News Posts In Category
Government Going Apple?
ComputerWorld Pits Snow Leopard Against Windows 7 (Again)
As an IT professional, I support both operating systems at work. But I have Macs at home; after all, who wants to troubleshoot computer problems on their own time? My final verdict in this smackdown? It's not even close: Snow Leopard is the better OS.I couldn't have put it better myself.
Analysis Shows Snow Leopard Faster Than Windows 7
A Gift for Self-Deception
For a long time now, I've been explaining why the world would have been better off if Apple's computers had come to dominate homes and businesses. I've focused on the virtues of Apple's software almost exclusively, even though Apple has for most of existence been primarily a hardware company, like Dell or Hewlett Packard. Why? Because it's clear to all us Martians that what makes or breaks a computing experience is the software. To paraphrase one of your ex-Presidents, "It's the Software, stupid!"
I've also come to believe that humans are genetically predisposed to self-deception, allowing them to talk themselves into whatever point of view is most convenient, or is perceived as being in their best self-interest. Thus, argument over the relative worth of one technology or another is pointless, because no carefully researched and supported set of facts will ever be enough to persuade someone with the opposite view. Indeed, the truth of this axiom is encapsulated in the common human phrase of folk wisdom,
"You can lead a horse to water, but you can't make him drink."
I've noted that when someone conjures this phrase to explain a colleague or acquaintance's intransigence about something, those listening will nod to each other knowingly and somewhat sadly aver, "So true."
And yet, how many humans really think they're as "stupid" as horses?
The only time a change of opinion occurs is when some circumstance in a person's life changes sufficiently that what was highly dubious before is now patently obvious. This is why you read so many stories of former PC users who, when confronted with the necessity of using a Mac for a period of time, invariably come to understand how far beyond superior the Mac operating system is when compared with Windows.
I spend little time using Windows nowadays, but my wife is still forced to use a PC for her job. As we both work at home, I have become her de facto Help Desk support for tasks that her remote technicians can't handle. So it was that today I managed to raise my green blood pressure far too high for sustainable health, all in the cause of trying to get a scanner to work with her Dell laptop.
Working with Windows is a lot like trying to communicate with automated phone systems. One menu will explain a variety of choices. Then, you find that either none of them are helpful, or some of them promise more than they deliver. For example, in this case Windows let me know that I had attached a new piece of hardware. (Duh!) Then it offered options to (a) let it try to find the driver on its own or (b) insert a CD that contains the driver. I was skeptical of option (a) but decided to try that. Well, of course Windows came back almost immediately to tell me it couldn't find the driver.
On a Mac? Apple keeps hardware drivers current with all of its OS releases, including incremental updates, and I've almost never had to go searching for a driver for common hardware like scanners and printers. (A Windows user at this point will self-deceptively point out how much more hardware is available for the PC, etc. All I can say is, Mac users have more than enough choices in hardware peripherals, thanks.)
Step two was so infuriating that I refuse to explain it in detail. This involved finding and downloading Canon's driver and software. The finding part was easy as pie thanks to Google and Canon's easy-to-use website. The downloading and installation parts, however, were beyond maddening. The experience exposed so many obvious weaknesses in Windows usability that I had to again wonder how PC users put up with it. I said I wasn't going to go into detail, and I'll try not to. But here are a few observations:
- Clicking download doesn't just download the file, as it does on a Mac. Instead, it spawns a dialog box that requires a choice: Download, or "Run". So, I ran. (Again, a Windows guru would say, "But you can avoid having to make that choice each time by..." And I say, "Yes, but you forget how clueless most computer users are. Even though you can do this, it's not the default experience that it should be.")
- So, after running, nothing happened. Nothing. I thought I'd done something wrong, so I downloaded again. My wife noted that Canon's site suggests saving the file rather than running it, so I did that. But where to save it? From the file browser it took far longer than it should to locate the Desktop, which I assumed would be the default location. Even if it's the default, I had to manually choose it. *Groan*
- So once the file was downloaded, I just wanted to click it on the desktop. Guess what? There's no obvious way to expose the desktop. My wife, a 20-year PC user, says she always minimizes all the windows to get there. Good grief. Think of all the lost time in corporate America with clueless users trying to find their desktop. Scary.
- Having installed, I then had to go through another wizard that wanted to help me help Windows connect the hardware with the driver. To get to the wizard, I had to find the control panel for scanners, another task that all its own makes using Windows look hard from a Mac perspective.
Why does this seem ridiculous to Martians? Simply because, using Mac OS X, you just plug your scanner in and... there's no step two. The Mac's built-in Twain driver typically can pair with the scanner even if the company-specific scanner is unavailable. And since this is a core service of the operating system, it works with any Twain-aware software. Isn't that an obvious approach?
This lengthy and agonizing task (don't even get me started on the Windows user interface, and I'm not talking about its relative beauty) reminded me of another tragedy of modern computing, which I've written about before. Namely, the institution of a "Help Desk" in all companies today is not one of the inevitable costs of having computers on every desk. It is quite obviously the result of having IBM PCs running DOS or Windows computers on every desk.
The process of setting up a scanner should be in the skill range of every computer user. In the Mac world, it is. In the PC world, it isn't. It's as simple as that. And you can extrapolate that observation to nearly every other aspect of office computing we have today.
The Help Desk is a huge revenue drain that every PC user simply assumes is necessary, because it has evolved to be so. Today, Help Desks are self-perpetuating organizations, typically driven by contract companies with a clear incentive to make themselves seem indispensable. These folks (or at least, the companies they work for) are at the forefront of the anti-Mac coalition devoted to doing whatever it takes to keep Macs out of the enterprise.
And who is the company that hires the Help Desk to question what the "experts" say? After all, these are the guys who daily keep their computing environment running. Business managers simply aren't qualified to make decisions about their computing infrastructure, so they rely on outside contractors for recommendations. And guess what? Those are the same guys who regularly argue for expanding the Help Desk and who regularly explain why it would be a mistake to let employees start using Macs at the office. (For more on this subject, refer to the third section of my earlier article, Protecting Windows: How PC Malware Became A Way of Life. The third section is called "Change Resisters In Charge.")
In this case, the advocates for the Help Desk aren't deceiving themselves. Many of them fully understand that if Macs came in, many of their jobs would go away. But somehow, the business managers and computer users continue to spend most of their time struggling with simple tasks rather than actually getting work done, all because they're convinced they have no choice. And having to use Windows, the average user continues to perceive their PC as this unpredictable, inscrutable, frustrating device whose only virtue appears to be access to the Web and to iTunes.
I'll never forget my highly intelligent disk jockey friend who purchased a high-end PC with all the bells and whistles for recording and editing audio and video. Not only did it cost more than an iMac with the same basic capabilities, but it sat in his house for over a year before he had the nerve (and time) to figure out how to use it to do the things he bought it for.
I tried to explain to him that... But you know how it goes. Tell a PC user how simple something like recording and editing audio is on a Mac, and either their eyes glaze over or they start to look at you suspiciously. And that's if they're already a friend!
But I'm done with trying to persuade humans of anything. They'll either figure it out, or they won't. Unfortunately, another observation I've made isn't good news for any human figuring out that they're wrong about something:
Changes in human understanding, and the policy implied by that understanding, only occur through crisis.
This observation is directly related to the original premise, because if it's impossible ever to "prove" an idea or even a set of facts to another human or group of humans through cogent argument, how do you manage to change awareness of the virtue of alternative perspectives? I'm taking back to Mars the theory that such changes are only possible after a human undergoes some life-changing crisis, or after a community of humans does the same.
