As noted in Chapter 2 of this book, the release of the Altair microcomputer in 1975 heralded the beginning of the modern high-tech industry. But observers of the period also believe there was more to the Altair than just chips; the unit seemed to emit a mysterious elixir that entered the body of computer aficionados worldwide and sparked a strange war of the soul that has raged in the body of the computer geekdom for more than three decades. The war is between those who advocate for free software and open, patentless technology available to all and those who believe in making substantial sums of money from selling proprietary software and the vigorous protection of intellectual property. It’s the Kumbayahs vs. the Capitalists.

Other influences may be responsible for the ongoing struggle. Perhaps Star Trek bears some of the blame. Few in microcomputing hadn’t watched the series, and as Captain Kirk, Mr. Spock, Bones, Scottie, and their innumerable successors went gallivanting through the galaxy, they seemed to have no visible means of financial support. No one in the Star Trek universe wearing green eye shades ever appeared to worry about the propensity of the various casts to blow up what you’d think were undoubtedly very expensive space ships, given their capabilities of violating the laws of physics, transporting the crew to numerous planets inhabited by women who spent most of their time wearing lingerie and dodging ray gun fire from angry races of aliens who kept screaming “kaplok!” (and who also seemed to have no monetary worries). Perhaps the reason for Captain Kirk’s insouciance lay in the fact that everyone in Star Trek had access to what were called “transporters,” magical devices that could be used to whisk you from the space ship Enterprise to a planet without having to pay a toll. Later in the series’ development, transporters could be used to create chocolate milk shakes, drinks, and even the occasional boyfriend or girlfriend via simple voice commands. And all for free!

Of course, no computer has a Star Trek–like transporter system built into it, but from the standpoint of people interested in obtaining software without forking over monetary compensation, it has something almost as good. That good thing is the “copy” command. And since software, unlike milk shakes, drinks, and boyfriends, is already digitized, just about anyone can execute this wondrous command and enjoy a cornucopia of software in an environment free of the distasteful economic friction of “paying.”

Technology’s interest in the concept of free software was demonstrated almost conterminously with the release of the Altair in the events surrounding the “liberation” of the first BASIC for this pioneering machine. When first available, the Altair had no useful software, and the market was eagerly awaiting the release of Altair BASIC (waiting was something Altairians were very good at doing because Altair maker MITS was legendary for announcing new products it couldn’t deliver, a habit the rest of the industry soon learned to emulate). The product had been developed by a small software firm, Micro-Soft, run by two people no one had ever heard of, Paul Allen and Bill Gates. Micro-Soft had cut a deal with MITS to receive a royalty on every sale of Altair BASIC and was eagerly waiting for a stream of revenue to flow into the tiny firm’s coffers upon the official release of the new product to a marketer eager to buy it.

Unfortunately for Gates’s and Allen’s short-term plans, someone had appropriated an early version of Micro-Soft’s BASIC, stored on paper tape, at a small MITS trade show held in Palo Alto in 1975. The tape was promptly reproduced and then handed out at such venues as the Homebrew Computer Club, a semilegendary group of computer hackers and enthusiasts who met regularly in Silicon Valley to share information, gossip, advice, and other things, such as “liberated” chips and especially liberated Altair software. Soon, paper tapes containing an early, buggy version of Altair BASIC were in wide use and oddly enough, no one offered to pay Micro-Soft a dime for the product.

In 1975 there was very little that was kumbayah about Bill Gates, and he responded to the purloining of Microsoft BASIC by writing an open letter to the software liberators, published in the Homebrew Computer Club’s newsletter (and in similar publications), chiding them for their thieving ways and asking them to voluntarily pay for the privilege of using his BASIC. His letter made the logical point that if people weren’t recompensed for all their time and hard work spent creating new and better software products, they would have no incentive to do so, and the software industry would wither and die.

Gates’s pleas for financial remuneration went widely unheeded. The very act of releasing the letter generated generous amounts of sneers and opprobrium from software’s kumbayahs, three hundred or four hundred letters addressed to Gates chastising him for his greed, and about three or four voluntary payments for Altair BASIC. Ruined by the premature widespread release of Altair BASIC and financial loss this entailed, Micro-Soft went out of business, and Gates and Allen were never heard from…aga…errr…no. That’s not what happened.

