The Butterfly Effect: Microsoft, Security, and the Developing World

A year in China:



I recently completed a year teaching English, Computers, and Philosophy at a Chinese university. Around the university, a copy of Windows, on the street, cost the same as a copy of Red Hat Linux or about $1 US. Of course, most Windows software is similarly priced. You can literally find 1-10 guys on every neighborhood block selling copies.

The official university computers also had hot copies of Windows installed in every classroom. In fact, I am not sure I encountered a licensed copy of Windows in my entire year in China. This possibly includes most of the new computers with Windows XP installed at the factory. The Microsoft certified laser stickers are copied almost as frequently as the software. This is in spite of the official best efforts by Beijing to legitimize its entry into the WTO, and promote the use of Linux on government computers.

However, after 10 years of traveling and working in developing countries, I did not consider this so terribly unusual. The World over, hot copies of Windows are the standard in developing computer networks. It was only the very public nature and acceptability of it that seems different in China. As for the social acceptability, it seems to be more a function of Chinese culture than the state of technology or some sort of official public policy. One hazard of being a hardcore Open Source advocate, and coming from a tech world where the software is free (or mostly free), is that in certain respects it tends to make you a bit too comfortable with the concept of software piracy.

What opened my eyes to the true danger of pirated copies, was the first day I entered a classroom, with my 30 gig portable USB drive. My poor little hard drive, that had been kept safe, sound, and innocent behind a Linux firewall, and never mounted with anything but Linux, was suddenly exposed to the reality of computing in China. It was a virgin drive in the Windows Red Light district of a Chinese university. I had spent so much time on only Linux systems, that I had forgot what it was to battle Viruses and Spyware with every click of the mouse. I no sooner plugged it in, then a complete ecosystem of viruses promptly installed themselves to every directory on the drive. At that moment, it occurred to me that I had never seen a copy of a virus scanner or a firewall like Norton or Trend Micro alongside any of those copies of Windows or the latest Hollywood movies.

I also had at that moment a captive audience of more than a hundred Chinese students. So I went about taking an informal survey of how many students knew about viruses and virus scanners. My students where at first confused in the sense they thought they did not understand my English. I then carefully explained what a virus was, and what a virus scanner does. After rebooting to a Mandrake Move CD, I even dissected a virus on the overhead projector for them.

Once I was convinced they understood the English word and concept, I asked them again. This time, I received more of a confused look in the sense of 'why would you waste the money'. I repeated this with all my classes at the University. In total, I asked about 1,000 students over the course of the school year, and received more or less the same answer from all of them. They simply did not have antivirus software, or would not buy them if they did sell them. I am aware that companies like Trend Micro are moving into the Chinese market; however, I believe it will be hard to sell virus software in China for a long time to come.

After that first class, I returned home and turned on my Internet connection to confirm what I suspected. My Linux firewall, connected via ADSL, was being bombarded by thousands of viruses and worms. In fact, it was hard to distinguish any legitimate traffic from all the white noise of worms and viruses. Many, like their biological counterparts such as polio, are rarely seen in the West; and A few, like Asian bird flue, have not yet been monitored or detected in the West. I am aware of at least one case of a virus that started life in a Chinese University stealing term papers, later being modified to gather classified documents from companies in England.

The Implications:

It seems a better part of the already limited bandwidth and resources of China are being consumed by infected windows computers. Let me multiply this times an estimate 10,000,000 (official) new users of the Internet a month in China. From personal experience, I can say with a great deal of certainty, although perhaps not to the extent of China, the Internet in most developing countries is in a similar state. In such developing technological environments, the consumption of valuable resources is in many ways far more of a barrier to development than the simple dollar cost of Microsoft based software.

Consider just a few of the implications. If just 50% of all Internet and computing resources are consumed by malicious activity in a country or region, and it appears to be far more than that in most countries, then the country must devote that much more resources to its development. According to an official Chinese Central Government report, over 80% of all computers in China have been penetrated. Similar studies in the West, have reported upwards of 90% percent of the computers in developed countries. Granted, it depends on how and who reads those types of reports; but the very idea that those are the numbers we are talking about is food for thought alone.

What is of a more critical consideration is the impact on any economy and society at large. How easy is it for Hospital in Guatemala to clean up a computer database after a virus outbreak, as opposed to say a hospital in New York or Paris? How many people do not get treated for real viruses because the hospital spent the money treating digital viruses? As for the implications for the Internet at large, we only need to chant our liberal mantra a little louder about how no one can control the Internet to really see the dark side of things. I will just site the very active issue of the impact of zombies and bot nets on the World.

Our responsibility:

Thus, I would say, that in our rush to help countries develop with food aid, economic aid, and such, that we also lend relief in the areas of technological aid. The obvious, and affordable solution: (drum role please) Linux and Open Source solutions. However, simply carpet bombing the developing world with Linux will not be sufficient. It will require the support of the developed countries and experts to aid in the training and deployment of Open Source solutions. As another Western IT worker in China pointed out, what is often overlooked outside China is that most systems administrators in China never even touched a computer until a few years ago. Further, if I may remind the reader, that poorly deployed servers and software, of any sort, are just as dangerous as Windows. The true doomsday scenario would be networks of millions of zombie computers running on fast, versatile, and stable Linux platforms across the developing world.

On the other hand, I would say that Microsoft in its rush to lock out the developing countries with disabled operating systems, restrictive licenses, and jack-booted copyright enforcement might not be such a bad thing in the long run; however, it is up to the Linux and Open source community to fill the vacuum that we so strongly advocated. Both Nature and the Internet abhor a vacuum.



By Charles Spencer



Charles Spencer is currently a Open source systems and Internet consultant from the United States currently living in Chile, who has worked, lived and traveled to over 24 countries in the last 14 years. He currently runs the Spencer Global Consulting network. Spencer global is an internationally integrated network of consultants and researchers specializing in law, business, and and IT solutions with members in 12 countries and covering 4 continents of the World (5 if you count Antarctica).