Am I the only one who grows tired of Scott Granneman's endless droning about the wonders of open source and the evils of Microsoft? Were it not for the fact that he purports to be objective in his write-ups, I might be a bit less irritated. Scott harbors a certain resentment of the world of commercialism as a whole but dresses it up as un-biased reporting of current events. Frankly, I'm just as aggravated by annoying, and often malicious, spyware as most people. I'm often the one stuck "undoing" the spyware from other peoples' machine. By the same token, I'm pragmatic enough to realize two things:
1.) Advertising in some form is largely what enables the internet to function in the manner that it does. Without advertising dollars, including ones received by, ahem, SecurityFocus, many sites wouldn't be able to operate without charging some type of membership or usage fee. This doesn't justify the behaviour of low-life software authors who make programs that undermine and compromise computers by taking advantage of their target audience's own ignorance, but it also should serve as enough of a moral compass to realize that all advertising related activity should not be classified as sneaky, shady, sleazy or whatever other operative term you like.
2.) The maker of an operating system, any operating system, cannot be held totally responsible for an epidemic of spyware applications written for that platform. The only ones that they can be fully accountable for are ones that take advantage of vulnerabilities in the OS. However, a LOT of spyware gets on peoples' machines through channels that have nothing to do with core vulnerabilities. People still install "free" software and glaze right over the legal agreement that mentions additional baggage. Why? Because they want the snazzy functionality that it offers. This is not the fault of Microsoft, Linux, Sun or Apple. It's also not something that any form of simple legislation can fix. Also, people STILL click "Yes" or "Install" whenever a dialog appears in IE, Firefox or whatever asking if they want to install some component. They usually don't know why they need the component, but for YEARS (before the problem we have today) we "computer scientists" taught people to click "Yes" or "OK" when prompted about something they didn't understand. Now we're working to undo a lot of that and explain times when it's NOT okay to allow the process to continue. Unlike Mr. Granneman's accusations, the majority of the spyware epidemic was not "created by Microsoft" any more than the guy who invented gunpowder "created war."

With that having been said, Scott needs to quit downplaying the security progress that Microsoft (or M$ as he likes to call it) as well as quit pretending that every security gaffe that takes place in an open source product demonstrates how strong and good and superior open source is. Open source and closed source development are two different models that both have their ups and downs. A brief reality check (or, perhaps some real introspection) would do Mr. Granneman a lot of good.

-- Daryl Shockey

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/346/32243#32243