In a followup essay, I'll discuss several other current controversial topics that have quite obvious answers, yet which humans--quite often on both sides of the debate--keep viewing from obviously kooky perspectives.
Well, obvious to any Martian I know, anyway.
Another Windows Guru Falls For A Mac
Microsoft’s ‘Apple tax’ claims are ’stupid,’ counters analyst
Mac web share just shy of 10% in January
This impressive news is all over the web since it was released yesterday. It's accompanied by the news that Safari's share has been rising more than any other browser in recent months, climbing over 8% in January.
Microsoft Still Spreading Apple FUD on Prices
Anyone who thinks there is a "new" Microsoft, one that isn't primarily interested in cornering even more of its monopoly markets, should heed the bullcrap this Microsoft spokesperson dished out the day before MacWorld. A couple of quick points here...
- Microsoft Office is outrageously priced considering the paltry amount Microsoft spends in its production. If it didn't hold a monopoly of the office productivity market, the price would be down near where Apple's iWork suite now is... $49!
- Microsoft charges way more for its operating system than is warranted by costs. Again, it gets away with this because it holds a monopoly on business desktops. For the business edition of Vista, Amazon.com has a discounted price of $250 (regularly $300), whereas Mac OS X Leopard (which isn't crippled like the "home" versions of Vista) runs $110 for a single license or $145 for a 5-pack.
- Microsoft also gets away with charging outrageous amounts for developers to play in their party. To get the bare minimum necessary for developing with Microsoft's tools, you have to shell out $2,500. For Apple? Zero, zilch. And that's for the entire enchilada, including the iPhone dev tools.
Now, who's actually charging a tax here? Seems very obvious to me.
Computerworld: 68% of Businesses Say They’ll Add Macs in ‘09
Very interesting news! I hope it comes to pass. This is, as I've predicted, the only way businesses would start supporting the Mac: Their employees are starting to demand it.
Popular Mechanics Finds Macs “Trounce” PCs in Speed Tests
Popular Mechanics Speed Tests Show Macs Are Faster… Much Faster!
Although the results show only a slight nod to Mac OS X compared with Vista (which is surprising), the performance results are no less than astonishing. As Popular Mechanics says,
In our speed trials... Leopard OS trounced Vista in all-important tasks such as boot-up, shutdown and program-launch times. We even tested Vista on the Macs using Apple’s platform-switching Boot Camp software—and found that both Apple computers ran Vista faster than our PCs did.
One really interesting fact here is that the test iMac had only 1GB of RAM, whereas the PC had 3GB. The iMac did have a 2.4Ghz processor, compared with 2.0Ghz for the PC, but the difference in performance is still impressive considering the huge difference in RAM. Just proves what a RAM hog Vista is. Yet, Vista still ran faster on the iMac with 1/3 the RAM... like I said, impressive!
Oh, and it's also worth noting that despite very similar specs, the iMac is $300 less than the Gateway.
InfoWorld Article Dispels Many Enterprise Mac Myths
My only quibble is the author's assertion that enteprise reliance on Microsoft Office means unequal time for Macs. He points out that OpenOffice is a viable alternative but makes no mention of Apple's own terrific iWork suite, which is quite compatible with the basic aspects of Microsoft Office. Likewise, he fails to acknowledge Apple's effective collaboration suite in the form of iCal, Mail, iChat, and Address Book. Perhaps it's because those aren't cross-platform. However, even if that's the case, since they are able to interoperate with Office, they should be considered by businesses seeking to support their growing numbers of Mac users.
Mac vs. PC cost analysis: How does it all add up?
The only flaw with his analysis is that he views computers as being primarily hardware. I have long begged to differ on that point. Computers are mostly software, and it's the software that counts. From that perspective, I think it's still very obvious that Macs get you much more bang for your buck out of the box than PC's do. You may never have to buy another software title again once you break out your Mac. Whereas your PC will have you running to the software store again and again in search for decent software... One of these days, I do intend to update the analysis I published in March 2005 on the same subject. I'm very curious to see what those numbers look like now.
Dell Customers Demand XP Over Vista
Slashdot: Microsoft Accused of Bait-and-Switch in Vista Marketing
Slashdot | Microsoft Sued Over Vista Marketing
I wondered if someone would get angry at Microsoft over this. I’m still waiting for the FTC to sock it to Dell some time over the same sort of issue. These guys are absolute crooks, swindling home and business buyers alike with their fraudulent sales tactics. Don’t we have laws against selling snake oil and claiming it’s medicine, or love potion? To those of us watching from Mars, it’s amazing that they get away with so much. With Windows Vista, Microsoft divided the one product line into four “editions”, not counting the “Enterprise” edition and a special “Starter” edition for third world countries. (WTF?) Each comes in a different color box (Woah!) and are named “Home Basic,” “Home Premium,” “Business,” and “Ultimate.” No word on whether “Ultimate” is for Home or Business use, and the matrix doesn’t include the Enterprise edition, so I wonder if it’s the same as “Ultimate”? Who knows? Who cares?
Well, actually, a lot of consumers care once they realize they forgot to read the Vista footnotes on that new computer they just bought. The computer says it’s “Vista Ready,” but that’s only if you think an operating system that looks and talks like Windows XP but has a Vista label is really Windows Vista. The low end of the OEM market—all those cheap computers that some tech writers claim are evidence that Windows PCs are cheaper than Macs—is dominated by machines that only run “Home Basic,” which, as the footnotes so clearly state, does not support Windows Aero and Windows Flip 3D navigation, the Mac OS X copycat eye-candy that’s one of the main distinguishing features of the product. Oh, you also don’t get the new Windows DVD Maker, HD support for Windows Movie Maker, or the cool new Windows games (Chess Titans and Mahjong Titans). But that’s not all! You also don’t get Windows Media Center software, backup and restore tools, fax and scan tools, scheduled backup, and so on.
Did I mention that all of these features are standard parts of Mac OS X in the one non-server edition of that product? And that Mac users can run Mac OS X 10.4 on the same hardware they’ve been using for years? The only thing you might absolutely have to upgrade is your video card and RAM. It’s ridiculous that Microsoft is trying to establish a new class system based on which version of Windows you can afford. Geez. When will they learn?
What is it Puck says to Oberon at the end of Shakespeare’s A Midsummer Night’s Dream?
Lord, what fools these mortals be!
Computerworld Writer Thinks Microsoft Should Fear Apple
Mac Market Share Well Over 6 Percent In New Measures
AppleInsider: Vista dawns, world yawns
Living With A Windows PC: If It’s Not Malware, It’s Crapware!
InformationWeek Review Finds Mac OS X Still Way Ahead of Windows Vista
Inspiring Tale of a Microsoft Guy Who Switched to Mac
Selling Vista: Computerworld Makes This OS X Copy Sound Like Microsoft’s Idea
Windows Expert Calls His Transition To Mac OS X “Superb”
Microsoft’s Windows Chief Allchin “Would Buy a Mac”
ZDNet Blogger Finds Apple Pro Laptop Cheaper Than Dell
With a 30% Annual Gain, Mac Market Share Shoots Up To 6%
InfoWorld’s Editor Backs Yager’s Estimate of Apple’s Enterprise-worthiness
Macs Are Inherently Safer for Data Storage
And Another Thing The Mac Can Do That Windows Can’t: Remember Your !*?\&^!*% PaS$w0rdZ!
