Ted Bridis at the Associated Press wrote a story last week called Executives Criticize the Tech Industry. The complaints by the Business Roundtable, a trade group for executives of 150 of America’s largest corporations, reflect frustration over the "expense and hassle of keeping their computer networks safe for consumers". The group says that attacks by viruses and worms costs the American banks and savings institutions alone more than a billion dollars per year.
There were two things about the story that jumped out at me. First was that there was not one mention of Microsoft Windows. With a monopoly on the desktop, Windows is a prime target for the perpetrators. Microsoft hasn’t historically had the best reputation for giving priority attention to security either. The second surprise was a quote from someone at the ITAA (Information Technology Association of America) saying, “Cybersecurity is everyone’s responsibility, including the vendors, the users, enterprises and government agencies”. No argument there — it is a shared responsibility. But then the quote went on to say, “No serious commentary will say that the user has no responsibility. We all have responsibilities to lock our doors in our homes and to buckle up when we get in our cars.”
I can understand why the ITAA would be somewhat defensive on behalf of the IT companies because arguably the IT vendors spending more and more money on security and raising the priority they give to it. However, the reality is that people know how to lock their door and put their seat belt on. People do not know how to dive multiple layers deep through unintelligible Windows dialogue boxes to figure out which combination of settings they need to choose in order to be secure. Microsoft has accomplished some amazing things in Windows, but they have a lot of work to do to make the selection of features and options simpler.
A potentially bigger concern is that Microsoft is now in fact really focused on security, and their solution to the problem may be to tighten the noose of Windows. In other words, Microsoft may give us fewer choices rather than making the selection of choices easier. Being with IBM for thirty-five years, I can understand this approach. System/360 — announced in April 1964 — represented a complete reorganization of the electronic computer and it tied together the "loose ends" of electronic data processing and offered users a total system. Since all the hardware and software for System/360 came from IBM (initially), the company was able to provide extremely high reliability and security. Customers liked the concept and IBM prospered from it for decades. The large market share IBM achieved was good for everybody.
I believe Microsoft may have a similar, but even bolder vision. According to David Thielen, "the unofficial but very real corporate motto at Microsoft is Total World Domination. To take 100% of every market they go after". I am sure Microsoft’s legal department would not approve of any such discussions by anyone in the company. It is also unlikely that any IT company could achieve such a goal. However, Microsoft may in fact believe that by tightly connecting servers to desktops and handhelds, and limiting the choices of users, they can increase the level of security just like IBM did with the introduction of System/360. There are two reasons why this kind of strategy was Ok for IBM to have but not good for Microsoft to have.
The first reason is that the IT market when IBM introduced System/360 was very small both nominally and as a percentage of the economy. Today IT is a trillion dollar industry. IT is fundamental to our daily lives and the operation of most enterprises in the world. No company can nor should be able to dominate it. The second difference is the Internet. Hard to believe, but the Internet was not around for practical purposes during the three decades beginning with 1964. It was not until the late 1990’s that people began to realize that the Internet and IT would merge.
The Internet allows every computer in the world to be connected to every other computer in the world. That is both the good news and the bad news. It empowers both businesses and consumers but unfortunately it also empowers the bad guys. How do we fix this vulnerability? Put Windows on every computer? I don’t think so. One vendor, one operating system, one gigantic target for the bad guys — and one they have proved has so far been a fairly soft target.
Open source software like Linux has the potential to be the most secure of all. Many flavors of operating systems, many vendors, many participants in software development. An open competitive market where any vulnerabilities which arise can be solved through a global collaboration. By using encryption to scramble the data and transactions, it doesn’t matter if the software itself is out in the open for all to see how it works. In fact that is the great strength of open source software. Just as the Internet opened up the world of communications and resulted in the rapid evolution of standards, so to is Linux opening up the world of computing. It is true that today Linux is not as easy as Linux but that will change. Millions of consumers have mastered the use of a TiVo, not knowing that under the covers is a Linux computer.