Not Good vs. Evil, but Mono vs. Poly
I'm not one for Microsoft bashing. In fact, the current cover story in Linux Journal (the one that features my very face) is focused on the remarkable leadership of Kim Cameron and Microsoft in next-generation identity services.
But sooner or later conversation comes around to viruses and other ills that are visited almost exclusively on the operating systems that are run almost exclusively on corporate desktops. Namely, Microsoft's.
I don't think he is. Not if what he worries about is a possible victory of evil over good. Evil being the bad guys who seem determined to destroy personal computing (or to make it annoying beyond human endurance), and good being the IT professionals who labor constantly to protect users and their employers from what the bad guys are doing.
Here's how Mike puts it:
There is a problem here, widely known as the day zero problem. For practical purposes, there are an essentially infinite number of vulnerabilities in the computer systems we use. A growing number of tools are availble to automate the process of mining for a new flaw to exploit. Tools are usually included for creating a program to exploit the flaw. This new program is called an exploit.
To utilize an exploit, it is then necessary to find target systems which are vulnerable. This requires some form of scanning of the internet address space, and may also include sending emails, queries to DNS or Web servers, as well Google or other search engines. This activity is the first point at which it is possible to react to a threat, if detected.
Once targets have been found, the flaw is exploited, and the target system compromised. This is the second point at which the threat may be detected. Worms may then use the compromised system to futher search and compromise other systems. This is usually done as part of the exploit, and no human involvement is necessary once the exploit has been launched.
There are many complex factors that determine the extent and speed of which an exploit can then propagate across the internet. The discussion of these factors is outside my area of expertise. I am certain, however, that there are two opposing groups working on trying to shift these numbers to their advantage. I'll simplify it down to good, and evil.
It seems to me, based on ancedotal evidence, that the good guys are smart, but they have to be careful. They have to worry about niceties such as preventing false positives, testing, quality control, etc. Testing is good, and necessary, but it's also a delay, and it's got define lower limits.
The lower limit seems to be somewhere between 24 hours and 2 weeks, depending on who you ask, and how you measure. Meanwhile the bad guys can work on things at their leasure, and deploy at will. They are well aware of most of the efforts expended to keep our systems secure, and have worked to build ways around them. A well funded evil person can test his exploit against the latest detection methods commercially available, without fear of discovery.
As much as I want to avoid the analogy, it's a war. Both sides have to test their weapons, but the good guys have to do the testing while the clock is running. Unfortunately, they don't have 2 weeks like they used to. The window for testing is getting smaller, and will, at some point even become negative, due to the other delays inherent in the system.
The recent signs from my users tell me that time is running out. The virus signatures aren't keeping pace. We've not solved the issue, and it's going to come back to us, full force, very soon.
It's pro forma in the open source community where I work to blame Microsoft, to call it "The Evil Empire" and to otherwise assign to it the qualities of evil which, as Mike points out, properly belong to those whose motives and methods undeniably qualify for the label. However one might impugn Microsoft for its behavior as a company, it has done more than any other company to make computing useful to human beings. There are countless millions (billions? could be) of people for whom computing is understood and practiced on terms and in ways defined by Microsoft.
The problem, I think, is less about Microsoft than it is about monoculture. What we have on desktops today is monocultural to an extreme that makes massive unprotectable vulnerabilities inevitable, regardless of the responsible company's motivations.
My recommendation to companies like Mike's is to start introducing polyculture to corporate desktops. Start using other desktop operating systems and applications that are compatible with, though not identical to, Microsofts.
At LinuxWorld Expo last week, the press (excuse me, media) room featured a bank of Linux workstations for the first time. All of them ran Knoppix, a variety of Linux that runs off a CD. What's most remarkable about Knoppix is that it looks and works in ways that are nearly identical to Windows. I'm sure the workstations that ran Knoppix in that room were normally Windows machines. But all it took to make them temporarily run Linux was that one CD. And it worked fine.
Seems to me that's a pretty easy way to test how well users would take to living in a corner of desktop culture where worries are about work, rather than about the latest expoits by computing's truly bad guys.