Does Microsoft’s “Monopoly” Threaten Computing?
Analysis: CCIA's damning report on Microsoft monoculture seems off target.
Powerful people, whether presidents, dictators, celebrities,
or high-tech CEOs, are used to getting hammered by the press. It comes with
But a recent report issued by the Computer and Communications Industry Association
may be the best example of piling on since Rosie O’Donnell made her last
ham sandwich. According to the seven authors, the sheer dominance of Microsoft’s
desktop operating system line creates a massive vulnerability that threatens
our national security because one malicious hack can target more than 90 percent
of today’s desktops.
The fact that thousands of hackers throw stones at Windows and sometimes hit
the mark hard is nothing new. Any 10-year-old who watches network news knows
that. Is Microsoft at fault for building vulnerable software? Sure. But we don’t
need repetitious blame; we need solutions. This report is big on the former,
and nearly bereft of the latter.
The valid arguments made in the report are overshadowed by the unmistakable
stench of bias, and wandering into areas beyond the authors’ expertise,
including federal anti-monopoly laws. “Microsoft’s efforts to design
its software in evermore complex ways so as to illegally shut out efforts by
others to interoperate or compete with their products has succeeded,” the
report, authored by technologists—not lawyers—stated.
So, the first argument is that Windows is insecure because it has too many
Next, the authors take Windows’ marketshare to task, coining a new phrase
in the software world: Monoculturalism. “The presence of this single, dominant
operating system in the hands of nearly all end users is inherently dangerous,”
the report stated.
The answer? Break the Microsoft stranglehold. “A requirement that no operating
system be more than 50 percent of the installed based in a critical industry
or in a government would moot monoculture risk.”
This left IT experts scratching their heads. “Who is going to mandate
the 50 percent rule? Who is going to enforce it? Although Microsoft has been
shown to have abused its monopoly power and remedies have been imposed, in America
at least the market still rules, not some central planning bureau that would
dictate which computers should have which operating system,” said Stephen
A. Crandall, Assistant Professor of Information Technology at Myers University
in Cleveland, Ohio.
It’s difficult to see how increasing Linux and Macintosh market share
will change the fundamental Windows security model. In fact, one could argue
that it’s easier for Microsoft and third parties to harden a single operating
system than it is to lock down the Mac and dozens of versions of Linux.
And increased share for Linux and Mac will make them hacker targets as well,
leaving IT to support and protect several desktop environments that essentially
do the same thing.
Windows is far from the only hacker target. In the mid-’80s, the Commodore
Amiga was a cesspool of viruses, equally as vulnerable as what we see with Windows
today. The Morris Worm in 1998 exploited a vulnerability in Unix sendmail, crippling
600 large Unix boxes and bringing the Internet to its knees.
More importantly, IT has long lamented the cost of supporting multiple platforms.
In large measure, it was IT that drove a single OS platform, a single desktop
suite, as well as Ethernet and IP as standard networking technologies.
The authors argue that Microsoft should be forced to help competitive OSs succeed.
“Microsoft should be required to support a long list of applications (Microsoft
Office, Internet Explorer, plus their server applications and development tools)
on a long list of platforms. Microsoft should either be forbidden to release
Office for any one platform, like Windows, until it releases Linux and Mac OS
X versions of the same tools that are widely considered to have feature parity,
compatibility, and so forth,” the authors state.
Some IT pros simply trust that Microsoft will eventually do the right thing.
“With so much apprehension [about] security risks, I feel that Microsoft
is forced to strive to be as secure as possible, and will continue to put emphasis
on making its products impervious to attacks. It will be a very difficult task
for any competitor of Microsoft to change the minds of IT departments and adopt
other OSs,” said Randy Williams, Project Manager, Network & Engineering
Services, Crouse Hospital Information Technology.
Finally, Microsoft should reform Windows and Office into discrete, “loosely-coupled”
components, the report argued. This way an attack on, say, a dialer, won’t
provide a direct path to core OS features.
The report is absolutely right when it argues that Microsoft should do more
to lock down its software, including reevaluating the massive integration of
new features in its desktop OSs. And competition, whether on the desktop or
server, is always good. Unfortunately, these valid points are obscured by over-reaching,
a lack of solid remedies, and unrealistic suggestions.
Doug Barney is editor in chief of Redmond magazine and the VP, editorial director of Redmond Media Group.