4. Easily Manage Your Hundreds of Passwords
I didn’t intend to write this article today… In fact, I’m right in the middle of three others that I want to finish. However, it just leaped at me from the front page of today’s Washington Post Business page, and I couldn’t resist. In an article called Access Denied, the writer bemoans the many passwords and PINs and such that the modern, web-connected human must juggle in daily life. People today have so many passwords to remember, they simply can’t, and this undermines the very security the passwords are set up to ensure, since companies will typically allow a shortcut to someone who claims to have forgotten a password—for a bank account, for example.
The Post article requires a registration, but even if it didn’t, it’s worth quoting a few paragraphs from it before proceeding:
Between work and personal e-mail, multiple banking and retirement accounts, two association memberships, photo sites, Web communities, and retailers like Amazon.com and eBay.com, C. David Gammel maintains 130 online accounts, each requiring a user name and password.
Gammel tracks his sundry log-in information in a file on his computer, but on at least two occasions he’s confused or mistyped his password, and been locked out of his SunTrust bank accounts, forcing him to call the bank or look for an open branch to regain access.
“It’s frustrating — if understandable,” said Gammel, a consultant in Silver Spring. He has also been denied access on a news site when he couldn’t remember his log-in information, he said. “I bail on them if I’m having a difficult time,” he said.
Password peeves come as a cost of doing business online using multiple computer applications. A typical professional relies on a dozen or more programs or Web sites to manage his life at home and work, and many of those require user authentication for access.
But the increased reliance on technology and the commensurate accumulation of passwords has reintroduced human fallibility into the security equation. Consumers’ memories are straining under the pressure of remembering so many passwords. And when they fail to, companies increasingly are having to rely on the judgments of their employees to decide how to field calls from forgetful customers.
The average number of passwords used at work is between six and 12, and is increasing at about 20 percent a year, according to RSA Security Inc., a software and security consulting firm. To make matters more complex, Web sites and workplaces often ask users to change passwords at regular intervals, or require a mix of lower-case and capitalized letters, numbers, and special characters such as “#” or “$” — a practice that makes it harder for a hacker to guess at a person’s password.
But the abundance of frequently changing passwords — and the confusing jumble of permutations and combinations most computer users create — are not only inconvenient, they often undermine the very security goal they were meant to achieve.
At two-thirds of companies, workers kept passwords by writing them on a piece of paper kept in the office, according a study released last week by RSA. Another 59 percent stowed them in files on their computer, and 40 percent wrote them on sticky notes pasted around their computer monitor, allowing any passerby to see.
My first thought was, “Hmmm… These guys obviously use Windows. Probably never heard that life is not this way on a modern Mac.” Now, before you Windows bigots get your backs up and start thinking to yourself, “Oh, right. This guy is biased, always proselytizing for the cult of Mac, acting smug and superior”, just consider the possibility that Apple has figured this one out better than Microsoft, and that a reasonable solution actually does exist to ease the password burden.
My wife is always amazed when I whip out Keychain Access and look up a password to some long-forgotten website where I’d shopped once upon a time. Or if I forget my login to Wachovia, I just do a quick search in Keychain Access for the password. Again, in the interests of time, I’m going to skip a third-party description of what a Keychain is, and give it to you straight from the horse’s mouth (in this case, from Apple’s “Help” documentation on Keychain Access):
About keychains
You can use keychains to reduce the number of passwords you have to keep track of. A keychain can store all your passwords for applications, servers, and websites; cryptographic keys and X509 certificates; or even sensitive information unrelated to your computer, such as credit card numbers or personal identification numbers (PINs) for bank accounts.
When you connect to a network server, open an email account, or access any password-protected item that is keychain-aware, your keychain can provide the password so you don’t have to type it.
You start with a single keychain, which is created automatically the first time you log in to your Mac OS X user account. Your default keychain has the same password as your login password. This keychain is unlocked automatically when you log in to Mac OS X and is referred to in Keychain Access menus as the “login” keychain.
You can create different keychains to store passwords for different purposes (for example, one for work and one for online shopping) or make a copy of a keychain so you can take it with you to other computers.
Keychains can be accessible to just a single user or shared with the other users of the computer.
Now, I’ve done some research on this topic, folks, and as far as I can determine, Windows has no concept analogous to Apple’s Keychain. If someone knows otherwise, please enlighten me. You can write your own blog about how the Washington Post writer was being ignorant and not using his computer to his best advantage.
As that writer points out, you can buy third-party Windows software and services that attempt to do what Keychains do, but there are several pretty important ways that this solution is inferior to Apple’s:
- They cost money.
- They require learning yet another password.
- If you forget that other password, you’re f**ked.
- If you use one of the web-based services, your passwords are floating out there in someone else’s data server, vulnerable to breakins. Especially if they’re being stored on a, god-forbid, Windows server.
- They require setup.
- They might break if basic Windows APIs for password or security change in the future.
- They rely on companies that might go out of business, possibly taking all of your passwords with them.
Apple’s Keychain technology has gotten much better as Mac OS X has matured. In the first round or two—up until Jaguar (10.2)—it seemed to me that Keychains were vulnerable to getting mixed up. Not in a security-problem way, but just that you couldn’t always rely on Keychain Access to find a lost password. However, that was years ago now, and Keychain today is a marvel of efficiency and ingenuity. It’s saved me dozens of times from having to get a new password—which usually means having to change the password again—or, worse yet, having to call up a company, sit on hold forever, and convince the bored answering-service attendee to give me a new password.
As the Post article points out, this is a frequent possibility given the number of times we have to log in to websites and applications nowadays. Keychains and Keychain Access are simply wonderful tools that Mac users have at their disposal to ease one of the burdens of modern life.
I’ll leave it to the curious reader to discover an in-depth discussion of how Keychains work in a Mac user’s daily life. Very briefly, most Mac programs that set passwords give the user the option of storing that password in their Keychain. Safari and other WebKit-based web browsers have a preference setting that lets users store their login information to websites in their Keychain. One of the reasons I don’t use Firefox regularly is that it doesn’t have this option. I just really like having all my passwords consolidated in an easy-to-search, secure archive. Not only that, Safari can be configured to automatically fill in usernames and passwords for any items you’ve stored in the Keychain… something Firefox, unfortunately, just can’t do. (Note: Safari won’t do this for passwords stored on secured websites, but you can still look the password up in your Keychain if you don’t remember it.)
When I forget a password, I launch Keychain Access, which is a surprisingly sophisticated application that I use in a very simple way. Namely, I enter a search term in the search field, which invokes a live search on the Keychain database and displays matching results below. Each result shows the username associated with the website or application, so it’s easy to find which Key I’m looking for. Double-clicking on the Key brings up a dialog panel that gives me some management capability on the particular key. I’m sure this is cool and significant, but I go straight for the “Show password” checkbox.
If I’m trying to access a password in a Keychain other than the one I logged into the Mac with, clicking on the “Show password” checkbox will require that I authenticate to see the password. If I don’t have rights on that Keychain, I’m blocked. But normally, the Key I’m looking for is one associated with my own user account, so when I click on the checkbox, my password displays in the little text field there.
That’s all there is to it.
Actually, I hardly ever see the Keychain Access interface in the screenshots I just showed you, lovely though they may be. That’s because I’m a Quicksilver user. Quicksilver can do just about anything, you know… including quickly looking up lost passwords. Just a couple of keystrokes here, a couple of flicks of the arrow key, and voila! Here’s a short movie to show you what I mean:
Miraculous? Hardly. Obvious? Definitely. Convenient? LOL
A reason to switch from Windows? Nah. I wouldn’t call Keychains a Windows killer, unless they happened to be your last straw.