What actually happened was the widespread release of Altair BASIC established the product as the de facto standard for microcomputers. Despite some idiosyncrasies, Micro-Soft’s BASIC was regarded as an engineering triumph—lean, loaded with features, and, in comparison with the mainframe and mini-computer BASICs most programmers worked with, incredibly fast. Although everyone didn’t want to pay for Altair, which later became Microsoft (with no hyphen) BASIC, everyone wanted to use it. Since Microsoft’s deal allowed the company to license the product to other firms, Microsoft was soon enjoying a tidy business licensing its BASIC to a plethora of other computer companies. In point of fact, it was the industry’s high regard for Microsoft’s BASIC that led IBM to Bill Gates’s door and enabled him to take advantage of the biggest business opportunity of the 20th century.

Nonetheless, as the industry began its rapid development, resentment on the part of software entrepreneurs grew as software piracy spread. And make no mistake, spread it did. Copying a software program worth hundreds, or even thousands, of dollars, was as easy as inserting a blank floppy disk into a disk drive and typing in your system’s version of the “copy” command. Games in particular were the target of frequent liberation efforts, with user groups for systems such as the Amiga and Atari ST sponsoring “swap nights” where members were encouraged to bring in their software collections for communal sharing. Many businesses entered into the kumbayah spirit of things, with it being a common occurrence for a company to buy one copy of a business software package such as WordStar and distributing it to every member of the company.

To counter the practice of software liberation, now usually called “piracy,” a whole host of what were eventually called “copy protection” systems and techniques were developed. Most of these focused on protecting Apple software because this computer system attracted the bulk of new software development until the release of the IBM PC. Some of the techniques employed included things such as forcing a disk drive to write to locations on a floppy nominally off limits to the hardware; “Spiradisk,” a system that wrote data to the disk surface in a big spiral; hardware “dongles,” plastic keys that contained a chip with a software key embedded into it; and so on.

In response to the efforts of one part of the software industry to prevent pirating software, another part promptly launched an effort to thwart the protectors (this had the happy effect of employing more programmers). Anticopy protection systems included software products such as Locksmith, copy-cracking boards that sucked an entire software product into memory and spit it out to disk, products that were capable of reading dongle keys, and so on, and so on, and so on. As soon as one copy protection scheme was introduced, it was immediately under attack by resourceful folks following in the glorious tradition of Altair BASIC and the Homebrew Computer Club.

By the early 1980s, IBM entered the market with its own microcomputer, and the focus of the endless cat-and-mouse game between the Capitalists and Kumbayahs shifted to the PC. The software industry’s reaction to rampant software piracy was the general introduction of copy protection for many of the major software packages. WordStar 2000, Lotus 123, dBase, and other packages incorporated elaborate schemes meant to halt, or at least slow, the piracy tide. For a brief period in the 1980s, almost a dozen software companies were pitching other software companies on the effectiveness of their respective protection systems.

I initially had a great deal of sympathy for the effort. As a field software engineer for MicroPro, I had become quite accustomed to walking into a customer’s location and seeing multiple copies of WordStar (which was not copy protected) installed on every computer in the place but being able to spot only one set of manuals available to the “user” base. Some simple math seemed to indicate a lot of bread was being snatched from my mouth, or at least from the mouth of the company paying my salary.

It was also annoying to find myself spending time providing technical support to people who were clearly flying the software Jolly Roger. One of my responsibilities was to take local technical support calls while in the office from people who were having difficulty with our word processor. A disturbingly high number of my calls went something like this:

Me: Hi! This is MicroPro technical support. How can I help you?

The “customer”: I need help installing my NEC 3550 printer.

Me: No problem! Please pull out your installation manual out, and turn to page 256. (This was an age when users were a manly bunch, with thumbs thickly muscled from paging through software documentation similar in size and comprehensiveness to small encyclopedias. Not the like the effete perusers of PDFs and HTML you find today.) I’ll be glad to walk you through the process.

The “customer”: Uh, I don’t have a manual in front of me.

Me: No problem. I’ll hold on the phone until you can get it.

The “customer”: Uh, I don’t have a manual.

Me: Can I ask what happened to it?

The “customer”: Uh, the dog ate it. (Other popular claims focused on thieving kids, roaring fires, and torrential flooding).

The computing press (the members of which were used to obtaining all the free software they wanted) was, as you might imagine, generally unsympathetic to the plight of the software firms. Despite giving perfunctory lip service to the idea that software companies had a right to protect their property from theft, the companies were (and are) constantly being lectured on “not treating their customers” like thieves, despite the indisputable fact that large numbers of them were (and are). In 1984, MicroPro estimated that eight pirated copies of WordStar were in use for every one sold. In 2005, estimates put software piracy rates in China at more than 90 percent.

