Security in secrecy?

Posted on by

The BBC reports on a self-described “security” firm report which suggests running MacOS X instead of Microsoft Windows because so much “malware” runs on Microsoft Windows. Apparently, the question of software freedom was never considered.

MacOS X is not entirely free software. It’s a combination of free software and non-free software. There are many portions of that OS which are not free for users to inspect, share, or modify. Hence, by default, they are not trustworthy.

This logic seems to have escaped Sophos and the BBC doesn’t dare to question it when Sophos reaches their conclusion to recommend one master over another.

Furthermore, consider these tips from the BBC “Staying Safe Online” sidebar:

Use reputable anti-spyware programs such as AdAware or Spybot

Both of these programs are proprietary; how they work is a secret to be kept from the user, like with all proprietary programs. What they do on one’s Microsoft Windows installation is unknown except to the proprietor. By relying on them to tell the user that their computer is “safe”, the user is led to believe that one uninspectable, unsharable, and unmodifiable program can undo the ill effects of another uninspectable, unsharable, and unmodifiable program such as the programs which make up non-free operating systems.

Do not open e-mail messages that look suspicious

This is recommended because Outlook and Outlook Express, two proprietary email clients, will act on email that is being shown to the user without the user’s express permission to execute anything. In fact, Outlook Express, the more popular of the two proprietary clients has been known to act on email before the user selected it. In other words, these programs were written badly and ought to be fixed. But users are prohibited from fixing the programs themselves or getting anyone else to fix them.

One can avoid this problem by switching email programs to something that respects user’s freedoms, like Thunderbird if you want a graphical email reader or mutt for command-line users. But running these on top of a proprietary OS doesn’t completely solve the problem, although it is a significant step in the right direction.