I’m keeping this short because I’ve learned from previous writeups that the old adage, “You can lead a horse to water, but you can’t make him drink”, is definitely true for stubborn Windows devotees. They will always think of some reason why this or that feature of Mac OS X is unimportant to them, and why they should continue acting as if Macs don’t really exist. This article is not intended to benefit those guys (and gals). It’s simply intended to point out that password management doesn’t have to suck.
If you were looking for a last straw to consider ditching Microsoft Windows, Keychains just might be it. In any case, they’re definitely another small thing Macs can do that Windows PCs can’t.
AnandTech Posts Thorough (and Positive) Review of Apple’s Mac Pro
System Shootouts Confirms Mac Pros Much Less Expensive Than Dell
Macworld Confirms Mac Pro Is Way Less Expensive Than Comparable Dell
- Apple (+): 16GB RAM, Dell (-): 8GB
- Dell (+): Faster Superdrive
- Dell (+): Nvidia Quadro FX 3450 is faster than Apple's, both have 256MB VRAM, both 1 dual-link, 1 single
- Apple (+): Four configurable PCI Express slots to Dells three non-configurable slots.
- Apple (+): Four Firewire inputs, 2 800MB, 2 400MB to Dell's 2 400MB inputs.
- Dell (+): Eight USB ports to Apple's 6.
- Apple (+): Optical Toslink Audio In and Audio Out, Dell has no optical ports.
- Dell (+): Various ports for legacy PC hardware (PS/2, Parallel, Serial)
- Dell (+): Dell 19" Ultrasharp 1970FP display (a $250 value bundled for free); Apple has no "free" display
- Apple (+): Software!! The usual great Mac bundle, versus nothing on the Dell. Great job, Macworld! Thanks for documenting this so carefully.
Phil Schiller: “We’re Going To Beat Out And Bust” the Expensive Mac Myth
CNET Blog: Macs are cheaper than PCs? Yes!
TransGaming’s Cider: Will This Make “Macs Have No Games” A Thing of the Past?
Apple MacBook Continues Getting Praise from PC Reviewers
PC Advisor: Apple MacBook hardware review
And one reason the Mac market share continues upward is that Apple keeps coming out with stand-out products like the new MacBook. Folks from the PC world just can’t seem to believe it’s as good as it is for as little money as Apple wants for it. And they love the fact that you can run Boot Camp on it. Actually, reviewers from the Mac world are quite pleased with the MacBooks, too.
Protecting Windows: How PC Malware Became A Way of Life
Article Summary
This is a very long article that covers several different, but related, topics. If you are interested, but don’t have time to read the entire article, here’s a summary of the main themes, with links to the sections of text that cover them:
- Required Security Awareness Classes Reinforce Windows Monopoly in Federal Agencies.
For the third straight year, I’ve been forced to take online “security awareness” training at my Federal agency that includes modules entirely irrelevant–and in fact, quite insulting–to Macintosh users (myself included). The online training requires the use of Internet Explorer, which doesn’t even exist for Mac OS X and in fact is the weakest possible browser to use from a security perspective. It also reinforces the myth that computer viruses, adware, and malicious email attachments are a problem for all users, when in fact they only are a concern to users of Microsoft Windows. In presenting best practices for improved security, the training says absolutely nothing about the inherent security advantages of switching to Mac OS X or Linux, even though this is an increasingly well known and non-controversial solution. This part of the article describes the online training class and the false assumptions behind it in detail. - IT Managers Are Spreading and Sustaining Myths About the Cause of the Malware Plague.
These myths serve to protect the status quo and their own jobs at the expense of users and corporate IT dollars. None of the following “well known” facts are true, and once you realize that malware is not inevitable–at the intensity Windows users have come to expect–you realize there actually are options that can attack the root cause of the problem.- Windows is the primary target of malware because it’s on 95% of the world’s desktops,
- Malware has worsened because there are so many more hackers now thanks to the Internet, and
- All the hackers attack Windows because it’s the biggest target.
This section of the article describes the history of the malware plague and its actual root causes.
- U.S. IT Management Practices Aren’t Designed for Today’s Fast-Moving Technology Environment.
This part of the article discusses why IT management failed to respond effectively to the disruptive plague of malware in this century, and then presents a long list of proposed “Best Practices” for today’s Information Technology organizations. The primary theme is that IT shops cover roughly two kinds of activity: (1) Operations, and (2) Development. Most IT shops are dominated by Operations managers, whose impulse is to preserve the status quo rather than investigate new technologies and alternatives to current practice. A major thrust of my proposed best practices is that the influence of operations managers in the strategic thinking of IT management needs to be minimized and carefully monitored. More emphasis needs to be accorded to the Development thinkers in the organization, who are likely to be more attuned to important new trends in IT and less resistant to and fearful of change, which is the essence of 21st century technology.
Ah, computer security training. Don’t you just love it? Doesn’t it make you feel secure to know that your alert IT department is on patrol against the evil malware that slinks in and takes the network down every now and then, giving you a free afternoon off? Look at all the resources those wise caretakers have activated to keep you safe!
- Virulent antivirus software, which wakes up and takes over your PC several times a day (always, it seems, just at the moment when you actually needed to type something important).
- Very expensive, enterprise-class desktop-management software that happily recommends to management when you need more RAM, when you’ve downloaded peer-to-peer software contrary to company rules, and when you replaced the antivirus software the company provides with a brand that’s a little easier on your CPU.
- Silent, deadly, expensive, and nosy mail server software that reads your mail and removes files with suspicious-looking extensions, or with suspicious-looking subject lines like “I Love You“, while letting creepy-looking email with subject lines like “You didnt answer deniable antecedent” or “in beef gunk” get through.
- Expensive new security personnel, who get to hire even more expensive security contractors, who go on intrusion-detection rampages once or twice a year, spend lots of money, gum up the network, and make recommendations for the company to spend even more money on security the next year.
- Field trips to Redmond, Washington, to hear what Microsoft has to say for itself, returning with expensive new licenses for Groove and SharePoint Portal Server (why both? why either?), and other security-related software.
- New daily meetings that let everyone involved in protecting the network sit and wring their hands while listening to news about the latest computing vulnerabilities that have been discovered.
- And let’s not forget security training! My favorite! By all means, we need to educate the staff on the proper “code of conduct” for handling company information technology gear. Later in the article, I’ll tell you all about the interesting things I learned this year, which earned me an anonymous certificate for passing a new security test. Yay!
In fact, this article started out as a simple expose on the somewhat insulting online training I just took. But one thought led to another, and soon I was ruminating on the Information Technology organization as a whole, and about the effectiveness and rationality of its response to the troublesome invasion of micro-cyberorganisms of the last 6 or 7 years.
Protecting the network
Who makes decisions about computer security for your organization? Chances are, it’s the same guys who set up your network and desktop computer to begin with. When the plague of computer viruses, worms, and other malware began in earnest, the first instinct of these security Tzars was understandable: Protect!
Protect the investment…
Protect the users…
Protect the network!