And yet, by the end of the 1980s, practically every software that had implemented copy protection dropped it. Several factors were driving this trend. One was that many companies resisted buying copy protected software because it added complexity and instability to desktop computing systems and strained the resources of IT departments. Another was that copy protection added considerably to the software industry’s support burden because users called up to complain about systems that wouldn’t install because of hardware peculiarities, lost or damaged “key” disks, arguments about the number of “valid” installs, and so on. And, although our feelings undoubtedly weren’t the strongest factor driving corporate decisions, most software firms were hearing whines and groans from their field sales and support personnel about the difficulty of dealing with protected products. WordStar 2000, for example, at one time used a copy protection system that limited users to three installations of the software on different systems. This meant that whenever I or another person had to install WordStar 2000 on a demo system at a remote location, we had to go through a wearying install/deinstall routine while listening to outraged disk drives go AAAHHHHKKKK SKRRRIIIKKK WAAKA WAAKA WAAKA in order to keep our quiver full of demo installs for future use. (Field personnel weren’t initially given non-copy-protected products. When we were, the practical facts we created “on the ground” provided another reason to drop copy protection).

And finally, despite the theoretical losses software companies were suffering from piracy, it was hard to see in reality how piracy was hurting the companies. As the decade progressed, many software companies did indeed stumble and fall, but in no case was it possible to pin the blame on piracy. Also, it started to become apparent to software firms that piracy had a definite upside, as Microsoft had discovered years ago with the Altair. When the number of people using your software increased, your perception as the market leader increased as well. And pirated software functioned as a sort of marketing kudzu, tending to choke out the competition as use of your product spread throughout the computing populace. Once you had displaced the competition, it was possible to convert X percent of the pirates to paid users via various inducements and offers. Corporations, worried about legal liabilities, were also usually not reluctant to buy purloined software if the price was right.

Becoming the market leader also opened up opportunities for bundling and original equipment manufacturing (OEM) deals. At MicroPro, WordStar’s early ubiquity made it the favored word processing product to include with such systems as the Osborne, Kaypro, and many others. While OEM products were sold at a considerable discount from the software’s retail price, in most case all the software publisher had to do was provide licenses and serial numbers to its customers; the OEM customer usually was responsible for manufacturing and supporting the product. One MicroPro OEM salesman referred to the firm’s OEM business as a “money-printing operation.” This model worked in the case of such products as WordStar, dBase, WordPerfect, and most notably, Microsoft Windows. Today, Microsoft’s Windows OEM business is the most profitable component in the company’s bottom line.

In the meantime, while the proprietary software companies were garnering all the attention (and making all the money) from the market, the kumbayah forces, led by an interesting fellow by the name of Richard M. Stallman, were keeping the dream of free software alive. Stallman had entered computing by way of MIT in 1971, where he worked as a systems programmer in the university’s AI lab, at that time a hotbed of innovation in such areas as LISP and related languages. Stallman developed a reputation as an ace programmer, and while at MIT developed the legendary program Emacs, a text editor backed up by a powerful and extensible macro system. Stallman was a militant believer in what was then called the “Hacker Ethic,” a belief system that preached that software and the information it represented should be open and available to all users to change and modify as they saw fit. Stallman was fervent in his belief about the evils of charging for software, at one time proclaiming that “the prospect of charging money for software was a crime against humanity.”[1]

Unfortunately for RMS, as his friends called him, by the 1980s the MIT lab was becoming corrupted by the sirens of commerce, who asked why geeks couldn’t also have fancy cars, big homes, and gorgeous girl friends. Two AI companies (both ultimately unsuccessful) dedicated to building LISP interpreters and dedicated LISP machines spun out of the MIT lab, taking with them many of the lab’s best programmers and all, in the opinion of RMS, of the lab’s kumbayah mojo.

