Thursday, January 27, 2005

Windows is a Particularly Tricky Horse

Our comrades at Xinhua have picked up on the latest Microsoft story: they plan to block the application of patches and updates for users running pirated copies of Microsoft Windows.  This is a matter of some interest in China, because, apparently, it is easy to get illegitimate copies of software there, and many people are reported to have done so
Piracy has always been a problem for huge software-factories like Microsoft Corporation, whose operating system Windows is in use on over 92% of x86 PCs by some estimates. Piracy of Windows is a particularly tricky horse for Microsoft. Their attempts at thwarting this with their Product Activation scheme has had little effect, as it is extremely easy to obtain the "Corporate" edition and a matching product key in order to completely avoid activation.

    Microsoft, however, is not giving up there. It believes the best way to fight software piracy is to make sure users recognize and receive all the benefits of genuine software. Starting in mid-2005, they will implement a validation system on their Windows Update and Download Center websites, forcing users to validate their copy of Windows before being able to download updates. [...]

    By doing so, Microsoft hopes it has struck a balance between promoting security and ensuring that people buy genuine versions of Windows.

    "Our goal is to help customers avoid the risks associated with counterfeit software, like viruses and other vulnerabilities," David Lazar, a director in Microsoft's Windows Client group, told the E-Commerce Times. "Windows Genuine Advantage will offer users greater reliability, faster access to updates and a richer Windows experience."
The tricky horse here is Microsoft.  Now, I have no qualms about them trying to protect their intellectual property.  I have two licensed copies on Windows XP myself, use the update feature, and have always kept them activated properly.  I use one copy at work; the other is installed on the computer I am using now, at home (although it crashed several months ago, and I have not bothered to revive it yet.)

So what is wrong with Microsoft's plan?  The problem is that many of the patches for Windows are security fixes.  When more and more people start running Windows without the security fixes, it will NOT help anybody "avoid the risks."  Even those with properly registered and updated copies of Windows will be exposed to greater risk.  Why? Because the more computers there are on the 'net that are insecure, the more security problems there will be for all of us. 

Chances are, many people will continue to use their pirated copies, just without the security fixes.  Those machines will be vulnerable to exploits that lead to mass-mailing worms, denial of service attacks, transmission of spam, and probably a few other problems that I haven't thought of yet. (I am not a hacker, so I don't know all the nefarious ways to make mischief with a computer.) 

The way this affects other users is this: a hacker gets into several unsecured computers.  He/she sets up those unsecured computers to send out mass mailings, or to repeatedly request service from some legitimate site, such as Amazon.  Those mass mailings clog up the system from everybody.  Those requests for service, if frequent enough, can cause the legitimate computer to become overloaded, so it no longer can function as intended. 

These are not problems that threaten world peace, but they can cause significant economic harm. 

Not to sound like a proselytizer, but the solution is to get everyone to stop using pirated copies of Windows, and start using Linux.  Linux is inherently more secure, and it is easy to keep it secure.   Some distros even have an automatic update feature, that works as well as the one that Microsoft has.  

If China is concerned about their information infrastructure, they would be well advised to cooperate with Microsoft, and get people to stop using pirated software.  But there is no reason for them to take the next step on that tricky horse.  Get off the horse and onto the lizard: change quadrupeds, even if you are in the middle of a stream:

OK, perhaps SuSE is not the best distro for the average Chinese user.  Probably, that would be Red Flag or Asianux.  Asianux is being developed by Red Flag, Miracle (Japan), and Haansoft (South Korea.)  There are others, of course: Hiweed, Chinese 2000, Co-CreateLinux, MagicLinux; there even is a distro that is designed solely for the purpose of teaching and playing the game of Go (Wei Qi).  Although it (Hikarunix) is developed in Japan, I suspect many Chinese and
Korean computer users will be interested in it. 

Personally, I think Microsoft's plan will backfire, twice.  First, it will make the Internet less secure for everyone; second, it will hasten the migration to open-source software.