As I escorted him to the elevator after an interview in 1998, Gordon Eubanks, then president and CEO of Symantec, made a casual observation that forever changed my perspective on open source software. At a time when the worlds No. 2 computer security company realized almost all its revenue by protecting machines running Microsoft and IBM/Lotus Development platforms, Eubanks noted that open source was inherently easier to protect than proprietary software.
Using Linux as an example, he said, “Everybody can see whats under the hood, so were on equal footing with hackers. With proprietary systems, intruders often have illegal means of learning things about the underlying code that are superior to the legal information at our disposal — even though we get excellent cooperation and support from Microsoft.”
At the time, Symantec was only beginning to explore the Linux market, so Eubanks remarks registered as something of a personal epiphany for me. For the first time, I found myself entertaining the notion that open source might actually threaten Microsoft and Sun Microsystems. The fact that Linux was free didnt impress me, but here was a value proposition that money couldnt buy — an increasingly stable operating system (OS) that was less prone to security vulnerabilities in the first place, because so many interested parties were examining it continuously, and that now seemed easier for developers to secure.
I recalled Eubanks remarks recently while perusing the program for the 2001 LinuxWorld Conference and Expo this week in San Francisco. Much has happened in the last three years to catapult Linux into the mainstream and make it a serious threat to Microsofts and Suns dominance of the server and enterprise markets.
The most crucial factor was IBMs imprimatur. Beginning with its modest packaging of Linux with its Netfinity server line three years ago and extending through this years “Peace, Love & Linux” campaign, Big Blue, more than any other company, has legitimized Linux by adding support services, system integration and development tools. The unveiling of Hewlett-Packards new high-security version of Linux last week further underscored the markets growing enthusiasm for the little OS that could.
In an informal poll taken earlier this year at the Crossroads conference in Phoenix, a slight majority of those in attendance — all I-managers from either the IT or business sides of the aisle — said they were already using open source software, mostly Linux, in some part of their enterprises. Whats more, the vast majority said they planned to either initiate use of open source or increase their current use within the next two years.
Clearly, Linux is no longer seen as an avant-garde tool in the enterprise market. But what of the desktop, where Microsofts dominance seems impregnable? Despite the best efforts of true believers to slap a respectable user interface on Linux, Im betting Microsoft has little to worry about here.
Today, for example, Symantecs enterprise solutions all seem to come in Linux versions, in addition to Windows NT/2000 and Sun Solaris versions. And just last week, Craig Ozancin, Symantecs senior security analyst, spoke at the HP World 2001 Conference on “Hacking Linux and How to Stop It.” Yet Symantec still does not produce a version of its No. 1 consumer product, Norton AntiVirus, for Linux.
Even so, Microsoft has a very narrow window of opportunity to shore up its defenses on both the server and client sides of the market. Since it will always be the target of attacks by worm-designing hackers — most of whom love Linux as much as they hate Microsoft — the Windows development team must mount an all-out effort to make its products bulletproof by aggressively exterminating lingering vulnerabilities and opening more of Windows source code to developers.
For its part, Sun is going to have to either embrace Linux as an independent OS or offer seamless Linux interoperability in Solaris. As counterintuitive as all this might have seemed three years ago, today it is Linux that sets market standards in everything from security to licensing.