After a period of mourning, Stallman left the lab with a vision fixed firmly in his imagination. He would create a powerful, free, and open software environment that would allow programmers to create new and wondrous products. This environment would be based on the popular (but proprietary) UNIX operating system and, in a display of geek wit, would be called GNU (GNUs not UNIX; we’re sure you appreciate the recursion). And to ensure that what had happened at MIT could never happen again, he’d protect this environment with a new and innovative concept, a “copyleft” agreement that required programmers who used his software to build new software to make the original GNU software, and any changes or improvements made to the software they had created, available for free to anyone who wanted it under the GNU General Public License (GPL). When the GPL was introduced, Stallman became software’s Dr. Open, the civilized, reasonable, humanitarian advocate of all that was good and pure in the world. (Bill Gates has traditionally played the role of Mr. Proprietary, but since he’s supposed to be leaving Microsoft to cure diseases worldwide, Steve Ballmer will be appearing in the part moving forward.)

This was a sharp and revolutionary contrast with the typical end-user license agreement (EULA) that accompanied most proprietary software. Most EULAs allowed “licensees” of software only the right to copy “their” software onto a limited number of computers. In fact, by 2006 the Microsoft retail EULA for Windows allowed you to copy your $100+ copy of Windows XP onto only one computer, regardless of how many computers you owned. And boy oh boy, better make sure you never, ever buy a four-core processor in your computer, because that seemed to violate the Microsoft EULA. And if you read the rest of the EULA, it warned of all kinds of other things you couldn’t do, and all the warnings were written in the Scary Lawyer dialect of the English language. In fact, most EULAs are full of scary language and all kinds of implied legal threats. Interestingly enough, despite that software companies have been using EULAs for decades, it is unclear whether they have any legal validity.[2] Fortunately for the industry, no one actually ever reads a EULA; if they did, everyone would probably use only free software.

Given the current excitement over open source software and technology, it would be easy to think that Stallman’s GPL took the industry by storm, but this was not the case. The first GPL was released in 1989, and the second version, the one in current use in high technology, in 1991. At the time of their issuance, few people paid them the least bit of attention. One reason for this may be that while Stallman may have thought charging for software was wrong, almost no one else thought so, especially the many programmers who were making good money selling software and didn’t want to give up their new cars, houses, and girlfriends. Another was that Stallman’s rantings about the evils of for-sale software and rationale for giving it away sounded a bit too close to Karl Marx’s formulation of “from each according to his abilities; to each according to his needs.” In an era when the Soviet dinosaur was noisily clanking and shaking its way to extinction, Stallman’s zeitgeist seemed off to many.

It’s Finally GNU for You

But perhaps the biggest obstacle to the widespread acceptance of Stallman’s credo was that although he was preaching about the glories of free software created with GNU, he hadn’t actually sat down and finished the project. Stallman had built a series of software utilities that could be used to create software (an activity beloved of many coders) but had neglected, years after the proclamation of GNU, to provide the system with its key component, an operating system. Instead, it was left to a 21-year-old Finnish student at the University of Helsinki by the name of Linus Torvalds to create a working implementation of Stallman’s dream. UNIX, Linux’s distinguished father, had slowly been withdrawn from the programming community and had become increasingly proprietary and fragmented. Dozens of companies took their version of UNIX and built custom extensions and walls around the software. This had the effect of raising UNIX prices (and allowing these companies to do a nice business selling their specialized UNIX versions). Dissatisfied with the UNIX clone he was currently using and unable to afford a proprietary version, Torvalds decided to take a stab at writing his own operating system using the GNU tools.

Linux .001 was released in September of 1991. Shortly after its introduction, Torvalds invited anyone interested in the OS to contribute to the development of the next release. Many people did, and the most significant open source project in the industry’s history was born.

Driven by the enthusiasm of what would become know as “the open source community,” Linux made great strides over the next few years, its progress assisted by Torvalds’s decision to release Linux under the GPL. Its growth driven by open source aficionados, by the late 1990s Linux began to do serious financial damage to companies such as SGI, Sun, SCO, and others, all of whom soon saw their business models being ravaged by the new upstart.

But while Linux was steadily eating away at the profits of the UNIX firms, the Windows world safely ignored Torvalds and his OS, for the most part. A few hobbyists played with the system,[3] and Microsoft’s behavior toward Netscape and the government’s antitrust case raised the blood pressure of free software advocates worldwide; however, that was about it. After all, Windows was very, very cheap. Most people received the product for “free” with their hardware and ignored the issue that their purchase price reflected the cost of Windows, something that was easy to do when computers cost $2,000 to $3,000. And even if you bought it, once you factored in the cost of inflation and the ability to install it on every machine you owned (and a few you didn’t), the cost per computer seemed very reasonable for an operating system that ran a huge amount of software and seemed to support just about every peripheral you owned.

