Thursday 3 June 2004

Simon MOORES

Thought for the day:
Linux - a weapon of mass destruction?

If Linux is feared as a tool for terrorism, then why are the majority of servers run on open source, asks Simon Moores.

There is, it appears, a great opportunity for Linux in the new Iraq, but it will come as no great surprise to anyone familiar with the progress of the reconstruction programme that there is a problem.

The US Department of Commerce has classified Microsoft Windows and Sun Solaris as "mass-market encryption products" - meaning that the suppliers can ship them to Iraq without a licence.

"Publicly available" software such as Linux remains under sanctions, because it implements certain security standards, namely, strong encryption. Ipso facto it may be harnessed as a terrorist tool to conceal communications and, as a consequence, Baghdad has become a Penguin-free zone, although I’m not entirely sure about Basra, which lies under British control.

I recently declined an offer to go to Iraq. I’ve known one person who survived a mortar attack and won a gallantry award and another who sustained serious injuries when a grenade bounced off him in Bangladesh.

Twenty-four years ago, I recall being at Lympstone, when the Royal Marines were looking for volunteers to join the garrison of a small unknown island group in the South Atlantic. Not being interested in either salmon fishing or sheep, I passed. A good decision, I thought some months later, when a group of heavily armed Argentinean tourists arrived one night without reservations.

Back to Iraq then, and a reliable electricity supply might be a good place to start, followed by a supply of personal computers that can be used to kick-start education and the economy. 

For much of the Arab world however, personal computing and Windows are synonymous, partly because in any bazaar one can pick up just about any Microsoft product for a few dollars. Software piracy is rife in many countries and possibly, like smuggled copies of Linux, it's the last thing the US marines are worrying about at present.

In contrast, with the news that Linux may yet have a part to play in the war against terrorism, there is reassuring news from The George Mason University in Virgina that Microsoft's dominance of the desktop operating system market is not a threat to US national security. 

The university’s report, based on advanced network simulations, concluded that any future attempt to attack and exploit Windows is unlikely to produce a catastrophic failure of the internet. While it focused on the proprietary monopolies held by Microsoft on the desktop and Cisco in the router market, the study also suggested the growing importance of the security of open-source products.

The internet, it seems, is more resilient than we give it credit for, and although patching and mass exploitation of Microsoft products has become a regular fact of life for computer users, the university argued the weaknesses reside at a less critical point on the network.

One reason the internet is more resilient than previously thought lies in Microsoft's smaller presence in web server software, where it holds just 21% of the market, compared with a 97% market share on the desktop.

The research concluded that an exploitable technology must be present on more than 43% of nodes in most networks before the potential for massive failure of the internet becomes a possibility.

If you hadn’t guessed already, if Microsoft only has a 21% share of the web server market, then 67% of the web's 50 million servers must be running on open-source Apache - an exploitable weapon of mass destruction in the wrong hands or simply another reason to choose Linux over Windows? You tell me.

Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.

Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of e-government and information security.

For further information on Zentelligence and its research, presentation and analyst services visit www.zentelligence.com