The Case of Insecure Software

I used to avoid this discussion since the question of which operating system is most secure is a very slippery subject. Honestly, I am a Windows user since the OS is most common among alternatives, familiar and productive. I admire the complexity and raw power of Linux and all its flavors while although I am piqued by the simplicity of MacOS and iOS, both are expensive and claustrophobic for me. I have however two thoughts to put forward: one, the question of insecurity, and; two, the need to protect consumers.

The Question of Insecurity

It is quite common to hear in the tech world that Windows is an insecure OS. The question of software security, however, is a very complex one. Tech commentators now speak of ecosystems with Apple and Google and how the former has a strangle hold in theirs. Security, I believe, is a paradigm between a balance of control and freedom. Growing up with Windows, I saw how modular design has allowed great freedom in the creation and support of third party software in the Windows ecosystem at the cost of greater vulnerabilities.  Apple fanboys say that Apple OS is secure but that is because the company has tightly controlled its own OS'es that it is not too friendly to third party programmers.

When a discussion breaks between Windows and Apple fans, the topic of viruses is sure to come out. Windows, they say, has more viruses and malware compared to other OS'es. That is true but it misses the whole picture. While malware is made and is a product of several factors, the main driving force for it is it's objective of maximum effect. Malware is always directed against the  most used product. The tirade against Windows is also an acknowledgement that it is the most used operating system.

The rise of Android in the mobile space is a testament to this. Being the mobile OS with the greater market share, it has become what Windows is in the desktop sphere. I would say that if it were Apple products, then most hackers and black hats would direct their attacks against MacOS and iOS and tide would reverse on Apple fanboys.

It would be good to note too that the internet is now the universal attack vector. Any operating system connected to the internet can be hacked, so none of these could actually brag of impregnability. Software vendors have to deal with three major fronts: insecure software design, user abuse, and vulnerable inter-operability.

The question of secure software design then rests in how much effort software engineers harden their code and their ecosystems, how much leeway they provide for users and third parties, and the balance that comes between. Software security is always an arms race between software engineers and malware authors, thus, another side to security is how much updating and patching a software is given. All in all, the question of security isn't easy and simple.

The Need for Consumer Protection

Google has the Project Zero Program that seeks to find vulnerabilities that affect Google software and others. In recent months, Googlers have contributed to hardening Microsoft software, one of their rivals. This intelligence sharing benefits consumers because the more security researchers from different vendors collaborate, the more secure the software we use becomes. This leads me to my second thought: consumer protection has become a collective responsibility between software companies and states.

Besides vulnerability scanning of software from other companies, like peer review within the scientific community, the use of software standards also calls for this collaborative and collective effort at security. A few years ago, a major flaw was discovered in the TCP/IP stack and in the DNS system, a software infrastructure that holds together the internet and the web. It forced rival companies to work together in solving the problem. They saved the day and everyone was happy.

Security nowadays has to be crowdsourced. The internet and all its dimensions: technical, political, moral, etc, is still in a state of flux as humanity is still in the process of making sense out of the greatest invention it has created that transcended boundaries and categories. While we still lack a universal approach to dealing with the internet and it being a work in progress, security is everyone's job, including the user.

Keeping Tabs with Tech Direction

These days Microsoft is hosting their BUILD developer conference. Once in a while I check on the developments and directions these technology companies are taking. Whether you like it or not, our world is already being dictated by these multinational corporations. What they plan for the future will shape societies across cultures.

Apple's iPhone and ecosystem is ubiquitous and sought after by both rich and poor. Google saturates all aspects of our lives. Microsoft dominates business and productivity. Our lives is marked by a continuous and steady union of the physical and virtual spheres. This landscape is surely affecting how you live in 21st century.

So what's interesting in the coming years?

1. A new take on User Interface. It used to be that our interface with computers is through the screen, mouse, and keyboard. Expect that to change as technology is entering the Natural Interface: language and touch. Technology is slowly becoming more natural when it interacts with users. There will be more and more use of voice and natural language in giving out commands to your phones and computers.
2. Centralization. I've talked about this before in one of the JPII Cebu sessions. There is a strong movement to centralize information online so that it would match your unique and singular identity on earth. All of us now log-in either with Facebook, Google, or Apple credentials. The same credentials can be used for other services. Some observers would raise the flag for privacy concerns and putting in too much power over information to these companies. But this is the direction we are heading and we need to be aware.
3. Use of Artificial Intelligence. As more information gets accumulated online it becomes more difficult to manage and sort out. Here comes artificial intelligence to help out in making sense of all the data we are all pouring out. Artifical intelligence will make sense of the semantics (meaning) of all the information you put it: your personal information, your social connections, your online habits, yes, all of your life. It will also attempt to act as an interface: you are already using Google Search that has been partly powered by AI for the past years, almost everyone is aware of Apple's Siri and Microsoft's Cortana. These AI's are sure to spawn out more applications in the coming years.
4. A more seamless world. More boundaries will be toppled down and there would be more tension in who and how our human structures can control this ebb and flow of the internet. This openness will challenge governments, convents, and homes. Access to the internet and information would become a hotter topic. Security, privacy and safety both for individuals and businesses will find more challenges. Computer literacy will have to be seriously considered in education. The global village will continue its path of search of identity and organization as individuals and groups try to make sense of the internet.

A Caution. 

While these developments are interesting, I believe we should taper down on our optimism that the internet will save the world. I personally believe that technology will always be an extension of human capacity and nothing more. It will not become more sentient and intelligent than the minds that program it. Afterall, the effect can never be greater than the cause. The internet and its parts might appear more intelligent than the average human simply because it is an accumulation of collective and personal information. It won't find itself useful outside the human sphere.

Nothing can ever replace efficaciousness of personal physical contact. No matter how fast or efficient communications become, whether we enter into a world of virtual and augmented reality, the basic and most important way to get to know each other is always through our persons - as bodies and spirits who need to be near each other in space and time. No text message, chat, e-mail, or video conference can ever replace the tenderness and genuineness of a mother's hug and kiss.

Lastly, technology will remain amoral. Whether it is good or bad essentially depends on who uses it. It could save the world if there are good people using it or it could also destroy everything with the same mad people using it.