The Penguin Replies And How!

by Julia Fernandes    May 23, 2005

In response to the recent Rob Enderele interview , Con Zymaris CEO of Cybersource Pty. Ltd. clears the air on the much-debated, highly publicised ‘Microsoft vs Linux’ war in an exclusive with CXOtoday.com.

We first raise the issue of user friendly. Since Linux is Open Source, many companies develop different flavors. In contrast to this, all versions of Windows have the same interface.

Replies Zymaris, “The fact that Linux is Open Source makes it possible for several hundred Linux product vendors to exist and thrive. But just like humans can be different and yet share 99.99% of the same genetic code, Linux ‘distributions’ can be differentiated and yet share 99.99% of the same underlying source code. They therefore (mostly) work and operate the same way. Certainly any Linux user on a standard distribution will have no problems quickly acclimatising to any differences in any other distribution.”

“By contrast, the only company that can possibly make any successful business from the Windows product and the Office product is Microsoft, as sole and proprietary owner,” added Zymaris.

“Actually, if you investigate this, Linux user interfaces look more familiar to more Windows users than many previous versions of Windows. I have been using Windows since version 2.0, and the Windows interface has changed enough to require some thought in usage, at least 9 times. By comparison, moving from Windows to Linux, or from one Linux vendor to another, is not much more complicated.”

Does Microsoft have an needlessly high fault rate with regards to coding flaws, which generate security vulnerabilities?

“No,” says Zymaris, “Microsoft’s coding output is no better or worse than most other general coding practitioners. Where Microsoft has had flaws is with its myopic design, by not taking into consideration the security implications. Applications like MS SQL Server, Outlook, Windows and Office have created environments where it is easy to propagate security hijacking code.”

“Additionally, in years past, when it wasn’t ‘pushed’ by competition to do so, Microsoft had a woeful record of delivering security patches late, or never. Because of the intense competition from Open Source in particular, Microsoft has had to really improve its game in this area. This is why competition is good for consumers.”

However, are Microsoft’s applications fraught with flaws because its applications are popular? With the growing popularity and usability of Open Source, can Open Source solutions too turn pet targets?

Dispelling this myth, Zymaris states, “This is a common misconception. One can create code, which is very strong in terms of security and yet be very popular. Alternatively, poor-quality code can also be unpopular. Popularity does not impregnate code with
flaws, bad coding and design do.”

“Take for instance the Apache Web server. It owns most of the Web server market, (over 68% now) and yet historically has not had as many security breach problems as has Microsoft’s competitor, IIS,” argues Zymaris.

“It may be possible that higher exposure in more ‘hands’ can highlight security flaws. But in reality, when going from a user population of 5 million to a user population of 50 million, it’s unlikely to reveal a much higher proportion of code flaws. Therefore Linux, which has a user population of around 50 million would be seeing the same order of magnitude of attack exploits attempts as Windows XP, which has a user population of 250 million,” said Zymaris.

According to him, virus writers would see Linux (and Apache etc) as a big enough target now to warrant creating Linux specific viruses. However, whilst Windows has around 100,000 such pieces of malware, Linux has only a small handful. The main reason is that it is intrinsically harder for virus writers to get ‘joy’ from Linux. It’s a lot easier attack Windows, because of its design.”

Continuing further he stated, “Many Open Source applications are wildly popular. Linux, Apache and Firefox to name but three, have around 30-50 million active users. That’s enough of a ‘payload’ target to interest any cracker or virus writer. While it is not possible to make these applications impervious to all security attacks, they have, by design, a reduced security risk profile by comparison to many Microsoft alternatives.”

“You see, unlike Linux, which grew up on the Internet, Microsoft didn’t really make Windows Internet-aware until it had been shipping it for 10 years. It’s therefore hard to make Windows Internet-safe without dumping the total codebase and starting from scratch. Linux had the luxury of learning from all of Unix’s mistakes on the Internet and it was implemented in a way which made it more resilient than Windows can be,” added Zymaris.

While Linux has proved itself as an OS at the server level, the real challenge lies at the desktop level. According to a school of thought, the usability of Linux still does not match a Windows OS.

Defends Zymaris, “The usability of desktop Linux, particularly the KDE desktop, matches a current generation Windows desktop, It may not be as ’slick’, but it is certainly as functional, if not more so. Suffice to say, it is far more ‘usable’ and impressive than Windows 2000 Workstation, and many businesses ran that as a standard operating environment. Therefore, if the usability of Win2k was enough for business, the usability of current generation desktop Linux is more than good enough. People merely have to try it out to prove this to their own senses,” said Zymaris.

However, is defining a proper business model for an Open Source development a major hurdle?

Says Zymaris, “I’m not a believer of business models. I believe in businesses. By which I mean: offer good service, look after your customers, make more money than you spend, look after your staff, select technologies where you have the control, not another party.

“It is just as easy for a system integrator or a solution provider or a services support firm to make money from Linux as it is from Windows. Since most businesses are not software publishers, Linux and Open Source are an easy fit for them to sell,” stated Zymaris.

Speaking further he continued, “If you are a software publisher who is considering going the Open Source route, then you have to do your homework. Can you use the advantages that the Open Source realm offers you, in terms of shared development and debugging, friction-free global distribution and free marketing, to offset your weaknesses? If you don’t have plenty of venture capital cash to push the product you’ve developed out into the market, then perhaps Open Source may indeed be your best bet at success. Look at Red Hat, MySQL, JBOSS, Zope and an increasing number of others.”

According to Zymaris, “Microsoft now spends around of $100-200 million per year on anti-Linux advertising and related activities. Ironically, this money seems to be wasted as few are foolish enough to be swayed by reports produced by Microsoft’s cronies.”

“One thing is certain; trying to compete against Microsoft on its terms has been shown to fail time and again, because Microsoft has undue influence and power within its ecosystem,” admitted Zymaris.

“The Linux industry has therefore produced an ‘alternate universe’ of better value, higher quality components, open to all commercial and non-commercial contenders. This commercial driver, permitted by the openness and economic freedom of the open source legal framework, will be what finally permits the rest of industry to dethrone Microsoft as proprietary-monopolist incumbent,” said Zymaris.

Tags: linux