"The security of your computer and network depends on two things: what you do to secure your computer and network, and what everyone else does to secure their computers and networks. It's not enough for you to maintain a secure network. If other people don't maintain their security, we're all more vulnerable to attack. When many unsecure computers are connected to the Internet, worms spread faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. The more unsecure the average computer on the Internet is, the more unsecure your computer is."
-- Bruce Schneier
But how do you know your computer is secure? If you're using proprietary software, you don't! With free software, even if you don't have the skills to evaluate the software, you can be certain that someone else can.
Windows has a long history of security vulnerabilities, enabling the spread of viruses and allowing remote users to take over people's computers for use in spam-sending botnets. Because the software is secret, all users are dependent on Microsoft to fix these problems -- but Microsoft has its own security interests at heart, not those of its users.
In 2005, a vulnerability was discovered that affects all versions of Windows from Windows 3.0, released in 1990 until Windows Server 2003 R2 from December 2005, with XP and later versions most severely affected. The problem, which affects the Windows Metafile image format, a format commonly used for clip-art and other vector images. Files containing specially crafted 'Escape codes' allow for arbitrary user-defined function code to be run when displaying the image files.
Security researcher, Steve Gibson, believes the flaw may be intentional, too.
The situations where such files are viewed is wide:
Microsoft even introduced a new class of malware, the macro virus -- allowing seemingly innocuous spreadsheets and word processing documents to contain malicious programming code in Microsoft Office.
Part of the issue of Windows security comes from the fact that that by default, administrator accounts are used and expected by many applications -- these adminstrator accounts also allow malware to attack the operating system.
In free software this would be treated as both a technical issue and a social problem -- if software needs to do things as an administrator, it needs a good reason to do so, and if it prevents users from doing the job without risking their privacy and security, it is anti-social.
© 2009 Free Software Foundation, Inc
Bill Gates/Jesus cartoon by Phil Garcia and Don Berry. Verbatim copying and distribution of the cartoon are premitted without royalty in any medium provided this notice and the copyright notice are preserved.
This page is licensed under the Creative Commons Attribution-No Derivative Works 3.0 License.
To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.