And the plague itself, which still ravages our computer systems… was this an event that our wise IT leaders had foreseen? Had they been warning employees about the danger of email, the sanctity of passwords, and the evil of internet downloads prior to the first big virus that struck? If your company’s IT staff is anything like mine, I seriously doubt it. Like everyone else, the IT folks in charge of our computing systems at the office only started paying attention after a high-profile disaster or two. Prior to that, it was business as usual for the IT operations types: “Ignore it until you can’t do so anymore.” A vulgar translation of this “code of conduct” is often used instead: “If it ain’t broke, don’t fix it.”
Unfortunately, the IT Powers-That-Be never moved beyond their initial defensive response. They never actually tried to investigate and treat the underlying cause of the plague. No, after they had finished setting up a shield around the perimeter, investing in enterprise antivirus and spam software, and other easy measures, it’s doubtful that your IT department ever stepped back to ask one simple question: How much of the plague has to do with our reliance on Microsoft Windows? Would we be better off by switching to another platform?
It’s doubtful that the question ever crossed their minds, but even if someone did raise it, someone else was ready with an easy put-down or three:
- It’s only because Windows is on 95% of the world’s desktops.
- It’s only because there are so many more hackers now.
- And all the hackers attack Windows because it’s the biggest target.
At about this time in the Computer Virus Wars, the rallying cry of the typical IT shop transitioned from “Protect the network… users… etc.” to simply:
Protect Windows!
Windows security myths
The “facts” about the root causes of the Virus Wars have been repeated so often in every forum where computer security is discussed—from the evening news to talk shows to internal memos and water-cooler chat—that most people quickly learned to simply shut the question out of their minds. There are so many things humans worry about in 2006, and so many things we wonder about, that the more answers we can actually find, the better. People nowadays cling to firm answers like lifelines, because there’s nothing worse than an unsolved mystery that could have a negative impact on you or your loved ones.
Only problem is, the computer security answers IT gave you are wrong. The rise of computer viruses, email worms, adware, spyware, and indeed the whole category now known as “malware” simply could not have happened without the Microsoft Windows monopoly of both PC’s and web browsing and the way the product’s corporate owners responded to the threat. In fact, the rise of the myth helped prolong the outbreak, and perhaps just made it worse, since it took Microsoft off the hook of responsibility… thus conveniently keeping the company’s consideration of the potentially expensive solutions at a very low priority.
Even though the IT managers who actually get to make decisions didn’t see this coming, it’s been several years now since some smart, brave (in at least one case, a job was lost) people raised a red flag about the vulnerability of our Microsoft “monoculture” to attack. They warned us that reliance on Microsoft Windows, and the impulse to consolidate an entire organization onto one company’s operating system, was a recipe for disaster. Because no one actually raised this warning beforehand, the folks in the mid-to-late 1990’s who were busily wiping out all competing desktops in their native habitat can perhaps be forgiven for doing so. However, IT leaders today who still don’t recognize the danger—and in fact actively resist or ignore the suggestion by others in their organization to change that policy—are being recklessly negligent with their organization’s IT infrastructure. It’s now generally accepted by knowledgeable, objective security experts that the Microsoft Windows “monoculture” is a key component that let the virus outbreak get so bad and stay around for so long. They strongly encourage organizations to loosen the reins on their “Windows only” desktop policy and allow a healthy “heteroculture” to thrive in their organization’s computer desktop environment.
Full disclosure: I was one of the folks who warned their IT organization about the Windows security problem and urged a change of course several years ago. From a white paper delivered to my CIO in November 2002, this was one of my arguments for allowing Mac OS X into my organization as a supported platform:
Promoting a heterogeneous computing environment is in NNN’s best interest from a security perspective. Mactinoshes continue to be far more resistant to computer viruses than Windows systems. The latest studies show that this is not just a matter of Windows being the dominant desktop operating system, but rather it relates to basic security flaws in Windows.
About a year later, when Cyberinsecurity was released, I provided a copy to my company’s Security Officer. But sadly, both efforts fell on deaf ears, and continue to do so.
1999: The plague begins
The first significant computer virus—probably the first one you and I noticed—was actually a worm. The “Melissa Worm” was introduced in March 1999 and quickly clogged Usenet newsgroups, shutting down a significant number of servers. Melissa spread as a worm in Microsoft Word documents. (Note: Wikipedia now maintains a Timeline of Notable Viruses and Worms from the 1980’s to the present.)
Now, as it so happens, 1999 was also the year when it became clear that Microsoft would win the browser war. In 1998, Internet Explorer had only 35% of the market, still a distant second to Netscape, with about 60%. Yet in 1999, Microsoft’s various illegal actions to extend its desktop monopoly to the browser produced a complete reversal: When history finished counting the year, IE had 65% of the market, and Netscape only 30%. IE’s share rose to over 80% the following year. This development is highly significant to the history of the virus/worm outbreak, yet how many of you have an IT department enlightened enough to help you switch from IE back to Firefox (Netscape’s great grandchild)? The browser war extended the growing desktop-OS monoculture to the web browser, which was the window through which a large chunk of malware was to enter the personal computer.
You see, by 1994, a year or so before the World Wide Web became widely known through the Mosaic and Netscape browsers, Microsoft had already achieved dominance of the desktop computer market, having a market share of more than 90%. A year later, Windows 95 nailed the lid on the coffin of its only significant competitor, Apple’s Macintosh operating system, which in that year had only about 9% of corporate desktops. Netscape was the only remaining threat to a true computing monoculture, since as the company had recognized, the web browser was going to become the operating system of the future.
Microsoft’s hardball tactics in beating back Netscape led directly to the insecure computer desktops of the 2000 decade by ensuring that viruses written in “Windows DNA” would be easy to disseminate through Internet Explorer’s Active/X layer. Active/X basically let Microsoft’s legions of Visual Basic semi-developers write garbage programs that could run inside IE, and it became a simple matter to write garbage programs as Trojan Horses to infect a Windows PC. Active/X was a heckuva lot easier to write to than Netscape’s cross-platform plug-in API, which gave IE a huge advantage as developers sought to include Windows OS and MS Office functionality directly in the web browser.
A similar strategy was taking place on the server side of the web, as Microsoft’s web server, Internet Information Server (IIS), had similarly magical tie-in’s to everybody’s favorite desktop OS. Fortunately for the business world, the guys in IT who had the job of managing servers were always a little bit brighter than the ones who managed desktops. They understood the virtues of Unix systems, especially in the realm of security. IT managers weren’t willing to fight for Windows at the server end of the business once IIS was revealed to have so many security holes. As a result, Windows, and IIS, never achieved the dominance of the server market that Microsoft hoped for, although you can be sure that the company hasn’t given up on that quest.
The other major avenue for viruses and worms has been Microsoft Office. As noted, Melissa attacked Microsoft Word documents, but this was a fairly unsophisticated tactic compared with the opportunity presented by Microsoft’s email program, Outlook. Companies with Microsoft Exchange servers in the background and Outlook mail clients up front, which by the late 1990’s had become the dominant culture for email in corporate America, presented irresistable targets for hackers.
Through the web browser, the email program, the word processor, and the web server, the opportunities for cybermischief simply multiplied. Heck, you didn’t even have to be a particularly good programmer to take advantage of all the security holes Microsoft offered, which numbered at least as many as would be needed to fill the Albert Hall (I’m still not sure how many that is).
So… the answer to the question of why viruses and worms disproportionately took down Windows servers, networks, and desktops starting in 1999 isn’t that Microsoft was the biggest target… It was because Microsoft Windows was the easiest target.
