Robert Scoble Misses Chris Spence's Point

Robert Scoble responded today to Chris Spence’s “Open Letter to a Digital World” and he totally missed the point. Chris recently had to spend over 5 hours removing spyware and malware from his wife’s computer. Scoble’s arguement against using Linux appears to be that it won’t run Microsoft’s products:

OK, I’m off to switch. A few problems: does Outlook run on Linux? Reliably?

Actually, yes it does using CodeWeaver’s CrossOver Office product, which is based on the open-source project WINE. But a better answer is: who cares? many of the security issues that windows users often experience such as viruses and malware are caused by insecurities in Microsoft’s Outlook application. Why not use alternatives such as Novell / Ximian’s Evolution which are designed to run natively under Linux?

Does Linux have a ton of ink-enabled applications for my Tablet PC?

To tell you the truth I dont really know what ink-enabled applications. A quick GIMP a bit too. They NeverWinter Nights, Unreal Tournament, need I go on? Check out LinuxGames, HappyPenguin’s Linux Game Tome, Icculus.org’s Linux Game List, or GarageGames Clearly theres a ton of amazing games for Linux.

The real answer for most people isn’t to switch to something else where their software that they have already invested in may or may not run (ever buy a copy of Adobe Illustrator? I have and it cost me more than $500).

Well I’m going to have to upgrade that software anyways when SP3 comes out or when Longhorn comes out. Every Microsoft update causes so many incompatibilities with older software that many users would have to repurchase their software anyways. Why not use this as an opportunity to switch to Free / Libre or Open-Source software? or at least buy a comercial version that works on a secure OS such as MAC OS X or Linux?

The real answer is to spend an hour (I’ve done this dozens of times, and despite the rumors it really only takes an hour to put in place some very advanced security) and put in place 14 layers of security. If you do that, you won’t need to spend five hours cleaning off your machine.

14 layers of security? Are you serious? How many home users are going to go through all of this effort? Why not just run something that comes secure out of the box? After , you want me to spend how much on antivirus, firewall and anti-spyware prodcuts? Lets add this up:

  • Windows XP SP 2: free, although MSFT did almost charge for it and could easily charge for SP 3 or SP 4
  • Get a good anti-virus program: and
  • Software Firewall: Zone Alarm ($70 / year), ($39.95),
  • hardware-based firewall:
  • Run the latest version of Outlook ($109 full version)
  • Antispyware apps: Spy Sweeper 1 Year Subscription ($29.99), ,
  • Steps 9 through 14 are just administrative techniques and are good ideas so I’ll give credit where its due. Although 9 sounds like “disable all the *extra cool* features because they’re unsecure so shouldnt have included them to begin with”.
  • So no including the cost of Outlook 2003 ($109) the average total on reaching the 14 level security scheme Scoble suggests is about $200. $200 is a lot of money just to feel like I’m running a secure operating system. That doubles the cost of any Windows XP Home license or about 2/3 the cost of a Windows XP Pro license. $200 is a lot to shell out for most people.

    I realize Scoble works for Microsoft and probably gets many of these products free or at least heavilly discounted so its not an issue for him, but what about the rest of use? What about those who live in 3rd world countries and cannot afford to upgrade from Windows 95 to XP let alone buy all of these 3rd party apps?

    Most Linux distros would come with everything Scoble suggests (except for the hardware firewall) at no extra cost. You would get Open Office (an MS Office replacement), Evolution (an Outlook replacement), Mozilla / Firefox (an Internet Explorer replacement), ClamAV (antivirus), iptables / ipchains (2 way software firewall), and way more. Distros are available that come with all of this right out of the box why waste time and money making Windows feel secure when you can get the real thing from free and secure operating system such as Linux.

    Moving on, Scoble ignores the last two thirds (2/3) of Chris’ letter. He seems to completely ignore the issue at hand, which is the insecurity of Microsoft’s Operating Systems.

    But let us assume you can afford to pour your hard earned money at this problem and you’ve bought the newest versions of all MSFT software and you’ve spent over $200 on getting 14 layers of security in place. Great, what happens when the next vulnerability is announced and MSFT decides to wait a month or years to issue a patch? What if MSFT decides to never release a patch or make you wait till Longhorn comes out and then pay for it? You’re basically screwed. This would never happen with open-source. When Red Hat decided to cut off support for the 7.2, 7.3, 8.0 and 9.0 versions of Red Hat Linux their competitors came in and filled the gap. You can now get updates from 2 different providers: Fedora Legacy or Progeny Transition Service. Who do I go to when MSFT decides to stop patching Windows 98? Who do I go to when Microsoft decides a security issue isnt worth fixing?

    Microsoft would probably argue they fix all bugs in a timely fashion and that all this is hogwash. What about the Secunia report which Chris references?

    Anyways, its 4am here in Buenos Aires and I’m starting to lose my focus. The point I’m trying to make is that Chris is right MSFT’s Operating Systems are not a good choice for anyone but those who want to become full time security experts and even then they’ll need plenty of spare time and money to throw at the problems they’ll surely run into. Robert, if thats what you want to spend your time and money on thats fine with me, but most users dont. So next time you are at Aunt Thelma’s house pop in a copy of Xandros, Knoppix, or some other easy to use distrobution I bet she never notices the difference. I know my father didnt and he hasnt had to call me with virus, spyware or corruption since then.

    Leave a Reply