Security bulletins, computers, and cars

If you’re connected to the internet, you are vulnerable to attacks. I don’t care what operating system, which browser, what firewall, anti-virus, or anti-spyware you have installed—there’s a vulnerability on your system somewhere. Even the tools security researchers use to analyze attacks can be used against their owners as a way of breaking into their machines.

People discover new vulnerabilities all the time, for all operating systems. Computers are complicated things, complicated enough that nobody can forsee all the possible ways to break into them. As people discover new ways of breaking into computers, other people develop countermeasures to keep your personal information safe. It’s an escalating war between thieves and people trying to stop them—and your data is the battleground.

If you’re running a business, a compromise could lead to you revealing any data you have about your customers, thus potentially leading to you being the target of a lawsuit

In July 2005 there were major vulnerabilities for all of the major operating systems. Basically, if you were on the internet, you needed to update your computer.

First off, Windows. Those poor souls limping along with Windows 98, ME, or NT reached the end of the line. Microsoft announced that they do not plan to release a fix for these operating systems, for the critical vulnerability revealed in July. If you use any Windows 98 or ME machines to browse the internet, you’re vulnerable, and the only thing you can do is update to a newer operating system.

What’s the issue? Basically, there’s a problem in the Windows code that translates image files from files to pictures. All you have to do is view a specially crafted image in any Windows program. Including Office, Outlook and Internet Explorer. Including Firefox. Including just about everything that can show you a picture. You could get infected by following a link on Google to a less-than savory site, or opening a Word document from a friend.

Anti-virus software can help block known viruses, but as always, can’t protect you from brand new viruses until the anti-virus folks can discover, dissect, and create virus signatures to detect them.

Now let’s take a look at another vulnerability from July: Firefox, Thunderbird, and the other Mozilla packages. New versions of each were released to fix some potential flaws that could lead to hijacks on any operating system.

Even the tools security researchers use to analyze attacks can be used against their owners as a way of breaking into their machines

Mac users on the newest version of the Apple operating system also got a major security release, for users of OS 10.4.

Fourth vulnerability: Zlib packages. Zlib is a set of software that makes files take up less space on the disk. This may not sound like much, but it’s built into hundreds of other programs, on all platforms. Especially Unix-based platforms, like Mac and Linux. There isn’t a specific action to take here, so much as keeping an eye on bulletins for programs you use.

Computer maintenance vs. car maintenance

Which brings me to the point of this article. Like it or not, somebody needs to actively take responsibility for keeping each computer up-to-date.

Think of your computer like your car: every 3,000 miles, you change the oil. Every 15,000 miles, it goes in for more major maintenance. And as things break, they need to get fixed.

Computer maintenance is similar to car maintenance in that with the proper tools, talents, and time, anybody can do it. But do you really want to? Most of us just take our cars into somebody else’s shop and pay somebody to handle the maintenance for us.

Obviously though, computer maintenance is different than car maintenance. Without maintenance, your car will eventually break down and stop working. It could kill you in the process, if something catastrophic goes wrong at a bad time. With a computer, the risks are entirely different:

  • Your computer could break down, taking all of your digital photos, finances, and documents with it.
  • Your computer could slow down, when a virus or spyware starts using up all of its memory, and uses your internet connection to send itself to all of your friends.
  • Spyware or viruses could reveal your personal information, such as your credit card numbers or social security numbers, along with anything you ever type into it.
  • Worms or viruses could lead you to being unable to get to web sites or send email to your friends, if your computer becomes marked as a virus-carrier.
  • If you’re running a business, a compromise could lead to you revealing any data you have about your customers, thus potentially leading to you being the target of a lawsuit.

Aren’t you exaggerating a little?


Technology people have an expression that’s starting to spread to the mainstream: FUD. FUD stands for Fear, Uncertainty, and Doubt, and basically refers to a marketing practice of whipping up these emotions in people in order to get them to buy a particular product, service, or U.S. Congress bill. So before I give you my marketing pitch, let me borrow a phrase from the late Douglas Adams:


But my point is valid. Think of all the complicated machinery we all have in our houses and lives, besides cars: televisions, toasters, DVD players, digital cameras, refrigerators, ovens, grills, bicycles, furnaces, and vacuum cleaners to name a few. None are as sophisticated or complex as your desktop computer. Most are far more reliable than your desktop computer. All require some sort of maintenance, and many require special expertise to provide that maintenance. And none of these can reveal your financial identity to a thief who lives on the other side of the world. At least not until you hook your toaster up to the internet, anyway.

