News

Does Microsoft’s “Monopoly” Threaten Computing?

Analysis: CCIA's damning report on Microsoft monoculture seems off target.

• By Doug Barney
• 09/25/2003

But a recent report issued by the Computer and Communications Industry Association may be the best example of piling on since Rosie O’Donnell made her last ham sandwich. According to the seven authors, the sheer dominance of Microsoft’s desktop operating system line creates a massive vulnerability that threatens our national security because one malicious hack can target more than 90 percent of today’s desktops.

The fact that thousands of hackers throw stones at Windows and sometimes hit the mark hard is nothing new. Any 10-year-old who watches network news knows that. Is Microsoft at fault for building vulnerable software? Sure. But we don’t need repetitious blame; we need solutions. This report is big on the former, and nearly bereft of the latter.

The valid arguments made in the report are overshadowed by the unmistakable stench of bias, and wandering into areas beyond the authors’ expertise, including federal anti-monopoly laws. “Microsoft’s efforts to design its software in evermore complex ways so as to illegally shut out efforts by others to interoperate or compete with their products has succeeded,” the report, authored by technologists—not lawyers—stated.

So, the first argument is that Windows is insecure because it has too many features.

Next, the authors take Windows’ marketshare to task, coining a new phrase in the software world: Monoculturalism. “The presence of this single, dominant operating system in the hands of nearly all end users is inherently dangerous,” the report stated.

The answer? Break the Microsoft stranglehold. “A requirement that no operating system be more than 50 percent of the installed based in a critical industry or in a government would moot monoculture risk.”

This left IT experts scratching their heads. “Who is going to mandate the 50 percent rule? Who is going to enforce it? Although Microsoft has been shown to have abused its monopoly power and remedies have been imposed, in America at least the market still rules, not some central planning bureau that would dictate which computers should have which operating system,” said Stephen A. Crandall, Assistant Professor of Information Technology at Myers University in Cleveland, Ohio.

It’s difficult to see how increasing Linux and Macintosh market share will change the fundamental Windows security model. In fact, one could argue that it’s easier for Microsoft and third parties to harden a single operating system than it is to lock down the Mac and dozens of versions of Linux.

And increased share for Linux and Mac will make them hacker targets as well, leaving IT to support and protect several desktop environments that essentially do the same thing.

Windows is far from the only hacker target. In the mid-’80s, the Commodore Amiga was a cesspool of viruses, equally as vulnerable as what we see with Windows today. The Morris Worm in 1998 exploited a vulnerability in Unix sendmail, crippling 600 large Unix boxes and bringing the Internet to its knees.

More importantly, IT has long lamented the cost of supporting multiple platforms. In large measure, it was IT that drove a single OS platform, a single desktop suite, as well as Ethernet and IP as standard networking technologies.
The authors argue that Microsoft should be forced to help competitive OSs succeed. “Microsoft should be required to support a long list of applications (Microsoft Office, Internet Explorer, plus their server applications and development tools) on a long list of platforms. Microsoft should either be forbidden to release Office for any one platform, like Windows, until it releases Linux and Mac OS X versions of the same tools that are widely considered to have feature parity, compatibility, and so forth,” the authors state.

Some IT pros simply trust that Microsoft will eventually do the right thing. “With so much apprehension [about] security risks, I feel that Microsoft is forced to strive to be as secure as possible, and will continue to put emphasis on making its products impervious to attacks. It will be a very difficult task for any competitor of Microsoft to change the minds of IT departments and adopt other OSs,” said Randy Williams, Project Manager, Network & Engineering Services, Crouse Hospital Information Technology.

Finally, Microsoft should reform Windows and Office into discrete, “loosely-coupled” components, the report argued. This way an attack on, say, a dialer, won’t provide a direct path to core OS features.

The report is absolutely right when it argues that Microsoft should do more to lock down its software, including reevaluating the massive integration of new features in its desktop OSs. And competition, whether on the desktop or server, is always good. Unfortunately, these valid points are obscured by over-reaching, a lack of solid remedies, and unrealistic suggestions.