thinair Boulder, Colorado. elevation 5400 feet.

Sobig.F and Blaster rekindle the OS wars

Jon Udell offers his usual balanced opinion about Security blame games. He also responded to various reactions to this article in Monoculture, competition, and security.
I'm not quoted ;-) but many of the sentiments echo my own thoughts on the matter. For example, Dan Gaters and Aaron Cohen both emphasized the advantages diversity brings to the table. But there's one point in the original article I want to respond to.

The mess we're in is largely Microsoft's fault, to be sure, but any dominant software player would have created a similar mess.

Sobig.F and Blaster have rekindled the various Mac vs. PC debates among my friends. I've heard this point made often in the past few weeks. Jon is as platform agnostic as they come, so I'm really abusing his comment to launch an attack against my usual pro-Microsoft opponents. ;-)

My first complaint is that it is a completely unverifiable claim. We can't re-run the universe to see how things would be different if Apple held 95% of the desktop market, say. It seems logically plausible that hackers would be exploiting weaknesses in Mac OS, but there's no way to confirm nor deny the claim. Unverifiable claims quickly descend into religious wars with each party claiming their own unverifiable holy ground.

There is some anecdotal evidence to the contrary, though. As Jon quoted, Ralph Loader observes:

For web serving software, Apache is the dominant player, with Microsoft's product in a distant minority, but still dominating real life security problems.

Even this counterpoint doesn't quite serve, though. Apache's dominance of the web server market does not compare to Microsoft's dominance of the desktop market. According to Netcraft Apache has about 65% of the market. Although that's a substantial share, it's isn't the 95% we hear about for Windows desktops.[1]

Here's the best I can muster to counter the argument. The world that we actually live in is not the imaginary world where hackers exploit some other dominant operating system. We live in the one dominated by Microsoft. I'll say it again because it bears repeating. If you are currently suffering on Windows, you can switch to any other operating system today and live in happy relative isolation from the havoc of these worms and viruses. I would naturally suggest Mac OS, but any non-Windows OS could rescue you from the pain of the Microsoft monoculture.

This brings me to my second point about the argument. It sounds so self-defeated. "Yes, we Windows users have to suffer from viruses and so on. But it wouldn't be any different if we all changed." Who really cares if you " all switch?" Why are you allowing this imaginary world stop you from switching yourself and enjoying the relative safety today? [2]

[1] Is that figure an urban myth? I have scrounged Google for a quick summary of the desktop market numbers and haven't turned up anything as satisfying as Netcraft's numbers for webservers. If you know where those numbers are, please post a comment with the url.

[2] To be fair, I should offer the answer I routinely get from my favorite Windows bigot. Remote Desktop. My friend, Jeff, is an excellent mostly-windows network admin who's network was not infected by Sobig.F nor Blaster. Self-discipline is another viable antidote to the monoculture. He does his backups and routinely patches the systems on his network and he also raves about Remote Desktop. X11 users will not be particularly impressed by it. But there is a certain coolness factor in using a browser to initiate a remote desktop session. And I can't dispute the utility it offers Jeff.