And the answer to why viruses and worms proliferated so rapidly in the 2000’s and with them the Windows-hacker hordes is simply that hacking Microsoft Windows became a rite of passage on your way to programmer immortality. Why try to attack the really difficult targets in the Unix world, which had already erected mature defenses by the time the Web arrived, when you could wreak havoc for a day or a week by letting your creation loose at another clueless Microsoft-Windows-dominated company? Once everyone was using both Windows and IE, spreading malware became child’s play. You could just put your code in a web page! IE would happily swallow the goodie, and once inside, the host was defenseless.
Which leads me to the next question whose answer has been obscured in myth: Exactly why was the host defenseless? That is, why couldn’t Windows fight off viruses and worms that it encountered? It doesn’t take a physician to know the answer to that one, folks. When you encounter an organism in nature that keeps getting sick when others don’t, it’s a pretty good bet that there’s something wrong with its immune system.
The trusting computer
It’s not commonly known or understood outside of the computer security field that Windows represents a kind of security model called “trusted computing.” Although you’d think this model would have been thoroughly discredited by our collective experience with it over the last decade, it’s a model that Microsoft and its allies still believe in… and still plan to include in their future products such as Windows Vista. Trusted computing has a meaning that’s shifted over the years, but as embodied by Microsoft Windows variants since the beginning of the species, it means that the operating system trusts the software that gets installed on it by default, rather than being suspicious of unknown software by default.
That description is admittedly a simplification, but this debate needs to be simplified so people can understand the difference between Windows and the competition (to the extent that Windows has competition, I’m talking about Mac OS X and Linux). The difference, which clearly explains why Windows is unable to defend itself from attack by viruses and worms, stems from the way Windows handles user accounts, compared with the way Unix-like systems, such as Linux and Mac OS X, handle them. Once you understand this, I think it will be obvious why the virus plague has so lopsidedly affected Windows systems, and it will dispel another of the myths that have been spread around to explain it.
Windows has always been a single-user system, and to do anything meaningful in configuring Windows, you had to be set up as an administrator for the system. If you’ve ever worked at a company that tried to prevent its users from being administrators of their desktop PC’s, you already know how impossible it is. You might as well ask employees to voluntarily replace their personal computer with a dumb terminal. [Update 8/7/06: I think some readers rolled their eyes at this characterization (I saw you!). You must be one of the folks stuck at a company that has more power over its employees than the ones I've worked for in the last 20-odd years. Lucky you! I don't have data on whose experience is more common, but naturally I suspect it's not yours. No matter... this is certainly true for home users ....] And home users are always administrators by default… besides, there’s nothing in the setup of a Windows PC at home that would clearly inform the owner that they had an alternative to setting up their user accounts. (Update 8/7/06: Note to Microsoft fans who take umbrage at this characterization of their favorite operating system: Here’s Microsoft’s own explanation of the User Accounts options in Windows XP Professional.)
The Unix difference: “Don’t trust anyone!”
On Unix systems, which have always been multiuser systems, the system permissions of a Windows administrator are virtually the same as those granted to the “superuser,” or “root” user. In the Unix world, ordinary users grow up living in awe of the person who has root access to the system, since it’s typically only one or two system administrators. Root users can do anything, just as a Windows administrator can.
But here’s the huge difference: A root user can give administrator access to other users, granting them privileges that let them do the things a Windows administrator normally needs to do—system administration, configuration, software installing and testing, etc—but without giving them all the keys to the kingdom. A Unix user with administrator access can’t overwrite most of the key files that hackers like to fool with—passwords, system-level files that maintain the OS, files that establish trusted relationships with other computers in the network, and so on.
Windows lacks this intermediate-level administrator account, as well as other finer-grained account types, primarily because Windows has always been designed as a single-user system. As a result, software that a Windows user installs is typically running with privileges equivalent to those of a Unix superuser, so it can do anything it wants on their system. A virus or worm that infects a Unix system, on the other hand, can only do damage to that user’s files and to the settings they have access to as a Unix administrator. It can’t touch the system files or the sensitive files that would help a virus replicate itself across the network.
This crucial difference is one of the main ways in which Mac OS X and Linux are inherently more secure than Windows is. On Mac OS X, the root user isn’t even activated by default. Therefore, there’s absolutely no chance that a hacker could log in as root: The root user exists only as a background-system entity until a Mac user deliberately instantiates her, and very few people ever do. I don’t think this is the case on Linux or other Unix OS’s, but it’s one of the things that makes Mac OS X one of the most secure operating systems available today.
There are many other mistakes Microsoft has made in designing its insecure operating system—things it could have learned from the Unix experience if it had wanted to. But this one is the doozy that all by itself puts to rest the notion that Microsoft Windows has been attacked more because people don’t like Microsoft, or because it’s the biggest target, or all the other excuses that have been promulgated.
The security awareness class
In response to the cybersecurity crisis, one of the steps our Nation’s IT cowards leaders have taken across the country is to purchase and customize computer security “training.” Such training is now mandatory in the Federal Government and is widely employed in the private sector. I have been forced to endure it for three years now, and I’ve had to pass a quiz at the end for the last two. As a Macintosh user, I naturally find the training offensive, because so much of it is irrelevant to me. It’s also offensive because it is the byproduct of decisions my organization’s IT management has made over the years that in my view are patently absurd. If the decisions had been mine, I would never have allowed my company to become completely dependent on the technological leadership of a single company, especially not one whose product was so difficult to maintain.
It’s a truism to me, and has been for several years now, that Windows computers should simply not be allowed to connect to the Internet. They are too hard to keep secure. Despite the millions that have been spent at my organization alone, does anybody actually believe that our Windows monoculture is free from worry about another worm- or virus-induced network meltdown? Of course not. And why not? Why, it’s because these same IT cowards leaders think such meltdowns are inevitable.
The inevitability of this century’s computer virus outbreaks is one of the implicit myths about their origin:
“Why switch to another operating system, since all operating systems are equally vulnerable? As soon as the alternative OS becomes dominant, viruses geared to that OS will simply return, and we’ll have to fight all over again in an unknown environment.”
My hope is that if you’ve been following my argument thus far, you now realize that this type of attitude is baseless, and simply an excuse to maintain the status quo.
Indeed, the same IT cowards leaders who actually believe this are feeding Microsoft propaganda about computer security to their frightened and techno-ignorant employees through “security awareness” courses such as this. Keep in mind that, as some of the notions point out, companies attempting to train their employees in computer security are doing so not only for their office PC, but for their home PC as well. The rise of telecommuting, another social upheaval caused by the Internet’s easy availability, means that the two are often the same nowadays. So the lessons American workers are learning are true only if they have Windows computers at home, and only if Windows computers are an inevitable and immutable technology in the corporate landscape, like desks and chairs.
Here are some of the things I learned from my organization’s “Computer Security Awareness” class:
- Always use Internet Explorer when browsing the web.
How many times must employees beg their companies to use Firefox, merely because it’s faster and has better features, before they will listen? In the meantime, to ensure that as many viruses and worms can enter the organization as possible, so that the expensive antivirus software we’ve purchased has something to do, IT management makes sure that as many people continue using IE as possible. I’m being facetious here. The reason they do this is that it’s what the training vendor told them to say, and today’s Federal IT managers always do as instructed by their contractors.While you can find data on the web to support the view that IE is at least as secure as Firefox, common sense should guide your decisionmaking here rather than the questionable advice of dueling experts. The presence of Active/X in IE, all by itself, should be enough to make anyone in charge of an organization’s security jump up and down to keep IE from being the default browser. And that’s not even usually listed as a vulnerability, because it’s no longer “new”. The “shootouts” that you read now and then pertain to new vulnerabilities that are found, and to the tally of vulnerabilities a given browser maker has “fixed”… not to inherent architectural vulnerabilities like Active/X and JScript (Microsoft’s proprietary extension to JavaScript).
