So how come I use computers without constantly being concerned that some program will do me harm? I can use a program because one of three possibilities:
I either wrote the
program myself, or
the authors are
accountable to me, or
I trust whoever wrote the program.
Let's look at each of these possibilities in turn.
I work in the Tcl team at Sun, I wrote some of Tcl's innards, and I know what the software does and how it works. This lets me use it with a high degree of assurance. I do not worry about being harmed by Tcl. However, I use many other programs each day that I did not personally write and that I am not as familiar with. That leaves the other two possibilities.
My main home computer is controlled by an operating system called Solaris, manufactured by Sun Microsystems Inc. Your computer might have another operating system on it, for example one from Microsoft -- there are many different operating systems available on the market. We both depend on the operating system controlling our computers for everything we do with the computer. Operating systems have complete access to every aspect of the computer, from the keyboard and mouse to every file, and to all the information flowing across the connection to the Internet. If it was malicious, my operating system could slow my computer down so I would not be able to do productive work, send my most private information to my worst enemies, or erase all my files. I am not familiar enough with the internal workings of my operating system to determine that it could not possibly under any circumstance do each of these bad things. This is where accountability helps.
Sun, a well known computer and software company, manufactures Solaris and vouches that it is safe to use. I purchased the computer and the software running on it from Sun for good money. Should something go wrong, I have a way to report the problem to Sun and I can expect it to get fixed: Sun is accountable for the quality of its programs.
That Sun and Microsoft are accountable for their operating systems gives us a high level of confidence and assurance. We are taking a very small risk when we use these operating systems. Operating systems are complicated and large programs and they provide a wealth of features, but they also contain many errors. These errors may cause inadvertent damage if they are severe, and Sun and Microsoft are committed to fixing them as soon as they are discovered and reported. These errors are non-intentional: they were not put into the operating system on purpose. Sun and Microsoft want to fix them as soon as possible. If a software vendor were ever to create a truly harmful program it could be sued for damages because it is liable. Distributing such harmful programs is absolutely contrary to their business interests, so you can be sure that Sun and Microsoft are making every effort to prevent such a disaster.
I also use a portable computer on which I have installed an operating system called Linux. This absolutely phenomenal software is available for free: a whole operating system for free, including the source code. Linux is an example of freeware. And I also use an excellent archiving program called WinZip. It costs a small amount of money -- it is shareware.
These shareware and freeware programs were written by authors whose intent is to contribute to the "general good" -- to provide software that helps you do your work better in some way, either at no charge or for very little money. This concept is very successful and has yielded many innovative software packages, some of them rivaling even the best commercial software in their quality and richness of features. Tcl itself started as a freeware package before it became supported by Sun.
There is some risk associated with using shareware or freeware. The authors of these packages are generally not big name companies and are not accountable to you for the functioning of the software. You will neither be able to sue for damages, nor can you expect the software to be backed by a support organization or a twenty four hour hot line. Therefore, every time you choose to use freeware or shareware software, you are making a decision to trust the author of that software -- to take a risk.
I trust these software packages because they have good reputations. A lot of people, including some of my friends, use these programs and recommended them to me. I retrieved WinZip from a reputable shareware site on the Internet, and Linux was installed by a friend of mine from a CD ROM.
Ninety nine times out of a hundred the risk you are taking trusting software whose authors are not accountable to you is not really a big risk and you are using high quality software written by hard working, productive, intelligent, innovative and honest individuals or companies. However, once every so often, the program is poison and the author is a hard working, productive, intelligent, innovative criminal seeking to do harm. These bad apples do intentional harm: they erase all the information on your disk, prevent you from using the computer, or steal valuable information.
Some companies have very tight rules about the software that employees are allowed to use. Everyone fears the one chance out of a hundred, when the whole network is brought down by a malicious program and all files are erased. Some companies provide their employees with PCs that do not have a network connection or a floppy drive, so it is not easy for employees to load any new software onto the computer. These companies believe that abstinence is the best protection.
However, my opinion is that the benefit of having access to a wealth of software far outweighs the risks. Ten years ago no-one considered it safe to network computers, yet today this is an essential part of nearly every office installation. The benefit-versus-risk equation changes over time. And there are some simple things you can do yourself so that you are protected to a large degree from the bad guys.
To protect yourself, follow these simple rules:
For each program you use, determine its category: authored, accountable
or trusted.
Avoid programs of unknown origin or which you can't assign to one of
these categories.
And, don't use bad programs (easier said than done, to be sure :).
The first step is the key. Once you know which software you can use, you will simply not use the other stuff. For software you wrote or bought, this is simple, but what do you do about shareware and freeware software?
This is also relatively simple. Use shareware from people with a solid reputation, software that other people besides the author claim is good. And only use software you retrieve yourself, from shareware sites with a solid reputation. On some operating systems the software also needs to be checked for viruses, little, usually harmful, programs that embed themselves inside otherwise harmless programs. When you retrieve a program containing a virus, your computer can become infected and it's very difficult to get rid of the infection. Reputable shareware sites do the checking for you, so you know that you will never get an infected programs from these sites.