April 22, 2019

.comment: The Weakest Link - page 2

Watching the Asteroid Approach

  • July 25, 2001
  • By Dennis E. Powell

There has been a lot written recently, much of it very perceptive and entirely correct, about the bad attitude exhibited by Linux users, usually young and enthusiastic ones but occasionally old and embittered ones. If you are among those, go do something else -- what follows is for the grownups. Write a talkback about how I'm an astroturfer in the employ of Microsoft or something.


As Linux users, we've grown accustomed to enduring things that Windows users do not have to endure. We must shop more carefully for hardware, we can pretty much forget off-the-shelf software, and issues like hardware technical support are extra-special ordeals, as my colleague Michael Hall detailed in his memorable column last week.

We put up with it, mostly and with varying degrees of grumbling.

Time has come to draw a line -- a subtle line, but a line nonetheless. It is this: Anyone using Microsoft software in connection with the Internet simply cannot be taken seriously. This doesn't mean we should be impolite in dealing with these persons, anymore than we should be impolite to someone who is eager to show you his new computer and it turns out to be a Play Station. But the fact is that Microsoft has proved to be utterly unconcerned about security. Its own sites have been cracked, over and over. The National Security Agency has joined Linux development after having concluded that Microsoft's code is so corrupt that it cannot even be audited. Outlook macro viruses are commonplace. The web server has been so full of holes that Microsoft had had to keep trying to plug them, to no real effect. And based on this tarnished and pitted record they propose .Net and XP. Do you suppose there will be sudden fastidiousness where security is concerned? This is a real hoot, except that it is the Internet that we all use that their clumsy code will be screwing up. But the appropriate attitude toward Microsoft's willing victims has to be pity. That isn't to say that when someone you know fills your mailbox with Outlook macro virus crap, you don't have a right to be irritated and say so -- but at the same time point out that the person wouldn't look anywhere near as foolish if they were using software not vulnerable to such foolishness. As an example, this, which I just sent:

Subject: the outlook express macro virus you just sent me
Date: Tue, 24 Jul 2001 01:15:37 -0400
From: dep 
To: [name i'm withholding]

i just received a windows macro virus from you, with the subject "stikbikeboy."
it probably has one of your private files attached to it; i do not know and do not plan to
dissect it to find out. but you have probably also sent it to others in your windows
addressbook as well, or others whose email addresses somehow appear somewhere on your

please either change operating systems to something secure, undertake to secure your
windows machine, or disconnect your machine from the internet.

thank you.

This isn't to say that bringing Windows users to Linux solves the problem. Microsoft has led them to believe -- incorrectly, as things like Code Red and Outlook macros have demonstrated -- that you need to know and do nothing to use a computer. These are complicated machines, and it takes knowledge to use them properly. That knowledge becomes a responsibility if the computer is attached to any other computer. There are Linux security patches that appear and must be applied, and now we hear of a kernel exploit that can ride in on any corrupted RPM, so we need to be a little more careful in picking the sources of our RPMs. Explaining this to a fed-up Windows user is not easy. A powerful tool is the fact that even if one got rooted by a bad RPM, it's not something that is going to propagate.

Microsoft software spews forth corruption at the slightest invitation. As long as they kept it among themselves, it was their business. But now we're seeing it begin to hinder us all. That is not acceptable. We need to say so, politely but uncompromisingly.

And in the meantime, we can await the next visit from Code Red or a variation thereof. Wonder if Microsoft will have patched its own servers by then.

Most Popular LinuxPlanet Stories