January 29, 2011

Why Microsoft Windows can never be as secure as GNU/Linux

Posted in Uncategorized at 23:26 by frifan

There are many reasons why Microsoft Windows has a very poor security record, but I won’t go into that here. Instead I will focus on why this is unlikely to change, even if Microsoft puts its best minds together to try to solve the situation. I will state upfront that it, of course, is possible to fix the Microsoft Windows security problems, although they would have to totally rebuild it and break backwards compatibility, in other words, it wouldn’t be Microsoft Windows anymore.

In this post, I will try to explain why Microsoft Windows can never be as secure as GNU/Linux. Many people seem to believe that Microsoft’s poor security record is due to its overwhelming popularity, but even counting per capita, it still is outstandingly bad. That Microsoft Windows is targeted by spyware, viruses and other malware, has other reasons too, not only because it is the most popular choice. Read this article to find out.

I’m not going to go into all aspects of why Microsoft Windows has bad security, but rather focus on why it will never get as good as GNU/Linux. Please, note that these are just the three things that I think are the most important:

1. Close Source

Good security in software does not rely on being secret, because inspecting it will not reveal any vulnerabilities, just proof of its security and robustness. GNU/Linux is open source and anyone can inspect the source code. Many software and security specialists have investigated and analyzed the Linux kernel. Their conclusion is that it has the highest known quality in the world. Many security analysis firms commonly use it as a benchmark for their code analysis tools.

Microsoft Windows is close source, and receive much less code review by software and security professionals. The source code could be either good or bad without us knowing about it. Those selected few who do get to see the code are under non-disclosure agreements not to talk about it. What we do know is the security holes that Microsoft chooses to publish, which unlike GNU/Linux, is far from all known weaknesses. Part of reporting security problems to Microsoft is signing non-disclosure agreements, which means that the users are left in the dark as to what the problem is, how it will be solved, or even if it will be solved. There are numerous cases where reported security holes have remained unpatched for years and Microsoft has also acknowledged that they do not publish all security holes that they know about. Not even after fixing them.
Microsoft relies on obscurity as the security principle, which leaves security holes undisclosed and unpatched for long periods of time. Microsoft also stated, on the record in its court trial over monopoly abuse, where it was convicted, that it cannot disclose all its programming interfaces, because some of them contain unfixable security holes, which only a rewrite and redesign could solve. Despite Microsoft best effort to minimize security holes in their software the number of published vulnerabilities have not diminished and remain as high as ever.

When it comes to security vulnerabilities in Microsoft Windows, we’re only allowed to see the tip of the iceberg. Those few weaknesses that they choose to publish in their patch-Tuesday security updates. Those published numbers of security holes are then used in Microsoft advertisements to compare it to the full disclosure of all GNU/Linux security vulnerabilities and even in such a slanted comparison they come out arguably about equal. So the tip of the security problem in Microsoft Windows is comparable to the total of all security vulnerabilities in GNU/Linux. Thank you, Microsoft, for pointing that out to us!

2. Single User Design

Microsoft Windows was designed as a single user system and that design decision is carried into most of the application programming interfaces (API’s). This means that many applications run with the highest security clearance. If there is a security hole in such an application, then the whole system has been compromised.
The pathetic User Account Control (UAC) has done little to change anything, from a security perspective, as it is flawed and vulnerable itself.

GNU/Linux, by contrast, is a true multiuser system, where applications always run with reduced security clearance. Thus breaking the security of one application, does not give the malware access to the whole system, just the application and user data.

3. Homogenity

A Microsoft Windows system is pretty much predefined by Microsoft, i.e. they have decided what is included in the system and then the users almost always have the Microsoft Office Suite installed too. This provides a big attack surface for viruses and other malware, as they can rely on certain software to be installed. Also remember that the office suite runs with security clearance for the whole system. On top of this, Microsoft’s preference for convenience and simplicity will allow many malware to install unnoticed and automatically.

GNU/Linux systems come in many shapes and forms, where system libraries have different versions and enable different features. They may even be placed in different locations. There is not a single piece of software, except the most basic libraries and the Linux kernel, that remain the same across most distributions. Some malware would need to be much more complex just to perform simple tasks on a GNU/Linux system.