Also, what many have called “the open source paradox” began to rear its ugly economic head (and still does). The paradox was that while GNU, Linux, and other open source software had been written ostensibly to liberate programmers from a world of evil capitalists, ultimately it seemed the evil capitalists were most likely to benefit the most from the whole movement. After all, while it was nice that car companies, oil companies, lawyers, grocery stores, Burlington Coat Factory, and lots of businesses of all types were saving money on purchases of software, there was no proof that programmers were sharing in the bounty from all these expenditure reductions. And if you looked at some of the companies that expounded the use of Linux the loudest, such as IBM, you couldn’t but help wonder. After all, IBM had become America’s most prominent business colossus by building the most proprietary of proprietary software and hardware. IBM had been driven from its perch of preeminence by tiny start-up Microsoft, which had then gone on to enrich more geeks than any other company in history. Microsoft had created thousands of millionaire programmers; how many millionaire programmers had IBM ever created? For that matter, if Linux was so great, were all the Linux millionaires?

Some Hot Tunes

In the meantime, while everyone was focusing on software, no one was paying any attention to the music business. There didn’t seem to be any reason to do so. After all, we all knew how the music business basically worked. Every few years the youth of the world generated yet another raft of disaffected grungesters, cute girls, cute boys, some performers of indeterminate sex, ghetto rappers, hip hop blasters, soul throbbers, chanteuses, lounge acts, and so on, and so on, all of whom were signed to contracts by large, institutionally corrupt music companies. These in turn distributed cash, girls (or boys), and cocaine (or the drug of your choice) to the band while paying off music stations to play the songs of the performers under contract to the company. When the current crop of crooners aged and lost their appeal or overdosed, they were promptly replaced by a new generation of cute girls, cute boys, and so on, and the cycle continued.

The distribution model was also well understood. Music was sold to the public via albums of records, cassette tapes, and later, almost exclusively on CDs. Most of the music on the album was filler, designed to surround the one or two good songs with enough extra musical noise to justify charging $20 per CD, a price that annoyed people who remembered that before the switch to the new technology in the early 1990s, a record had cost about eight bucks. The companies raised prices because they could but justified the new price tags to the public by talking about the expense of producing CDs (despite that it cost less to mass produce them as opposed to vinyl) and to industry insiders by noting that the price of drugs had sky rocketed over the years.[4]

The music industry had known for years that public dissatisfaction with the current state of affairs was high and that people were highly interested in mixing and matching songs to create custom listening sets that matched their interests and moods (I cover this point in greater detail in Chapter 14), but no one in the business cared. The music companies had the entire distribution system, the artists, and the technology under control. In fact, in the early 1990s, the industry was able to strangle a potential threat to its domination, consumer digital audio tape players, by loading them with enough integrated copy restrictions to the point that no one was interested in buying the units. Although some music executives were dimly aware of the problems software companies had with piracy, none felt thought had any lessons to learn from high tech’s digital travails.

While the music industry was ignoring both the desires of its customers and the advance of technology, software geeks worldwide were busily working on making the life of the jingle moguls miserable. First came the development of MP3 compression, a technology that allowed software to take any music recording and compress it to about a 12th of its original size with very little loss in sound quality. Work on the MP3 format had begun in 1987, and final specifications for the technology were released to the public in 1994. Once a song had been “MP3’d,” it was small enough to be easily and quickly transmitted electronically. The next step was taken with the spread of cheap read/write optical disk systems in the mid-1990s. This in turn drove the development of software that could “rip” (copy) music from CDs to the new MP3 format. The fourth and final piece of the puzzle dropped into place with the adoption of the Internet by the public. A complete solution to bypassing the music industry’s lock on the distribution system had come into existence.

The first major company to explore the possibilities the Internet opened up for music distribution was MP3.com. The service was founded in 1998 and offered downloadable musical for free (the artists were compensated via a system that gave them a small royalty payment based on the number of times their songs were downloaded). MP3.com was not a music piracy site; a trained staff winnowed through the uploads and stripped out copyrighted material. Everyone thought the site was wonderful, it grew rapidly, and in 1999 MP3.com launched an IPO that netted the company $370 million.

