I recently read an online article entitled, "Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!" written by David A. Wheeler. Looking at the title of this article, one can’t help but think to his or herself: “What is Open Source Software and why should I care?” See: http://en.wikipedia.org/wiki/Open_source_software 
 
As much as some of us don’t like to rely on any technologies that either run on Microsoft Windows, or were created by Microsoft, we can’t just take a single person’s position as gospel without checking her/his facts. This article held up to intense scrutiny in terms of the author’s documentation, facts, figures, and overall level of research quality. 
 
The crux of this article deals with the myriad of reasons that computer users should forego the purchase and installation of proprietary software in favor of Open Source Software (OSS) and/or Free Software (FS). Since this article is over 100 pages in length, and the original intent of my summary was going to focus on security, this blog entry will focus only on pages 31-49. (You can download the PDF with pages numbers from: http://homepage.mac.com/chamady/woss.pdf or the HTLM version from Wheeler's website: http://www.dwheeler.com/oss_fs_why.html ).  
 
The author David Wheeler begins the security section by mentioning the fact that when underwriting managers J.S. Wurzler sell “hacker insurance,” they charge 5-15% more if the computer(s) they will be insuring are running Microsoft Windows. The senior vice president of the company justified the pricing policy by saying that there is a greater possibility for loss if (Windows) NT is used. As a side note, Windows 2000 server, Windows XP and Windows 2003 server are all built using Windows NT technology. 
 
Wheeler then discusses the Bugtraq database and explains what it is, and what some of the numbers found in it mean. He goes on to point out the various times that pro-Microsoft journalists and other people have tried to misinterpret those numbers in favor of Microsoft. He clarifies the fact that all Linux versions are based on one common source code base, thus it stands to reason that all of the different vendors of Linux would logically have the same security vulnerabilities. If you discount the attempts by these journalist (who in some cases were actually funded by Microsoft) to see to it that various vendor’s versions of Linux and BSD were counted as individual security issues, and just count issues related in general to Linux and the BSD UNIX Oses (including Mac OS X), it is clearly seen that Microsoft has many more security problems than any of the OSS solutions. 
 
When comparing Microsoft IIs and Apache web servers, Wheeler makes some great points stating, “The Gartner Group is recommending that businesses switch from Microsoft IIS to Apache or iPlanet due to IIS’s poor security track record, noting that enterprises had spent $1.2 billion simply fixing Code Red (IIS-related) vulnerabilities by July 2001” (Wheeler, 2004, p. 37). He goes on to point out that the vast majority of what important and serious security vulnerabilities in web servers are tied to Microsoft IIs-based servers and not OSS based solutions. He also points out how unusual it was to have Gartner make this recommendation seeing how Microsoft has hired Gartner in the past to do studies for them. 
 
Viruses and spyware are much more prevalent on Windows based OSes than on any *nix OS. In the case of the former, there are very few viruses for Linux and the BSD UNIXes. In the case of the latter, the author states, “National Cyber Security Alliance’s study of May 2003 reported that 91% of Broadband users have spyware on their home computers running proprietary operating systems; in contrast, there’s no evidence of that this is an issue for OSS/FS systems (Wheeler, 2004, p. 40). 
 
I have to take issue with one thing in this section that the author pointed out. He claims that there are 40 or so viruses for the Macintosh personal computer. While there have been viruses available for Mac OS 9 which was based on the original Mac OS developed in the 1980s, there has yet to be any virus found in the wild for Mac OS X (which has been installed on every Macintosh sold since 2000). 
 
The most damning and convincing evidence that computers users should switch to OSS for enhanced security occurs on page 41. Wheeler states, “In late June 2004, the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (CERT) recommended using browsers other than Microsoft Corp.’s Internet Explorer (IE) for security reasons. Microsoft had failed to patch a critical vulnerability for 9 months, and IE was being actively exploited in horrendous ways. Customers then rushed to download Mozilla and Mozilla Firebird (now known as Mozilla Firefox), popular OSS/FS alternatives, to replace IE. This was a good idea, since 4 more serious IE vulnerabilities were soon admitted, and the technologically savvy began to switch in droves to OSS/FS browsers.” On page 42, Wheeler goes on to point out that, "The Inquirer reported that the “US Government warns against Internet Explorer”, noting that the US Government’s tone essentially pleaded for “users to stop using Microsoft’s Internet Explorer”." 
 
While Wheeler makes some solid points and backs them up with overwhelming evidence. Some questions remain: 
 
1. Do you agree with Wheeler's findings after reading the security section of his article? 
 
2. If what Wheeler says is true, why haven’t we seen a mass exodus from Microsoft Windows to either Linux, or Mac OS X like we have from Internet Explorer to Mozilla Firefox? 
 
3. Does it concern you that the Department of Homeland Security (which recommended against using Internet Explorer) has decided to standardize their IT department on Microsoft products? 
 
Just some stuff to ponder. 
CH