terabyte in size and more, can be formatted with 3rd party utilities, but not Microsoft utilities. Microsoft invented the FAT32 filesystem with the theoretical ability to handle partitions of this size, yet they do not allow you to format them of that size. Linux of course, allows formatting the FAT32 filesystem of this size. There has also been some talk recently starting in late 2009 that Microsoft may start the pursue royalties from 3rd parties that actively use the FAT32 filesystem. One accusation was even made by Microsoft against the Linux kernel itself for voilating one of Microsoft's patents on the FAT or FAT32 filesystems. But, with open source being open, the Linux kernel was quickly fixed to avoid the patent violation, within a week of the Microsoft accusation. Microsoft also sued a company called TomTom, and won, over TomTom's use of the FAT filesystem with a Linux kernel.
Recently while writing this, an issue came up with Microsoft Internet Explorer where a remote attacker could potentially run code on your computer if you simply visit a website. Since versions of Windows XP Home Edition run as an adminstrative user, this can cause serious problems. The issue for this example is KB961051, posted on December 10, 2008. On Microsoft's website, they acknowledge the problem and say that they are "investigating" it. But, it is apparent that they are using as much as they can from their limited pool of resources to locate and determine the solution to fix it. The article mentions "On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.". Again, customers of Microsoft are completely at their mercy, waiting for a security patch. Meanwhile, an attacker could be actively taking advantage of this exploit. This leaves Microsoft customers completely vulnerable, waiting for the patch to be released. This case in point is why I do not use Internet Explorer, especially for online transactions where confidential data is transmitted. Further down in this article posted by Microsoft, additional steps are mentioned to try and thwarte the attack that is still unknown: "Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors.". Listed are 8 additional steps to be taken, but don't actually target the vulerability listed:
Additional information is posted on how to follow each of these steps to apply the changes to Windows. Again, Microsoft is dodging the solution since one has not been found yet. This is just one of many examples why closed source software loses the battle of quick fixes to security issues, and open source can get them implemented quickly, efficiently, and usually in a fashion that can be easily applied since Linux is very modular in design. However in the above example, eventually a patch is posted, but get this... exactly 1 WEEK later! An outline of the progress on this issue is as follows, quoted directly from Microsoft's website:
The security bulletin mentioned in the last entry, is MS08-078, published on December 17, 2008, one week after the initial security hole was identified. The point in brining this up is an example of closed source software straining its resources to handle something critical as a security update, but taking an extra long time of it because of its limited resources. Open source software is well known for coming out with security fixes within hours of it being identified. Obviously this time can vary, depending on the situation.
A whole slew of further security holes in Internet Explorer were published since December 2008. However another security hole in Internet Explorer caught my attention. In March 2010, a Zero Day exploit was published for Internet Explorer 6 and 7. Zero Day exploits are some of the worst types of exploits, and this particular one was observed as an active one currently being used at the time of the publishing (which is common for Zero Day exploits). A great article was publised by PC World, which outlined the exploit [8B]. In the article, PC World interviewed Andrew Storms, Director of Security for nCircle about the exploit. In the interview, Storms stated "The decision to deliver an out of band patch depends on two things; changes in the threatscape and pressure from customers. If there is an exploit for this vulnerability that's hitting a lot of customers then I'd expect Microsoft to respond". Basically, there was no word from Microsoft on the exploit, or if Microsoft would be releasing a patch anytime soon. So, again Microsoft customers were forced to sit around and wait for a patch, while being very cautious about which websites they were visting. Unfortunately, there is no way to know for sure before visiting a website if it is poisoned and set to exploit Internet Explorer, until after the exploit has already done its work on your computer.
The 17 Year Old Bug at Microsoft
If you think the above example is interesting, you will be astounded by this one. Apparently there is a serious security glitch with all 32-bit versions of Windows from Windows 95 up to the most current version, Windows 7 . This flaw has been present for 17 YEARS! And even to this day, is still not fixed. What flaw is this exactly? Well, it doesn't exactly have a name. But, a security researcher at Google brought this flaw to light again in 2010, which would allow an attacker to inject code into kernel memory and change critical components of the operating system. He further demonstrated that an exploit could install itself into these areas of memory and run as a key logger which would keep track of keystrokes and record passwords and other critical information on any Windows computer. The researcher informed Microsoft of the exploit in June 2009, and as of January 2010 there has been no word of a fix from Microsoft. Microsoft has however mentioned that they do not know of a current exploit that takes advantage of this bug. However, does Microsoft really need to wait until the first report of an exploit, or should they try to fix the problem before this happens and protect its customers? It seems that Microsoft simply doesn't have the resources to address the problem. As of January 2010, Microsoft is up to its neck in other problems with patching Internet Explorer 6 with an emergency patch . Clearly it is evident that Microsoft just can't handle the task of trying to fix this 17 year old bug. This is a very situation where open source shines. Because of the unlimited pool of developers with open source software, groups of individuals can put in the time and fix the issues relatively fast. Nobody is pressing them for other projects and anybody that has the time and resources can pick up the code and pitch in.
Just after I wrote this mention of the infamous 17 year old bug of Windows, Microsoft did in fact release a patch to fix it. However, more drama came out of it after Microsoft released the patch. Apparently, the patch released from Microsoft conflicted with a rootkit (a silent trojan or virus that will run on a system but is usually kept invisible to the user), which ended up causing blue screens of death (BSOD) for many many Microsoft customers. All of a sudden, many many reports surfaced of the BSOD after installing the 17 year old bug patch. The first thing that Microsoft customers thought was that Microsoft released a faulty patch. Microsoft finally determined that the BSOD only happened when the TDL3 rootkit was running on the computer before the patch was installed. So, in the end, we have a situation where a 17 year old bug is left hanging around for many many years, when discovered takes well over a year to fix, then the fix that is finally released conflicts with the result of another security hole. Again, egg in the face of Microsoft, several times over. Never has a situation like this occurred with open source software. Again, patches are released and fixed in a very timely manner.
Next Section : A Little Politics:Web Browser Wars, Web Application Wars
Previous Section: A Little Politics:Open or Closed, Software Editions, Market Usage
Table of Contents
Click Here to Continue reading on making the actual migration.
8. Full Text of Message from Microsoft's own Steven Sinofsky to Steve Ballmer, pointing out Vista / Microsoft Faults
8A. PC Magazine: Microsoft's Ideas for Making PCs Safer
8B. PC World Business Center: What You Need to Know About the IE Zero-Day
9. The Register: Windows Plagued by 17 year old Privilege Escalation Bug
10. The Register: Microsoft to release Emergency Patch for potent IE vulnerability