The good times ceased to roll at MP3.com when in January 2000 it launched the My.MP3.com service. This enabled customers to securely register their personal CDs (you had to actually stick the CD in your PC so that MP3.com could scan it) and then stream a digital copy from your system to an online music “locker room” hosted by the My.MP3.com service. At this point, the intelligent thing for the music industry to have done was to have studied MP3.com, partnered with it, and “trained” the public to interact with the site and ones similar to it for the benefit of all concerned. Instead, the music moguls, in a act of classic and far-reaching stupidity worthy of such famous moments in rock star history as Alice Cooper tossing a hapless chicken to its death to a crowd in Toronto or Ozzy Osborne masticating an innocent bat,[5] sued poor MP3.com for copyright infringement and found a judge dim-witted enough to agree with them. Rather than appeal the case, MP3.com handed over the bulk of its IPO money to the recording industry. Fatally weakened, the service gave up the ghost during the dot-com meltdown, to the music industry’s immense satisfaction.

The smirking and high-fiving came to an abrupt end with the appearance of a new service, Napster. Based on a peer-to-peer network system that allowed computers to directly transfer MP3 files across the Internet, Napster made little effort to prevent software piracy, and the site soon became one of the most popular on the planet. The music industry, having learned absolutely nothing from the MP3.com incident, sued Napster as well and eventually was able to shut it down. As already noted in Chapter 11, Napster’s great vulnerability lay in its use of centralized servers to store the names of the files being offered to other Napster users. Now, with Napster out of business, smart programmers quickly developed new software that didn’t require the use of centralized servers but instead relied on individual computer systems located worldwide to manage the task of file coordination. The recording industry’s intelligent response to this development was to sue 19,000 parents, children, dead Vietnam vets,[6] and others for copyright infringement, an act that had absolutely no impact on the widespread practice of downloading free MP3-compressed music. The industry also began suing the individual peer-to-peer networks such as LimeWire and Kazaa, but as soon as one network disappeared, another one promptly appeared. The music industry now existed in a Greek hell of its own creating, doomed, like Sisyphus, to push the rock of copyright litigation up and down a terrain that consisted of endless hills of peer-to-peer networks.

Getting to the Root of the Problem

The industry’s stupidity reached a dizzying crescendo with Sony BMG Music Entertainment’s 2004 release to its customers of something that proved to be far more exciting than any music video ever produced—a “rootkit.” A rootkit is perhaps the most dangerous of all malware, a vicious piece of Borgware that absorbs your computer’s operating system into a vast, evil collective over which you have no control. Rootkits integrate themselves so deeply into a computer’s innards that even high quality antivirus and antispyware products often cannot detect them. The Sony rootkit, targeted primarily at Windows (though it also infected Macs but to a lesser extent), was loaded onto 52 of its music CDs, and when someone put a rootkit-infected CD into their computer, Sony’s malware was surreptitiously installed onto the system. Once there, if detected, an attempt to remove the rootkit resulted in severe damage to Windows and a nonworking computer. Once hidden on your PC, the rootkit prevented you from copying songs from the CD to another CD or to the MP3 format (though this protection was almost instantly circumvented).

The Sony rootkit spread to more than half a million machines and networks, including those in the Department of Defense and other government agencies, before writer and Windows expert Mark Russinovich discovered its existence in October of 2005. He posted his discovery online, and news of the rootkit spread worldwide in a matter of hours. (Companies such as Symantec and McAfee were heavily criticized for failing to develop software that detected Sony’s malware until Russinovich’s disclosure of its existence.)

Sony’s handling of their self-inflicted PR nightmare showed the company’s collective intelligence was even with that of the wretched headless bat publicly decapitated by Ozzy Osborne. As outrage about the rootkit grew, Sony embarked on a damage control effort that included the following:

    *    Claiming the rootkit didn’t surreptitiously “phone home,” that is, use your Internet connection to contact Sony, when it did just that every time you played a song.

    *    Not realizing that the installation of the rootkit left every computer on which it had been installed with a giant security hole any hacker with knowledge of the rootkit’s behavior could exploit.

    *    Releasing an update that supposedly fixed the security hole created by the rootkit that required you provide your name, e-mail address, and other personal information to Sony. After installation, it continued to send information about your choice of music to Sony, but now it had a name to match up with your play list.

    *    Allowing Sony’s president of global digital business, Thomas Hesse, to go on National Public Radio and conduct an interview in which he told the listening audience that “Most people don’t even know what a rootkit is, so why should they care about it?” The hapless Hesse was apparently too stupid to realize that Sony was in the process of educating most of humanity on the dangers of rootkits.