References:
Techrights
Groklaw

As time allows I will update the text and, maybe, include direct links to back up some of the most important statements. In the meantime, I refer you to the sources above, which will provide support for all of the statement in this blog, and lots more…

November 25, 2010

Poor news for all european citizens. Hopefully the EU parliment just showed its ignorance

Posted in Uncategorized at 22:51 by frifan

http://www.techdirt.com/articles/20101124/13000612011/eu-parliament-rubber-stamps-acta-approval.shtml

Great piece about balanced copyright and why we need it

Posted in Uncategorized at 21:54 by frifan

http://m.guardian.co.uk/technology/2010/nov/23/copyright-digital-rights-cory-doctorow?cat=technology&type=article

June 27, 2010

New research shows that weaker copyright benefits society

Posted in Digital Freedom, Intellectual Property, Internet Piracy at 22:41 by frifan

In today’s turmoil where the men in power discuss how to strengthen copyright and push it through as legislation across the world without any democratic insight into the proceedings, or any discussion of benefits. It is more important than ever to put the facts on the table and look at them objectively. Something researchers have been trying to do, for quite some time, and here is the latest result:
New research about the impact of weaker copyright enforcement on society has been released by Felix Oberholzer-Gee of Harvard and Koleman Strumpf of the University of Kansas. It shows how weaker copyright has benefited society. Summaries can be found at Ars Technica and TechDirt.
At the same time, in related news: New Research Suggests Digital Economy Act & ACTA Will Stifle Creativity

March 6, 2010

Innovation and Creativity

Posted in Digital Freedom, Intellectual Property at 11:59 by frifan

Most, if not all, innovative and creative works builds upon other works. They make use of prior knowledge and adapt or extend it to suite a new purpose. That is the way it has always been. It is an evolution of ideas. Take Mozart or Shakespeare or Michaelangelo as examples of people were highly creative and innovative, but borrowed a lot from their peers. Nina Palin even claims that all artwork is derivative.

"Nothing is original. For a work to have meaning, it must use language – it must “make sense.” It needs to work with memes already living in the host mind: language, images, melodies, patterns. It can’t be wholly original. It can hardly be original at all." — Nina Palin

Lately some companies and lobby organizations has taken it upon themselves to stop this from happening and thereby trying to eliminate the normal process of creativity and innovation. If they succeed, it may hinder the progress and evolution in the society. To innovate without building upon the vast knowledge that has been accumulated over the years is hard, but also not as interesting, because that makes it less suitable to incorporate into our lives.

It is not in the public interest to delay progress or to hold the evolution back. Yet we allow ourselves to be bullied by media lobby and high tech companies, who try to impose stricter rights on intellectual "property" both through copyright legislation and through patents. This was never the intention of either system and goes contrary to the discussions held at their inception. They were supposed to promote innovation and creativity, not stifle nor kill it. There is plenty of evidence that enforcing stricter copyright and patent protection will cost more than it is worth.

Some satiric and funny analogies:

References:

Do Patents Work? Free Culture by Lawrence Lessig

February 21, 2010

Open Source and the end of the EULA

Posted in Digital Freedom at 16:13 by frifan

The End User License Agreement

EULA is the pop-up windows that you accept when you install a piece of proprietary software. The text is a legal agreement between the user of a piece of software and its author/publisher. It is praxis, in the Software Industry, to give users very limited rights with no liability whatsoever for the manufacturer. This is in stark contrast to any other industries where the manufacturers can be held liable for the products they sell. Another difference is that users normally don’t buy a software product, they buy only a license that permits them to use the product, in certain ways and under certain conditions. Most of these EULA’s may not even be legal, depending on which country you are in. There has, of course, been many lawsuits concerning software licenses. More up to date information can be had from the Electronic Frontier Foundation.

