NetAction Notes

Published by NetAction Issue No. 77 November 20, 2001
Repost where appropriate. See copyright information at end of message.

IN THIS ISSUE:

Billyfish Is Back
Is Your Outlook Secure?
Bridge Building Tools
About NetAction Notes

Billyfish Is Back

Want to let the U.S. Department of Justice know you're disappointed with the proposed settlement of the Microsoft antitrust case? Billyfish is back to help. Meaner than ever with jaws open and teeth bared, an updated version of our popular Billyfish icon can be downloaded at: http://www.netaction.org/msoft/winfish2.html.

Longtime NetAction Notes readers may recall that we first introduced Billyfish in 1997 to help focus attention on Microsoft's growing monopolization of the Internet. Now that it's apparent the U.S. Department of Justice can't be counted on to stop the Microsoft monopoly, we've brought an updated version of Billyfish back to encourage Internet users to voice their objections to the proposed settlement.

The Internet has grown by leaps and bounds since NetAction first mobilized Internet users to demand strong enforcement of antitrust laws against Microsoft. We started the campaign by releasing a survey report that documented how Microsoft's marketing strategy was preventing consumers from choosing the browser they use to access the World Wide Web,* and we encouraged consumers to show their support for antitrust enforcement by displaying our Billyfish icon on web sites.**

The Justice Department did act, and eventually prevailed: Microsoft was found guilty of anti-competitive behavior. But that's where the good news ends. The DOJ's proposed settlement (in PDF) makes it clear that the current administration lacks the will to enforce the nation's antitrust laws by imposing an appropriate remedy. If the settlement is confirmed, Microsoft's monopoly will continue.

In a recent article, San Jose Mercury News columnist Dan Gillmor quipped that the settlement seems to have been written by Microsoft's lawyers. "Every time you read an item that suggests actual restraint on Microsoft's behavior, you find weasel language elsewhere that undermines the supposed concession," he wrote. "This thing isn't just full of loopholes. It's meaningless."

But the settlement is not yet final, so Internet users still have a chance to convince Judge Colleen Kollar-Kotelly that Microsoft's punishment should fit the crime. Under the Tunney Act, Judge Kollar-Kotelly is required to review the settlement to ensure that it is in the public interest. As part of that review, there will be a 60-day period of public comment, starting when the proposed settlement is published in the Federal Register.

NetAction will provide more information on the public comment process as soon as the proposed settlement is published in the Federal Register. Meanwhile, we urge readers to spread the word that Microsoft's monopoly must be stopped by displaying our updated Billyfish icon on web sites, and forwarding this article to other concerned Internet users.


Background Notes

* NetAction's 1997 survey found that the top three ISPs serving the U.S. consumer market at that time were all bundling Microsoft's Internet Explorer into their start-up software, and that all three had agreements with Microsoft that specified IE as the browser customers receive. Only one of the three top ISPs even told customers that they had the option of downloading Netscape Navigator as an alternative to IE. When we conducted a follow up survey one year later we found that despite the initiation of the DOJ's lawsuit, the situation had gotten worse. Almost none of the largest ISPs even gave consumers the option of using an alternative to IE, and many were not providing technical support to consumers who installed Netscape Navigator or an alternative browser on their own.

** NetAction subsequently published several other articles and reports on Microsoft. An archive of these documents is at: http://www.netaction.org/msoft/.


Is Your Outlook Secure?

In the last issue of NetAction Notes we offered readers a checklist of computer security basics, including the need for keeping anti-virus software up-to-date. The article prompted a heated reply from reader John Poltorak, who pointed out that we had neglected to include one important piece of information: the vast majority of Internet viruses can be avoided by simply not using Microsoft Outlook for email.

With John's permission, we are including some of his comments in this issue to expand on this important point. He wrote:

"Virtually every Internet virus and/or worm causing widespread damage today has been propagated by using Microsoft software, principally Microsoft Outlook, and Microsoft Internet Information Server. It is these two programs which are badly designed and extremely insecure which should be targeted as virus launchers, which is what they are." In a later message he added, "Using Outlook as a mail client is like going on holiday and leaving your house not only unlocked, but leaving the doors and windows wide open."

Of course, as the article above this suggests, avoiding Microsoft's products isn't easy since the company has monopolized the market through anti-competitive behavior. In retail stores where most consumers buy computers, PCs are all sold with Windows pre-installed and Outlook and IE featured prominently on the desktop.

So what can you do if you don't want to use Outlook for your email?

If you use Netscape Navigator as your web browser, one option is to use the built-in Communicator browser for your email. If it wasn't pre-installed on your computer, see: http://home.netscape.com/computing/download/index.html.

Another option is Qualcomm's Eudora, a stand-alone email browser that is available in both free and paid modes. See: http://www.eudora.com/.

Either option will reduce – but not completely eliminate – your vulnerability to attacks from viruses designed to propagate through Outlook. But this is by no means the only security issue to be concerned about if you are using Microsoft software or the Windows operating system.

Microsoft's products are simply more vulnerable to a wide range of security problems. There are two competing explanations for this.

One explanation is that malicious activity is focused on Microsoft because its products are so widely used. According to this viewpoint, the people who create viruses and look for security holes in software target Windows applications because they can do the most damage by attacking vulnerabilities in software installed on the vast majority of computers. Another explanation is that Windows-based software is inherently less secure because, as a virtual monopoly, Microsoft simply has no reason to bother improving its products.

These explanations are not mutually exclusive, of course, but Microsoft's recent move to a "blame the messenger" strategy gives weight to the latter explanation.

In a recent essay that has generated some controversy among computer security professionals, Microsoft security manager Scott Culp denounced researchers who publicize information about software security flaws as "information anarchists," and asserted that computers would be more secure if these researchers simply stopped publicizing their results.

A balanced explanation of this controversy was published recently by Bruce Schneier. See "Full Disclosure" at http://www.counterpane.com/crypto-gram.html. The article includes a link to Culp's essay and numerous other resources on this issue.

Since most Internet users are not security experts, the best strategy is simply to avoid Microsoft's products as much as possible. For information on available alternatives to Microsoft's software products, see The Microsoft Boycott Campaign web site at: http://msbc.simplenet.com/thealt/.


Bridge Building Tools

A series of Toolkits for Community Technology Centers is available from Communities In Our Future (CIOF), a demonstration project of CTC's working to bridge the digital divide in low-income California communities. The Toolkits provide information on how to set up, sustain and manage CTCs, operate employment training and other educational programs, and engage in policy advocacy for CTCs. In addition to the Toolkits, CIOF has published a report describing effective ways for CTC's to help bridge the digital divide.

The Toolkits are at: http://www.ciof.org/toolkits/index.htm.

The Report is at: http://www.ciof.org/report-rls.htm.


About NetAction Notes

NetAction Notes is a free electronic newsletter, published by NetAction. NetAction is a California-based non-profit organization dedicated to promoting use of the Internet for grassroots citizen action, and to educating the public, policy makers, and the media about technology policy issues.

To subscribe to NetAction Notes, send a message to: . The body of the message should state: subscribe netaction
To unsubscribe at any time, send a message to: . The body of the message should state: unsubscribe netaction

For more information contact NetAction by phone at (415) 215-9392, by E-mail at

, visit the NetAction Web site or write to:

NetAction * P.O. Box 6739* Santa Barbara, CA 93160

Copyright 1996-2003 by NetAction. All rights reserved. Material may be reposted or reproduced for non-commercial use provided NetAction is cited as the source.