- Use Windows computers at home.
The belief among IT management in recent years is that if we can get everyone to use the same desktop “image” at work and at home, we can control the configuration and everything will be better. Um, no. Mac users don’t have any fear of these strange Windows file types, and organizations that encourage users to switch to Mac OS X or to Linux, instead of discouraging such switching, immediately improve their security posture. For example, here’s some recent advice from a security expert at Sophos:
“It seems likely that Macs will continue to be the safer place for computer users for some time to come.”
And from a top expert at Symantec comes this recent news:
Simply put, at the time of writing this article, there are no file-infecting viruses that can infect Mac OS X… From the 30,000 foot viewpoint of the current security landscape, … Mac OS X security threats are almost completely lost in the shadows cast by the rocky security mountains of other platforms.
- All computers on the Internet can be infected within 30 minutes if not protected.
No… of all currently available operating systems, this is true only of Microsoft Windows. Mac OS X is an example of a Unix system that’s been designed to use the best security features of the Unix platform by default, and no user action or configuration is required to ensure this.
Here’s one of the URL’s (from the SANS Institute) that the course provided, which actually makes pretty clear that Windows systems are the most insecure computers you can give your employees today: Computer Survival History. - Spyware is a problem for all computers.
I imagine that spyware is the most crippling day-to-day aspect of using Windows. My son insisted on trying Virtual PC a couple of years ago, and on his own, his virtual Windows XP was completely unusable because of malware of various kinds within about 20 minutes. He was using Internet Explorer, of course, because that’s what he had on his computer. I installed Firefox for him, and his web surfing in Windows has been much smoother since then. He still has to run antivirus and antiadware software to keep the place “clean,” but needless to say, he has never asked to use IE again. This experience alone demonstrated what I had already read to be true: The web is not a safe place in the 21st century if you’re using Windows. This is one of the primary reasons I use Mac OS X: In all the 5 years I’ve used Mac OS X, I have never once encountered adware. And that has absolutely nothing to do with what websites I surf, or don’t surf, on the web. (And that’s all I’m going to say about it!) - Viruses are a threat to all home computers.
What I said previously about adware, ditto for computer viruses. To this day, there is not a single virus that has successfully infected a Mac OS X machine. (The one you heard about earlier this year was a worm, not a virus, and it only affected a handful of Macs, doing very little damage in any case.) As even Apple will warn you, that doesn’t mean it’s impossible and will never happen. However, it does mean that if Macs rise up and take over the world, amateur virus writers will all have to retire, and you’ll cut the supply line of new virus hackers to the bone. Without Windows to hack, it simply won’t be fun anymore. No quick kills. No instant wins. Creating a successful virus for Mac OS X will take years, not days. Human nature being what it is, I just know there aren’t many hackers who would have the patience for that.A huge side benefit for Mac users in not having to worry about viruses and worms is that you don’t have to run CPU-sucking antivirus software constantly. Scheduling it to run once a week wouldn’t be a bad idea, but you can do that when you’re sleeping and not have to suffer the annoying slowdowns that are a fact of PC users’ lives every time those antivirus hordes sally forth to fight the evil intruders. Or… you could disconnect your Windows PC from the Internet, and then you could turn that antivirus/antispyware thingy off for good.
- Malicious email attachments are a threat to all.
**Y A W N** Can we go home now?
Sometimes, I open evil Windows attachments just for the fun of it… to show that I can do so with impunity. Then I send them on to the Help Desk to study.:-) (Just kidding.)
Change resisters in charge
Other than Microsoft, why would anyone with a degree in computer science or otherwise holding the keys to a company’s IT resources want to promulgate such tales and ignore the truth behind the virus plague? That’s a simple one: They fear change.
To admit that Windows is fundamentally flawed and needs to be replaced or phased out in an organization is to face the gargantuan task of transitioning a company’s user base from one OS to another. In most companies, this has never been done, except to exorcise the stubborn Mac population. Although its operating system is to blame for the millions of dollars a company typically has had to spend in the name of IT security over the last 5 years, Microsoft represents a big security blanket for the IT managers and executives who must make that decision. Windows means the status quo… it means “business as usual”… it means understood support contracts and costs. All of these things are comforting to the typical IT exec, who would rather spend huge amounts of his organization’s money and endure sleepless nights worrying about the next virus outbreak than to seriously investigate the alternatives.
Managers like this, who have a vested interest in protecting Microsoft’s monopoly, are the main source of the Windows security myths, and it’s a very expensive National embarrassment. The IT organization is simply no place for people who resist change, because change is the very essence of IT. And yet, the very nature of IT operations management has ensured that change-resisters predominate.
Note that I said IT operations. As a subject for a future article, I would very much like to elaborate on my increasingly firm belief that IT management should never be handed to the IT segment that’s responsible for operations—for “keeping the trains running.” Operations is an activity that likes routines, well defined processes, and known components. People who like operations work have a fondness for standard procedures. They like to know exactly which steps to take in a given situation, and they prefer that those steps be written down and well-thumbed.
By contrast, the developer side of the IT organization is where new ideas originate, where change is welcomed, where innovation occurs. Both sides of the operation are needed, but all too often the purse strings and decisionmaking reside with the operations group, which is always going to resist the new ideas generated by the other guys. In this particular situation, solutions can only come from the developer mindset, and organizations need to learn how to let the developer’s voice be heard above the fearful, warning voices of Operations.
Custer’s last stand… again
So please, Mr. or Ms. CIO, no more silly security training that teaches me how to [try to] keep secure an operating system I don’t use, one that I don’t want to use, and one that I wish to hell my organization wouldn’t use. Please don’t waste any more precious IT resources spreading myths about computer security to my fellow staffers, all the while ignoring every piece of advice you receive on how to make fundamental improvements to our network and desktop security, just because the advice contradicts what you “already know.”
It really is true that switching from Windows to a Unix-based OS will make our computers and network more secure. I recommend switching to Mac OS X only because it’s got the best designed, most usable interface to the complex and powerful computing platform that lies beneath its attractive surface. Hopefully, Linux variants like Ubuntu will continue to thrive and provide Apple a run for its money. The world would be a much safer place if the cowards leaders who make decisions about our computing desktop would wake up, get their heads out of the sand, smell the roses, and see Microsoft Windows for what it is: The worst thing to happen to computing since… well, … since ever!
Before my recommendation is distorted beyond recognition, let me make clear that I don’t advocate ripping out all the Windows desktops in your company and replacing them with Macs. Although that’s an end-point that here, today seems like a worthy goal, it would be too disruptive to force users to switch, and you’d just end up with the kind of resentment that the Macintosh purges left behind as the 1990’s ended. Instead, I’ve always recommended a sane, transitional approach, such as this one from my November 2002 paper on the subject (note that names have been changed to protect the guilty):
Allow employees to choose a Macintosh for desktop computing at NNN. This option is particularly important for employees who come to NNN from an environment where Macintoshes are currently supported, as they typically are in academia. In an ideal environment, DITS would offer Macintoshes (I would recommend the flat-panel iMacs) as one of the options for desktop support at NNN. These users can perform all necessary functions for working at NNN without a Windows PC.
This approach simply opens the door to allow employees who want to use Macs to do so without feeling like pariah or second-class citizens.