    *    Not knowing that the company supplying its rootkits, software firm First4Internet, was using an open source encoder in the rootkit.[8]

Class action lawsuits against Sony were launched in California, New York, Texas, Italy, and lots of other places. Twelve days after the discovery of the rootkit, Sony announced it would no longer sell its self-infected CDs. Then it announced it was recalling all of the infected CDs and replacing them with non-copy-protected disks. Estimates of the eventual financial damages to Sony ran from $50 to $500 million (one of the reasons for the uncertainty was that thousands of Sony-infected PCs remain in use and vulnerable. As late as June of 2006, three virus creators were arrested for exploiting the security vulnerability created by the rootkit.[9])

More to the point, the entire fiasco helped convince millions of potential buyers of online music that the easiest, cheapest, and safest thing you could was log onto one of those nice peer-to-peer networks where the music selection was wide, the price was zero, and the number of rootkits you could expect to encounter was low.

Back to the Future with WGA

The year 2000, a date that saw most of the world looking forward, saw Microsoft looking back to the 1980s and copy protection. That year Microsoft announced its new “product activation” program. The new copy protection system worked by tethering, in theory, your copy of Microsoft Office 2000 to the Internet via a key found on Microsoft servers. The process worked by your first installing Office and then allowing the product activator to snoop through your computer, send a profile of your hardware to the Microsoft server, and receive a downloaded product key from Microsoft that would allow you to actually use the software you had bought. After initial trials, the scheme was extended to Windows XP when it was released in 2001. Soon, the entire copy protection system became known as Windows Product Activation (WPA).

There were, as you can imagine, some delightful aspects to WPA. If, for instance, you decided to change the motherboard, processor, graphics card or similar hardware on your system, you ran the risk of waking up WPA and having it nag you to reinstall Windows and your other WPA-protected programs, despite that the copy you were using was perfectly legal. Reinstalling Windows sometimes meant calling up a special 800 number and sitting through a long and wearying session that required you speak every last number of the CD key that came with your copy of Windows in the hope that the phone god with whom you were communing would deign to give you a new key. If that didn’t work, you could look forward to spending some time with someone named “Ramesh” or “Gupta” who was normally sitting in a call center in India or similar exotic location and explaining why you needed a new key that allowed you to actually use the software you’d bought…errr…“licensed.”

Freedom from Choice Is What You Want

Most people looked at WPA with the same affection shown a turd dropped in a punch bowl at a wedding, but in the main, Microsoft was able to finesse its introduction. There were several reasons for this. One was that many people received Windows bundled in with their computer and, as already noted, didn’t really think about what they had paid for the product. Another was that, as had happened before, the WPA copy scheme was quickly cracked, and many people simply bypassed WPA. A third was that Microsoft had given “universal keys” to many of its corporate customers; these allowed them to do mass installs of Windows at their business locations without having to waste time going through hundreds or thousands of activations. These keys had quickly leaked into the general public and were employed by many people to use Windows in pretty much the same way they had for more than a decade. All in all, it all turned out that most people could ignore WPA, for most of the time.

This Which seemed, to most people, fair. Microsoft now had legally sanctioned monopolies in desktop operating systems and office suites (but no mauling of the competition allowed)! The company seemed on its way to establishing a similar monopoly in network operating systems, had strong positions in the enterprise database market with its SQL product, was selling a great deal of Microsoft Exchange, had a nice business in mice, and by 2002 enjoyed the luxury of having approximately $49 billion in cash sitting in the company’s piggy bank. Why would any company in its right mind disturb such a wonderful status quo?

Of course, the open source and free software folks took a great deal of enjoyment in pointing out that Linux, which had steadily increased in functionality and ease of use, was free and never required you talk to Ramesh when changing a motherboard. And in the meantime, an interesting product called first StarOffice, then OpenOffice, had appeared on the scene. StarOffice began its life as an OS/2 office suite developed by a German company in the early 1990s. After the collapse of OS/2, the software morphed into a Windows product that was bought by Sun, ostensibly because it was cheaper for the company to buy its own office software than buy Microsoft’s. The real reason was the desire of Sun CEO Scott McNealy to give Bill Gates and his company a case of heartburn, which he attempted to do by open sourcing most of StarOffice’s code, which was then transformed into OpenOffice by a series of programmers dedicated to open source ideals (they didn’t become millionaires, though). Sun still sells a version of StarOffice, though there’s little compelling reason to buy it considering the price, free, of OpenOffice.