Do I have to become a geek?

You don’t need a license to run a refrigerator, but you do need quite a bit of training to learn how to drive a car. A hundred years ago, only a handful of enthusiasts knew how to drive a car, and most of them, out of necessity, had to become mechanics while they were at it. Today, hundreds of millions of us drive every day, without thinking twice about it. And we hire mechanics to fix our cars for us.

We’re still early in the development of computers—and already more than half of all Americans use them. We expect them to be as reliable as our cars and refrigerators, and when they’re not, we get frustrated. But we’re already completely dependent on them for our businesses. And, as the line between content producers and content consumers starts to blur, they’re starting to have a major impact on our culture.

If all you’re doing is sending email and using the web, you can have an internet appliance that essentially cannot be infected by spyware or viruses—every time you start up, it’s like having a completely fresh installation of the operating system

But collectively, our computer driving skills could use some work. Careless computer use can lead to the results I pointed out earlier: loss of data, computers that become sluggish and unusable, problems accessing things everybody else can use, theft of your financial identity, and potentially even legal trouble.

Computer mechanics are starting to appear, all over the place. And while fixing a computer can often cost more than buying a new one, if you don’t learn some basic computer driving skills, you’re going to need to hire a mechanic even more quickly.

If you’re going to use a computer, you’re going to need to learn some basic driving skills if you haven’t already, and you’re going to need a mechanic.

What do I do now?

If you’re set up with Windows 2000 or Windows XP, once you’ve done your updates, you’re fine... for a while. If you’re using a recent Mac, you’re also probably fine once you’ve done your updates. If you’re still on Windows 98 or Windows ME, it’s time to upgrade.

Before going out and buying Windows XP, however, it might be a good time to look at some alternatives. Unless you have a compelling reason to stick with Windows, if your needs are modest you’ll probably end up saving quite a bit of money by switching to Linux. Why?

Hardware costs

Your Windows 98 computer may have (barely) enough resources to run Windows XP, but most of the Microsoft software keeps demanding faster computers with more memory. If all you’re doing is email, web browsing, and office document-type of work, many businesses will be happy to set you up with a streamlined Linux distribution that will do all this for you easily, and breathe new life into that old hardware of yours.

Software costs

Most people are used to buying programs to do everything. Need to do something new? You have to go shell out another couple of hundred dollars. A recent computer I purchased for a client cost $600 for the basic computer and a nice flat panel monitor. The Microsoft software to go with it cost another $500. If you’re willing to try open source software, that $500 could be spent learning how to use some of the free, powerful alternatives. It’s no longer necessary to buy basic application software—for just about every business need, there is an alternative that costs nothing more than the time spent learning to use the application, or paying someone to train you.

Administration costs

Microsoft provides a great package of tools for managing hundreds of computers in large enterprises. The Windows Update service works reasonably well for individuals. But if you don’t want to be your own IT professional, hiring someone to do it for you remotely, especially for more than one or two computers, costs more money because you have to pay them to come and visit your office every time something needs to be done. It’s possible to set up remote administration facilities for Windows, but this costs more money, while the ability to administer Linux machines is built into the core system. If I install Linux on your computer, I can easily turn on a couple of features that allow me to securely administer your computer from my office. The closest Windows equivalent, Remote Desktop, was the target of another of July’s security vulnerabilities.

No escaping administrative costs

With Windows, somebody needs to administer the machine. You need to be an administrator to do many tasks, and if that’s not you, it’s gotta be somebody. In the Linux world, some people have built operating systems that don’t need a hard drive—they can run entirely off a CD-ROM. If all you’re doing is sending email and using the web, you can have an internet appliance that essentially cannot be infected by spyware or viruses—every time you start up, it’s like having a completely fresh installation of the operating system. Cleaning your system is as simple as restarting your computer. Upgrading is as simple as putting a new CD-ROM in the drive and restarting your computer.

Alternatives to Windows

These do exist, and they come in all shapes and sizes. Many businesses can help you figure out the best strategy for keeping your current costs low, while also keeping your computing costs down over the long haul. Just remember that no matter what anybody tells you, as long as you’re using computers there’s going to continue to be costs involved. Talk to a professional you trust before making major purchasing decisions.

Why not switch to Linux?

You might hear a lot of FUD about how Linux is more expensive, that “it’s not ready for the desktop”, that it’s hard to configure and use, or that it’s confusing. In many ways, Windows still isn’t “ready for the desktop” either—you still have to have somebody administer the machine, to make one point.

