Computer Viruses and Proprietary Software

Francois-Rene Rideau fare@tunes.org
Tue, 2 Feb 1999 21:23:18 +0100


Yesterday, I had a discussion with my mother about computer viruses,
and since the spreading of such memes as viruses is relevant to cybernetics,
I thought I might share with you readers.

My mother (together with all casual computer users that I know)
has been brainwashed by the mass media
into attributing software failures to putative viruses;
indeed, such is the only kind of "explanation" she gets
about software failures from the mass-media,
and since she DOES get a lot of failures while using losedoze and mockass,
she more than not raises the possibility of the cause being a virus.
I thus tried to explain her
why she shouldn't be expecting viruses under Linux,
and why there were much more obvious causes for failures
under proprietary systems.

Let us analyze the vectors by which viruses spread,
and the factors that favorize them.
* The oldest one was floppies boot sectors,
 that would infect the machine when powered up or reset,
 and cause the computer to corrupt more floppies.
 But floppies are not used much today
 (almost not at all at my home,
 except for installing/testing new OSes,
 or giving data to non-networked people),
 and computers don't reboot that much,
 particularly not under Linux.
 Moreover, modern firmware, when properly configured
 (which is the case at home), does not even try to boot on a floppy.
 Hence, that old threat is technologically over,
 independently from the operating system being used.
* The second vector of virus is executable binary files. These still exist,
 and they are a frequent threat under proprietary systems like Windows.
* Microsoft even made this threat much more dangerous,
 by allowing for arbitrary system manipulations in "macros"
 that be silently executed when opening data files
 (particularly those obnoxious ubiquitous word processing documents!)
 But Linux also avoids this latter kind of aggravation,
 by not having such stupid document formats (which is good).
* Another factor makes things more difficult under Linux for virus developers:
 binaries vary from architecture to architecture, and
 installed programs and file paths vary from distribution to distribution;
 access rights to system resources also vary from user to user.
 hence, making a truely portable binary or script, that would take
 advantage of whatever replication means are available,
 is quite a feat (this is good in the present case, but
 also makes things annoying at times when compiling real useful programs).
 In comparison, Windows, with its one architecture and centralized
 distribution, makes development of a self-replicating program easier.
* Now the major factor is that under Linux,
 people don't pass programs around to each other;
 they go fetch the Source at the original sites, or a trusted mirror.
 This makes spreading of viruses almost impossible;
 certainly, an attack could be launched at a major site,
 replacing packages with infected code;
 but, particularly with source being available,
 and digital signatures being possible,
 doing so isn't likely to go unnoticed
 (together with the above technical restriction).
 Moreover, this wouldn't really be a virus, since it wouldn't duplicate,
 just spread from a central site.
 Lack of iterated copies means lack of accumulated chances of mutation.
 In contrast, proprietary barriers and associated bloatware tactics
 encourage people to do peer-to-peer copies, exchanging floppies or CDs,
 or whatever mass media storage is most convenient,
 containing big uncheckable binary packages,
 instead of downloading small source packages from trustable places
 in the Internet.
 This gives the potential for lots of possible virus spreading.

All in all, it is the very proprietary software model
that prevents a fluid trust market for software,
and induces the pervasive existence of viruses.
The same explanation suffices to account
for the bad quality of proprietary software in general:
no one is responsible for the quality of code;
no one can fix the code;
even the software hoarders who hold the rights to the code
won't fix bugs, unless they are complete showstoppers,
since they endure pressure not from the users,
but from the marketing department.
What makes things worse is that this problem with the proprietary model
is INCREMENTAL: not only are things bad, but they get worse with time,
as the cruft accumulates, and noone is there to do any clean up.
Certainly, there might be individual achievements in the right direction,
but you cannot rely on such random achievements to build an industry;
certainly, there will be "equal and opposite" individual achievements
in the wrong direction, too.
The proprietary software model is structurally oriented towards
bad quality software that cannot stand the test of time,
and grows bloated and uncontrollable.

[ "Faré" | VN: Уng-Vû Bân | Join the TUNES project!   http://www.tunes.org/  ]
[ FR: François-René Rideau | TUNES is a Useful, Nevertheless Expedient System ]
[ Reflection&Cybernethics  | Project for  a Free Reflective  Computing System ]
Complexity is the hallmark of stupidity
	-- Erik Naggum