Friday, March 8, 2013

Is Proprietary Software Exploitation?

(Photo credit: nathanng)
By +Dietrich Schmitz

The Pwnium 3 results are in.  Not one successful hack was made on Google's Chrome OS.

This is in stark contrast to the results for Pwn2Own also held at CanSecWest 2013 where all browsers were pwned.

The winners take their prizes but does anything else change?

Not really.

What do I mean?

I mean, it's the same status quo.  Businesses continue to rely upon Microsoft Windows and the burgeoning security issues continue to be exploited and ever more so by hard-core international crime rings.  The shooting fish in a barrel continues.  And SecureBoot won't stop exploits from gaining control of a machine, at least of the Windows kind.

It gives pause for thought.  How come open source Chrome OS can hold hackers at bay when Microsoft Windows can't?  What is the difference if it's proprietary or open source?

I have posited a theory that proprietary software breeds (intentionally or otherwise) exploitation.

How so?

We can't see Microsoft's Windows code base.   At least, most of us can't.

Microsoft in that respect holds an advantage over their client base.  Some will respond to say that is the nature of the free enterprise and capitalism and merely the right of the concern to protect their intellectual property.

In a story by +Simon Phipps entitled, Open Source Nurtures Innovation, he asserts 'I believe an open source environment potentially makes software innovation cheaper and easier'.  He goes further to explain:

"As a proprietary developer, you are responsible for the eternal care of every line of code you add to your software. In the early days, you can be very productive, creating clean, fresh software that is compelling and doing so fast because you're in complete control of the process. But the code you create is your sole responsibility, and as it gets more and more substantial - and as you have more and more paying customers depending on it - the burden of sustaining it grows. 
You may have been responsible for 100% of the innovation, but with proprietary code you're also responsible for 100% of the care and feeding of what you write. That means as you add your next innovation, you're solely responsible for all the ones that came before. That means you're the one responsible for keeping everything working as the operating environment - OS, app server and so on - changes around you. It's like spinning plates.
But in an open source environment, the burden of sustaining is shared among the community. That means that instead of being solely responsible for the sustaining of every innovation they add, innovators can contribute their work to the shared code commons and have the sustaining shared by everyone. They are then liberated to innovate more. Unlike a proprietary code base where the only option is to handle 100% of the sustaining yourself, in an open source project an innovator can expect to have a gradually reducing sustaining burden from each innovation they contribute."
We now have a situation where in the Microsoft proprietary world of Legacy Windows 8, a huge code base with a limited set of eyes maintaining the code.  As it grows, so do the demands to keep that code up to date on revision maintenance and security patch management.

There is no transparency in their process.  Only internal staff know 'to what extent' there are internally-documented security issues and we, the general public, only know what is 'officially' documented by Microsoft.

We must trust that they are applying due diligence.  In not being able to see their source code and have oversight, any number of issues may not be discovered and become completely neglected resulting in placing the licensee at a disadvantage.  The licensee is tied to the software and must wait for Microsoft's software revision release schedule to have either needed features or security patch management.

The control by Microsoft of their source code results in exclusion and fosters an environment in which the licensee is placed at a disadvantage to wait for Microsoft to take appropriate action, or none at all.

Open Source fosters sharing and leverages world-wide programming resources, which far exceed the capability of what Microsoft can muster.

Thus we see another iteration of Microsoft 8 Legacy (x86) and additional licensing costs for the end-user with little benefit.  It's the same circa 2000 WinNT kernel and code base with a Modern UI exterior which has been found to be of little benefit and most IT shops are turning it off entirely using third-party utilities.

The exploitation continues--more licensing cost and little or no benefit.  It's Microsoft proprietary recycled software bits with a new skin.

Microsoft's innovation is marginal at best and in the end the Licensee continues to absorb the cost of new software with little value--because they have to.

In Neoclassical economic terms, Microsoft is an elite minority monopoly exacting control of their Licensees who are facing 'vendor lock-in' and limited to yielding to Microsoft's bargaining power to effect new Licensing and further control of how the Licensee uses their recycled bits.

This is the nature of exploitation and Microsoft's position and actions or lack thereof are consistent with that.


Enhanced by Zemanta

1 comment:

  1. Is reading this blog like driving a nail into your brain? Yes.

    Close it down, Dietrich! Or someone will.