Security issues are in the news recently with the Windows Metafile vulnerability. The point of this post is not to second-guess Microsoft’s handling of this vulnerability. For this discussion I’m happy to assume that Microsoft is taking exactly the correct actions on exactly the correct schedule. And beyond that, security is much more of a process than a one-time result. It’s not possible to be perfect. All of us, including Mozilla Firefox, must deal with security issues. Instead, I want to note that this vulnerability points out a key issue with the Internet that has little to do with Microsoft’s handling of this — or any other — specific vulnerability.
The current monoculture of operating systems is dangerous. The degree to which people rely on Windows and have few viable options in times of need is dangerous for the Internet and dangerous for life on the Web. This dominance is also dangerous for the business models of Microsoft’s competitors of course, and unfortunately much of the analysis often stops at this business level. But far more important is the danger to a vital piece of our infrastructure — the health of the Internet itself.
Take the current setting as an example. The WMF vulnerability exists in the Windows operating system, the experts report it’s being exploited by a range of websites, visiting one of these websites is about all that’s required to be affected, there’s no official fix and news reports differ on the likely effectiveness of antivirus software.
So what is a person to do? Buy and install more antivirus and security software? Stop using the web until a patch is released? Try to determine which are “safe” sites to visit? The current answer seems to be angst, resignation and a sense of fear about the dangers of the Internet. This is bad for all of us.
A better answer is to have greater flexibility in operating systems and applications. One way to get flexibility is through diversity and competition, which gives people an effective choice about what option best meets their needs. Today one can use an Apple computer with a non-Windows operating system (as I do) and avoid many of these problems. But Apple isn’t the perfect answer, being a closed-source, single-vendor, more expensive alternative. And just about everyone seems to agree that the Linux desktop is not yet ready for most people. So the alternatives are slim, and most people appear to be stuck.
Another source of flexibility can be found in the competition of ideas that go into a shared resource, a process at the heart of great open source software projects. But one way or another, a healthy system needs the flexibility to adapt. And the people in the system need some way to demonstrate what matters to them.
These goals of flexibility, adaptation and choice drive the Mozilla project. This is one reason Mozilla Firefox has always been a “cross-platform” application. By “cross-platform” we mean that the same codebase can be used on many operating systems. We make sure Firefox runs well on a variety of Windows, Mac, and Linux operating systems. Other contributors make Firefox work on yet more operating systems.
We do this because it allows people a choice of operating systems. It allows that choice now, and it provides a key element in promoting effective choice in operating systems. It is much harder to change operating systems, or to move between operating systems, if the applications people use are different as well. Firefox removes this burden. Use Firefox on Windows today. Use a Linux machine tomorrow for some specific task — Firefox will be the same. Switch back to Windows for your main work, use a relative’s Macintosh when you visit them — Firefox will be the same.
Building a great cross platform application is not easy. It is extra work. t requires massive expertise and testing, and it requires grappling with the differences between operating systems so that the user doesn’t have it. In some cases it may mean not taking full advantage of some opportunities to integrate with the operating system offers. (Of course sometimes integrating with the operating system can create problems of its own, as the security issues with ActiveX have demonstrated.)
We do not do this because it is easy, but because it is important. The Web is still young — too young to be tied to a single path of development. Through our open-source, cross-platform applications the Mozilla project seeks to promote flexibility and consumer choice and to help build a healthier Web. It’s exciting and extremely challenging, and there’s no doubt it’s worth the effort.