Free/Libre Open Source Software

  • The freedom to run the program, for any purpose (freedom 0).
  • The freedom to study how the program works, and change it to make it do what you wish (freedom 1). Access to the source code is a precondition for this.
  • The freedom to redistribute copies so you can help your neighbor (freedom 2).
  • The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

On the other end of the spectrum, we have the award-winning free software foundation and free/libre open source software (FLOSS). This is software that is free, as in speech. You have complete rights to use, modify and distribute the software. There are many such FLOSS projects and most of them are multi-platform, meaning they run on all the popular operating systems. Ranging from GNU/Linux to Apple Macintosh to Microsoft Windows. I’ve compiled a short list below of my favorites, as a few examples. The FLOSS projects provide their software free of charge and they can be downloaded and installed directly from the Internet. There is even free training available. Another benefit of FLOSS is that the source code is published along with the applications.

"The results came to an estimated total value for the Linux kernel version 2.6.30 (released in December 2009) of 1,025,553,430 euros. About 985 developers would be needed over a span of just under 14 years, the researchers claim." — the register, according to research.

Some FLOSS alternatives (mostly multi-platform):

What is source code?

Source code is the blue-prints for how a piece of software works, it contains the instructions, written in a specialized human-readable programming language, designed for describing actions performed by the computer. These specifications are then interpreted by a translator, called a compiler, which will convert the programming language into machine code that can be executed by the central processing unit (CPU) of a computer. Normally a proprietary application is distributed only in its binary machine code state, but with FLOSS the user also gets a copy of the source code. This enables those persons who understand the computer language to inspect, modify, enhance and build their own machine code binary.

FLOSS license and community

There are two main competing licenses, called BSD and GPL. The main difference between the two is the GPL requirement to redistribute any modifications made to the software. Although FLOSS authors cannot be held liable for software defects, just like their proprietary counterpart, they distribute the source code of the software, which means that anyone with the proper knowledge of the programming language can inspect and review what it does. Because of this freedom, the authors of the software do care about the source code quality, as they know others will scrutinize their work. Other people will also help to correct faults and incorporate features that they want or need. Around any successful FLOSS project there is a vibrant community which will help with support and development of the code. This is the main reason why FLOSS software have better quality than proprietary software.

FLOSS and the future

It is my belief that FLOSS software will defer proprietary software to niche markets, because it is inherently better quality and at an unbeatable price, namely free. Just because the software is free, doesn’t mean that no one will develop, support or sell it. There is already a big and healthy market around FLOSS software where authors sell services. In my view Linux has already surpassed Microsoft Windows in usability. Just check out the latest KDE version, for instance.

Further reading

Free Culture by Lawrence Lessig The Cathedral and the Bazaar by Eric S. Raymond Richard Stallman's Crusade for Free Software

Intellectual Monopolies

Posted in Intellectual Property, Monopoly Abuse at 14:12 by frifan

I don’t believe in imaginary property and I don’t believe in software patents in general. How can anyone have any rights to your thoughts?! If you come up with an idea, all by yourself, how can someone you have never heard of claim ownership of that thought. Even if they have gone through the trouble of purchasing a patent for it. The problem is that patent applications always, as far as my experience goes, are written in very generalized language to try to cover uses that they couldn’t imagine at the time. This makes them difficult to understand and even harder to use for creating something based on the ideas inside. To me this make the whole point about patents moot, as they cannot help others, only penalize them and kill competition.

I recently found interesting studies on the subject and why it has to stop (highlights). See a patent attorney highlight, or a Venture Capitalist explain why it is so bad and what the US can do about it. Otherwise they will see even more evil practices and patent trolls. Here is a recent example of an Intellectual Venture, by the king of patent trolls. They do not sue themselves, instead it is being outsourced.

"The purpose of the patent system should be to create incentives to come up with something that is both new and non-obvious, which would not be created without that incentive. And, then, of course, the idea is to share that information with the world, via the patent. But here we have a case where this is an obvious next step advance. […] But now we have a case where one company may have the right to prevent others from doing what it makes perfect sense for them to do. That’s not what the patent system was designed to do at all. A patent like this should never have been approved at all, as it serves no useful purpose in "promoting the progress" and seems to go against everything that the patent system is supposed to do." — Mike Masnick

My greatest fear is that the software patent craziness in the US will spread to other parts of the world, which is something they are working hard for as they have accumulated quite a number of them. If they were enforced I could be dragged to court for the work I have done in the past two decades. It would certainly wipe out most of the software industry. Leaving only the biggest players to fight out their disputes in court with hordes of lawyers.