FUD stands for Fear, Uncertainty, and Doubt, and basically refers to a marketing practice of whipping up these emotions in people in order to get them to buy a particular product, service, or U.S. Congress bill

To a beginner, all computers are mysterious, complicated, and confusing. Even driving a mouse takes muscle coordination that you may have forgotten that you’ve actually learned. In learning to drive a Windows machine, you may have picked up all sorts of habits that are as unnecessary as double-clutching a modern car—habits like rebooting when something goes wrong. Switching to Linux can be like renting a car in another country—the signs are unfamiliar, you drive on the other side of the road, you’re sitting on the wrong side of the car. There is a definite learning curve involved in switching to Linux, but with a little time behind the wheel, you’ll soon feel right at home.

For the new computer user, learning to use Linux is no harder than learning to use Windows. For really experienced users, Linux offers far more power, customizability and flexibility that makes Windows feel constraining. It’s only those in the middle who have been using Windows for years that have any trouble making the switch. And because large corporations are filled with people who have been using Windows for years, most of the FUD stories you’ll hear add retraining and temporary loss of productivity as a significant cost.

The other reason you might not be able to switch to Linux is if you rely upon some application that’s not available in Linux. I don’t mean Microsoft Word or Powerpoint—those can be completely replaced by (without even switching to Linux). But, in just about every primary business, there are key programs you and your colleagues use, that people in other industries don’t need. Many have free software, Linux-based equivalents, but the free software versions are often far behind in terms of functionality.

Now, I’m not an expert in these areas, but I’m going to provide some examples of software with different types of issues preventing people from switching:


Assessment: Great equivalents; migration is expensive

Proprietary software: Quickbooks

Free software equivalent: GnuCash, SQL Ledger

It seems like all small businesses use QuickBooks, as if there was no other choice. It’s an automatic decision for most businesses. Never mind that many accountants prefer PeachTree. But in any case, there are some great business accounting packages for Linux, and we have quite a bit of experience working with them. Personal finance programs are definitely more polished in Windows, but it’s easy to find some simple checkbook managers for Linux. Bookkeeping seems to be the single biggest barrier for moving a small business to Linux—not because there isn’t an alternative, but only because people are stuck with several years of data in what they currently use.


Assessment: Good equivalents, missing a couple high-end features

Proprietary software: Photoshop

Free software equivalent: The GIMP

The GIMP is a powerful image manipulation program that does nearly everything Photoshop does. However, until version 2.0 came out a year or so ago, it didn’t handle the CMYK color model, which professional photographers and printers need for print production. The GIMP is now pretty much equivalent to Photoshop 6.0, and can read Photoshop files directly. Color management in general is a weak area for Linux and The GIMP.

Print publisher

Assessment: Good equivalents, not quite mature

Proprietary software: InDesign, Quark

Free software equivalent: Scribus

Scribus already does most of what PageMaker could do, and it’s only a couple years old. Compared to InDesign, the main lack you’ll find in Scribus is the ability to drag and drop pictures and text from other programs—another weak area for Linux in general. There’s a way to do just about everything related to laying out and printing a brochure or sales pamphlet in Scribus, but figuring out how can be a challenge. Unlike The GIMP, color management is one of the strong points for Scribus, and most of its users are professional desktop publishers so you know it has compelling features. It also can do PDF forms, and most anything you’d like to do in a PDF. However, I don’t know how effective it would be for laying out a longer catalog or magazine.


Assessment: Equivalents for modest needs

Proprietary software: AutoCAD

Free software equivalent: QCad

QCad is a 2-dimensional CAD program. It doesn’t have the 3D capabilities of AutoCad, but it’s a lot easier to use in general, and if you don’t need the 3D views, you may find it a great solution at a fraction of the cost. QCad can read industry-standard DXF files.

Building contractor

Assessment: No equivalents

Proprietary software: Various estimating packages

Free software equivalent: None

There are about a dozen different packages for generating estimates for housing remodels. Some include regularly updated databases with prices of materials in particular cities. As you get to the lower end of software, there are a lot of authors of shareware packages to meet very specific needs, and only a few of these have moved to a free software model.

Moving to free software

Even if you’re stuck using a proprietary, Windows-only software package in your business, there’s no reason you can’t start taking advantage of free software for the rest of your business, and start limiting your dependence on vendors who can cut off your service. If you have several computers in your business, you might keep one of them on Windows to run the software you need for your business, and cut the licensing expenses on the rest of your computers.


This work is licensed under a Creative Commons Attribution 3.0 Unported License.