This is part two in a three-part series detailing my objections to a recent Computer & Communications Industry Association (CCIA) report, titled CyberInsecurity: The Cost of Monopoly. In the last instalment, I explained that cost savings related to a standardised computing infrastructure can outweigh costs associated with software "monoculture" risks.
In this instalment, I outline my objections to various aspects of the report's content. In short, the authors obscure the point of the article through their obsession with the perceived unfairness of Microsoft's market power. Furthermore, though their ability to put a negative spin on Microsoft's every action is impressive, it seems more opportunistic aggression than an attempt at dealing objectively with security flaws in Microsoft operating systems.
What is the REAL point of the article?
If you skipped the table of contents, four pages of biographies, a two-page anti-Microsoft diatribe courtesy of the CCIA, and a two-page executive summary, you might be forgiven for believing that this was yet another attempt by the CCIA to undo the settlement reached between Microsoft and the DOJ. The entire report is threaded with protestations about Microsoft's supposed monopoly power.
Granted, the report attempts to link monopoly power to the presence of a monoculture -- which is presented as a Bad Thing that requires government intervention to remedy. Unfortunately, the authors' obsession with the "fundamental unfairness" of Microsoft's monopoly power causes them to forget the point of the article, which was, at least theoretically, about security.
For instance, the report mentions that "today's locked-in Microsoft users would no longer pay the prices that only a monopoly can extract." Pretending for the moment that Microsoft's prices are truly far above the industry average for proprietary OSes, what on earth does this have to do with the issue of security? Wouldn't higher prices result in FEWER computers, or even better, drive customers to other providers?
Later, they try to turn Microsoft's decision to slip release dates in order to conduct more thorough security reviews into a negative, by claiming such a move "...is also an admission that Microsoft holds monopoly power -- they and they alone no longer need to ship on time". Besides the obvious fact that most software companies slip schedules, this, again, has little to do with the issue of security so much as a complaint over Microsoft's supposed monopoly power as such.