Lame Security Claims, Or Competition as Usual?

Jason: I understand, I’m pretty sure, where you’re coming from when you say “that the problem isn’t each other, it is the nincompoops who think it is cool to vandalize, spy, and steal.” And I happen to agree with that statement. It is rather how you get there that’s the problem.

I’ll leave aside the philosophical question of whether or not collaboratively developed software is inherently more secure; that would be, I suspect, one of those areas where you and I would have to agree to disagree. What I don’t believe is arguable, however, is that the approach currently taken in both Linux (every flavor I’ve used) and OS X (from what I’m told) – granting installation privileges only to administrators, thus requiring passwords for application installation – is in fact more secure.

As proof I’d offer up the fact that this is in fact the approach taken by Vista, as you note saying “once you get used to how often it stops to ask you if you are sure you want a given piece of code to execute on the system.” Implicit in that statement, in fact, is an acknowledgement that this is not in fact business as usual for users, and – I’d argue – an acknowledgement that this will be something of an inconvenience for Windows users not accustomed to such behavior. This more secure behavior is an inconvenience, in a manner of speaking.

The question then becomes whether or not security is in fact a differentiator between the different operating systems that are available. The last clause, of course, excludes Vista – despite the excellent work done there – because, fairly I think, it is not currently available to customers apart from release candidates. When I look at XP versus OS X versus Linux, I see obvious differences – some of which have already been mentioned above. Differences worth highlighting, frankly. Just on a personal level, current Windows security impacts me on a regular basis. I’m the default sysadmin for a host of friends and family members; friends and family members who are chronically infected by spyware and other malware. Windows security has taken hours from me that I’ll never get back. Or take my x40, which ran Linux significantly faster than it did Windows. The reason? I didn’t have to run AV software under Linux, while I did under Windows.

Are there reasons for this? Absolutely. As any Microsoft representative will tell you, and Gates himself has said on occasion, the real reason to target Windows as a malware writer is volume. If you’re a vandal intent on doing ill to your fellow human, Windows is obviously your biggest bang for the buck with orders or magnitude more platforms to hit than competing OSs. But guess what? The end user – or those charged with maintaining the end user’s system (say, like me) – doesn’t care about that. As I told the audience at OSCON, with great power comes great responsibility.

I’d also be very, very careful of injecting quality into the argument, as you do when you say “in essence, I’m trying to get to the fact that the quality of the target (that which is being protected) matters.” I know what you mean: it’s the attractiveness of the target, and I know you don’t mean to imply that Linux and OS X are not quality targets. I’m guessing, however, that some might read it that way. Particularly those that don’t know you well or don’t read carefully. That would be truly unfortunate.

The real question here, however, is whether or not it makes sense for operating system providers to attempt to compete on the basis of security – and do so at least in part by denigrating each others capabilities. In political terms, this would be the equivalent of debating the efficacy of smear campaigns. And much as I might philosophically share your distate for such things, they (regrettably) appear to appeal to some element of human nature. Very effectively, to borrow your words.

Given that the operating systems being discussed are in fact clawing desperately at the far and away market leader in marketshare, the question isn’t whether to compete but how. And one of the ways you compete, as Get the Facts amply demonstrates, is by highlighting areas where you’re significantly better than your competition. If that means denigrating your competition in the process, well all’s fair and so forth.

I don’t like it much either, but that seems to be the playbook that everyone – Microsoft included – is operating from.