Security Isn't Just Avoiding Microsoft

Jay Singala noted a story which points out "It's time for all the people who have entertained this fantasy to stop deluding themselves. How would life without Microsoft be different? It wouldn't be in any meaningful way for those in charge of network security; there would just be a different vendor peddling the dominant operating system."

Free Software can do that.

[twitter]

What would life on the Internet be without scriptable office documents/spreadsheets, email, web sites, and be like? A whole lot safer, regardless of the Operating System.

Mixing executable code and data is a bad idea but it can and has been done with sandboxes on real OS with real users and privilege separation.

There are many other significant differences between free and non free software that have an operational impact. Some of the more obvious ones are:

• GNU/Linux has many distributions - there will be no dominant vendor.
• Different distributions, while data and GUI compatible, have package and compile choice - they are completely different binary beasts.
• All of the distributions come with a much better security model, architecture and defaults than Widoze will ever know - No auto execute, no mixed data/executable, ports that only listen when you turn on a service, extensive documentation, real users and privilege separation, this list goes on and on.
• Every install can be the newest available because changes rarely break anything.
• Security updates come from one location, within days or hours of a problem, and are easy to push through any organization.
• Binary disaster recovery without obnoxious licensing, registry settings and all of that, is trivial. Applications all install squeaky clean and at the latest stable revision.
• Strict separation of user data from binary and system settings makes backing up and restoring user data easy. The user gets back everthing they had.