"The real reason the independent software industry emerged is that operating systems and APIs made it possible for independent software vendors to develop applications independently. They no longer had to ask permission of the hardware vendors. This same characteristic of permissionless innovation led to the explosion of independently created services on the internet. The rampant abuse of the patent system has created the opposite condition for the creators of software and web services today.
Not only is it becoming impossible to invent new services on the web without the permission of a patent holder who claims to own the intellectual property embodied in your invention, it is impossible to know who you need to ask permission of." — Brad Burnham in TechDirt

Another great source of stupid patents is Apple, here is some courtesy of Gizmodo.

My second greatest fear in already a fact. Just look at what the pharmaceutical cartel is up to and how they are murdering people. More on that another time…

References: Stop Software Patents

  1. TechDirt
  2. BoycottNovell: Intellectual Ventures, The Pharmaceutical Cartel
  3. Open Rights Group
  4. Foundation for a Free Information Infrastructure e.V.
  5. GNU on "Intellectual Property"
  6. It’s The Execution That Matters, Not The Idea
  7. QuestionCopyright.org
  8. A Unified European Patent System – The Historical Perspective
  9. When You Try To Figure Out Who Owns Imaginary ‘Property,’ Things Get Confusing Fast

Theory of evolution is evolving

Posted in New science at 13:12 by frifan

Anyone who thought that the evolution was a done deal and that we know all about it, has better to think again. I find this fascinating. Have a look yourselves in the references below.

References:
[1] Horizontal and vertical: The evolution of evolution
[2] Life-like evolution in a test tube

February 5, 2010

The misconceptions of the music labels and their leaders

Posted in Internet Piracy, Monopoly Abuse at 14:10 by frifan

XKCD: How to make pirates out of your customers

The first rule of a successful business is to fulfill the needs of your customers, at least to some extent, but that of course requires that you understand what they want. Never before have I heard of any business that so totally disregards fair-use, regularly sues its customers, calls them pirates and try to push draconian limitation upon them while giving themselves unlimited unquestionable rights over them. All in the name of the artists, but that is is of course pure diversion. The studios even try to blame the Internet Service Providers for their own problems, luckily the don’t seem to succeed there either. Then they try to bend copyright law to serve their purposes, which it is not what the law is meant to do. They even attack the music critiques. Amidst all of this claimed piracy and music downloading, the music industry is growing!

Unfortunately the music business is based on monopolies and abusive practices, even towards the artists. They don’t even seem to be in it for the money. Forget about Digital Rights Management (DRM), it’s a dead end and embrace what technology can give you. Look at Spotify for a good example of how to use technology to your advantage. I am myself a premium subscriber. Some still don’t get it, though. It may be that selling songs is a dying business model, but there are alternative revenue streams that more than make up for it.

I used to like U2 and Bono, until a few weeks ago when Bono, the front-man of U2 showed his true beliefs. His misconceptions about the music consumers are profound and unfortunately shared by many of the influential people in the business, but there are some enlightened exceptions. Evolution is a part of life and while it can be slow sometimes you cannot fight it in the long run. People do pay for music and there are new ways of earning money without record labels, but change may be on the way.

Excellent recommended reading, by Cory Doctorow @ craphound.com:

Content: Selected Essays on Technology, Creativity, Copyright and the Future of the Future by Cory Doctorow

February 4, 2010

Microsoft – A history lesson

Posted in Breaking the law, Monopoly Abuse at 22:19 by frifan

Microsoft MISCONDUCT - Above the law

I believe a computer history lesson is in order, as most people have forgotten it [1]. It is a lesson in how one company has stifled innovation and progress in a whole industry by their cunning, deceit, unethical and illegal activities. They have managed to produce unprecedented poor quality software full of security holes, to a public who do not know better than to trust their lies. Their greatest feat is to form peoples perception into believing that poor quality is the norm.