As long ago as 2002, Mac OS X was able to navigate a Windows network with ease, and assuming your company already has a Citrix server in place, Mac users can access your legacy Windows client-server apps just as well as Windows clients can. This strategy will gradually lower security costs—and probably support costs as well—as the ratio of Windows PCs to Macs in your organization goes down, while lowering the risk of successful malware attacks. As a side benefit, I would expect this strategy to improve user satisfaction as well. Since the cost of Apple desktops today is roughly the same as big-brand PCs like Dell, the ongoing operational cost of buying new and replacement machines wouldn’t take a hit, as the IT mythmakers would have you believe. In fact, did you know that all new Apple computers come with built-in support for grid computing? Certainly! Flick a switch, and your organization can tap into all the Mac desktops you own to supplement the company’s gross computing power. What’s not to like? (My 2002 report didn’t cover grid computing — it was a new feature in Mac OS X 10.4 last year — but it did address all the issues, pros, and cons an organization would face in integrating Macs with PCs; however, it’s too large a subject to discuss further here.)
But how do you convince IT managers of this, when operating systems from Microsoft are the only kind they’ve ever known? I certainly had no luck with mine. Heck, I didn’t even gain an audience to discuss it, and my fellow mid-level IT managers were aghast that I had even broached the subject. After all, many of them were still smarting from the bruising—but successful—war against Mac users they had waged during 1994-96. The fact that in the meantime Apple had completely rewritten its operating system, abandoning the largely proprietary one it built for the original Macintosh and building a new, much more powerful one on top of the secure and open foundation of Unix made no difference to these folks whatsoever. It’s not that they disagreed with any of the points I was trying to make… they didn’t even want to hear the points in the first place!
A new approach for IT managers
For the most part, the managers who, like “hear no evil” chimps, muffled their ears back in 2002 were in charge of IT operations. To them, change itself is evil, and the thought of changing your decision of 5 years ago for any reason was simply unthinkable. And yet… consider how much the computer landscape changes in a single year nowadays, let alone in 5 years. Individuals with good technical skills for operations management but no tolerance for change should simply not be allowed to participate in decisions that require objective analysis of the alternatives to current practice. And at the pace of change in today’s technology market, inquiry into alternatives needs to become an embedded component of IT management.
For what it’s worth, here are a few principles from the Martian Code of Conduct for IT management:
- Make decisions, and make them quickly.
- Decisions should always consider your escape route in case you make a bad choice
- Escape routes should enable quick recovery with as little disruption to users as possible
- Open source options should always be considered along with commercial ones.
- COTS doesn’t stand for “Choose Only The Software” Microsoft makes.
- Sometimes it’s better to build than to buy. Sometimes it’s better to buy than to build. A wise IT manager knows the difference.
- Reevaluate your decisions every year, to determine if improvements can be made.
- Don’t cling to past decisions just because they were yours.
- Never lock yourself in to one vendor’s solution. Always have an escape route. (Wait… I said that already, didn’t I?)
- Know thy enemy. Or at least know thy vendor’s enemy.
- Be prepared to throw out facts you’ve learned if new information proves them wrong.
- IT is a service function, not a police function. Remember that the purpose of the IT group is to skillfully deploy the power of information technology to improve productivity, communictions, and information management at your organization.
- Never let contractors make strategic IT decisions for your company.
- Never take the recommendation of a contractor who stands to gain if you do. (In other fields, this is called “conflict of interest.” In some IT shops I know, it’s called “standard practice.”)
- Don’t be afraid to consider new products and services. When you reject a technology or tool a customer inquires about, be sure you understand why, and be prepared to explain the pros and cons of that particular technology or tool in language the customer will understand.
- Make sure your IT organization has components to manage the following two primary activities on an ongoing basis, each of which has its requirements at the table when you compile budget requests for a given year:
- Application developers capable of handling a multitude of RAD tasks. This group should maintain an up-to-date laboratory where new technology and tools can be evaluated quickly.
- Operations group with subcomponents for dealing with networking, telecommunications, desktop management, security, data, and application/server maintenance.
- Always obtain independent estimates of whatever resource requirements the operations group tells you are needed to make significant changes in technology platforms at your organization, because an operations manager will always exaggerate the true costs.
- The success of your organization is measured not by the size of the desktop support group’s Help Desk, but rather by continued progress in reducing the number of requests and complaints that are referred to the Help Desk. A rise in Help Desk requests over time is a symptom that something is probably wrong—not a signal to ask for a larger Help Desk budget.
- Similarly, the percentage of a company’s budget that gets devoted to IT should become smaller over time if the IT group is successfully discharging its mission. Calls for larger IT budgets should be viewed skeptically by the COO, since it often symptomizes an IT group that is unable or unwilling to find better alternatives to current practice.
From the perspective of an IT manager who has never worked with anything but Windows desktops, the prospect of having to welcome Macintosh or Linux systems into your Windows-only network must be a frightening one indeed. If you know absolutely nothing about Mac OS X and your only experience with a Mac was a brief hour or two with OS 7 a decade ago, your brain will very likely shut down at such a thought, and your hands will plant themselves on your ears if a colleague begins speaking in that direction. This is entirely understandable, and it’s equally understandable that the vast majority of your existing Windows users will want to remain on the only computing platform they’ve ever known.
But don’t you see that this fear doesn’t mean a decision to support Mac OS X in your organization is wrong! Such fears should certainly be considered in a transition plan, but they shouldn’t be considered as a reason to oppose development of a transition plan. Fears like these, and the sometimes irrational attitudes they bring to bear in technology decisionmaking, is why we desperately need new blood in the Nation’s IT departments, and why applicants to the job whose only (or only recent) training has been in MCSE shops should be filtered out from the get-go. You often hear Macintosh users “accused” of being cultish, but from my perspective, steadfast Microsoft Windows partisans are much more likely to meet the following definition of “cultish” than the Mac users I’ve known:
A misplaced or excessive admiration for a particular person or thing.
By fostering the myths about malware threats, the cult of Microsoft has already poisoned the computing experience for millions of people and wasted billions of dollars trying to shore up the bad past decisions of its Microsoft-trained hordes.
It’s time to give some new ideas a shot. It’s time to begin a migration off of the Microsoft Windows platform in U.S. corporate and government offices. Only once we dismantle the Microsoft computing monoculture will we begin to beat back the malware plague. Until then, IT security will simply spin its wheels, implement security policies that punish the whole software development life cycle because of Microsoft’s sins, and require Mac OS X users to take online security training that simply teaches all the things we have to fear from using Windows computers.
Addendum: A few articles for further reading:
Colophon
This article is the first time I’ve used a new, very useful JavaScript called Image Caption from the Arc90 lab site. Image Caption makes it easy to include text captions with the graphics you publish to illustrate your text. It includes a small JavaScript file and some sample CSS code. To implement, you simply add a class attribute to the images you want to caption, add the caption text as a “title” attribute, and include the script in the head of your HTML code.
I also had fun using the terrific JavaScript called simply Reflection.js. It’s recently shed about 30kb of file size and is down to only about 5kb, works great alongside Prototype/Script.aculo.us, and is childishly simple to execute. Besides adding a link to the JavaScript file, you add a class attribute to the images you want to reflect. For each reflection, you can tweak the reflection height and its opacity by adding specific measures in two additional class attributes. Unlike other reflection scripts I’ve tried, this one automatically reflows the text once the reflected image is added to the layout.