There is plenty of evidence that has been produced in numerous courts of law, but most people are still unaware of the fact that Microsoft is a convicted felon and continue with their unlawful activities to this day. These are not just ramblings of a disgruntled Microsoft hater, but proven facts in a court of law! [2][3][4][5]

“Our products just aren’t engineered for security.”Brian Valentine, Microsoft executive

“Here’s the type of guy I want, I don’t care if he knows anything about computers. I need a guy who really understands branding.” Bill Gates

If asked, I believe that most people wouldn’t do business with convicted felons, but here we are. I guess not everybody realizes that Microsoft are convicted felons (monopoly abusers) in many countries around the world. That they have a whole arsenal of other evil business practices what they continue using despite some being illegal and all of them immoral and unethical[7][8]. You can find damning evidence below. They have been found guilty of lying and falsifying evidence in court. Note that these are facts that have been produced in a court of law![3][4][13]

“Microsoft is asking people to pay them for patents, but they won’t say which ones. If a guy walks into a shop and says: “It’s an unsafe neighbourhood, why don’t you pay me 20 bucks and I’ll make sure you’re okay,” that’s illegal. It’s racketeering.”Mark Shuttleworth

The founding father of Microsoft (and its practices), Bill Gates, is still active spreading evil in the world [8][9][10][11][16][17][19][20][21].

“Gates has created a huge blood-buying operation that only cares about money, not about people.”AIDS organisation manager, December 2009 (New York Times)

“But rather than a search engine or even a “decision engine”, Bing also appears to be a spin engine, in that it provides partisan answers to controversial topics, such as Steve Ballmer’s propensity to throw chairs to blow off stress.”Christian Einfeldt

Since 1999 I have mainly used Linux, both at home and at work. Even on my cellphone! I am a hardened Linux veteran and used to command-line wizardry, but I firmly believe that Linux is actually easier to install and use than Windows. Unfortunately very few people ever install their operating system, or even make a choice about which one to use, but they would find Linux a lot easier. Device drivers are bundled with Linux and fully automatic. Applications are installed from a nice package installer, where you can list or search all available application, and they are all free of charge!

“Linux is a cancer that attaches itself in an intellectual property sense to everything it touches.”Steve Ballmer, Microsoft CEO

“Ideally, use of the competing technology becomes associated with mental deficiency, as in, “he believes in Santa Claus, the Easter Bunny, and OS/2.” Just keep rubbing it in, via the press, analysts, newsgroups, whatever. Make the complete failure of the competition’s technology part of the mythology of the computer industry.”Microsoft, internal document [PDF]

References:

  1. Microsoft’s history of anticompetitive behaviour and consumer harm (PDF document by European Committee for Interoperable Systems)
  2. Microsoft Litigation by GrokLaw
  3. Comes vs Microsoft by BoycottNovell
  4. Why Microsoft Suddenly Wanted to Be More Interoperable – Comes v. MS Exh. 7068 Tells Us
  5. Microsoft Critique: Resources
  6. What Microsoft’s Attack on GNU/Linux at HP Teaches Us
  7. Illuminating the elephant in the open source room
  8. The Nerve of Bill Gates
  9. Gates Foundation Critique
  10. Mainstream Press Misses Billions of Dollars Bill Gates Earns in Africa (Gates Foundation as Monsanto Front)
  11. The Pharmaceutical Cartel
  12. United States v. Microsoft: Findings of Fact
  13. Another Misdirected Response from the Government to the Company “Not Engineered for Security”
  14. Microsoft Shows Yet Again That It is Allergic to GNU/Linux
  15. What Microsoft’s Attack on GNU/Linux at HP Teaches Us
  16. Gates Foundation’s Influence Criticized by WHO | World Health Organization
  17. Frederick Kaufman on the Gates Foundation’s Monsanto Venture; 100,000 Indians to Protest by Fasting
  18. Canonical Gets New Chief Operating Officer Who Already Defends Microsoft’s Biased ‘Search’
  19. With Microsoft Monopoly in Check, Bill Gates Proceeds to Creating More Monopolies
  20. How the Gates Foundation Privatises Africa
  21. Bill Gates Slammed for Global Warming Debate Aversion, Conspiracy to Defraud Taxpayers
  22. Book Excerpt from “Barbarians Led by Bill Gates”

Many more links to come… As there seems to be an endless flood of articles (and abuses by Microsoft). They sure are busy doing evil in the world.

Next page