On the other hand, although Linux was free, installing it was a royal pain that the vast majority of people had no desire to experience. The price of freedom included the privilege of choosing which Linux you would pick from dozens of different packages, called “distros,” and then attempting to install your choice on your hardware. This was made more interesting by the fact that although the core Linux operating system was usually (though not always) the same from distro to distro, the various Linux bundles often used different install procedures, had different user interfaces, looked for key files in different places, included different utilities, and so on, and so on. And, although it  was nice that OpenOffice was free and that StarOffice was cheap, once one had copied Microsoft Office to all the computers it needed to be on, the price wasn’t really that bad after all.

All this changed in 2004 when Microsoft introduced, with an Orwellian fanfare of misleading language, its new Windows Genuine Advantage (WGA) program. Windows users were prompted (under threat of losing access to updates other than ones deemed critical to security) to download a program that checked their product key for authenticity. If Microsoft determined you were indeed “Genuine,” you could continue to receive all Windows XP updates. If you weren’t, well, no updates for you, at least until WGA was cracked by hackers (it took about a week). Everything seemed to continue on much as it had before, though the I-told-you-so cackling from the free software crowd grew louder, and people started becoming a little annoyed with Microsoft. It bordered on terminal chutzpah to threaten people with the inability to obtain via Microsoft’s update system access to such things as the latest version of Internet Explorer, a product that had been allowed to rot for five years after Microsoft dispatched Netscape. It was nice that Internet Explorer 7 would have tabbed browsing and all, but Firefox and Opera had been offering those features for years.

The rootkit hit the fan in July 2006 when Microsoft unleashed part deux of WGA, called “WGA notifications.” WGA notifications was a nifty bit of code that reminded everyone very much of a recent music company’s malware. Making utterly sure that WGA notifications would be instantly loathed by humanity, Microsoft misled the world by tucking the program onto its servers and transmitting it across the wires in the company of security patches with the appellation of a “critical update.” (WGA had nothing to do with security.) Once installed, the WGA program revealed the following charming characteristics:

    *    It phoned Microsoft every time you logged into Windows to tattle on you if it thought your install of Windows wasn’t valid (proving that Microsoft had learned absolutely, positively nothing from the Sony rootkit disaster of 2004).

    *    WGA now forced Windows to display an unending series of nagware messages urging you to get “Genuine,” that is, fork over more money into Microsoft’s giant cash hoard.

    *    The EULA that came with WGA notifications was misleading and didn’t properly request the user’s consent to install the software.

    *    If you wanted to “Get Genuine,” WGA didn’t make it easy for you to see other options other than give $149 to Microsoft. And there were other options. For example, if a repair shop had loaded an invalid copy of Windows onto your system during an overall of your system but you had bought a legal copy that was sitting on your bookshelf somewhere, you could restore your legitimate key to your system in a process that appeased WGA. But it was a genuine pain to find information about this process via all the “Genuine” nag screens.

    *    WGA was misidentifying hundreds of thousands, maybe millions, of legitimate installs as “nongenuine.” Exactly how many was somewhat mysterious, since Microsoft was not very forthcoming on the issue. The company did say that of the 60 million checks it had run, 80 percent of the machines tattled on by WGA were using invalid keys. That left about 12 million “others.” High levels of complaints were coming from a wide spectrum of users, particularly people who’d had Windows preinstalled on their laptops. As one blogger asked, “Is Dell a pirate?”

    *    If you read the EULA that came with WGA notifications, you realized you were being asked to download a beta product that had the potential to cripple your copy of Windows.

    *    WGA provided no advantages at all to the user (but plenty to Microsoft). The program was simply a copy protection/antipiracy scheme, and people weren’t stupid.

Reaction to the whole WGA mess was exactly what you would expect. Several class action lawsuits were launched against Microsoft claiming the company had violated laws against spyware in several states. Microsoft promptly replaced the big tattler in WGA with a littler tattler, one that would only “periodically” call home to tell on you. Microsoft also changed the EULA to inform you more clearly about its informant. A French company quickly released a program called RemoveWGA that kicked the Jewish mother (WGA notifications) out of your computer, though the basic WGA system remained intact. Several Windows pundits such as Brian Livingston began to recommend that people not use Windows Update but to instead rely on third-party services.[10]

Fresh from its initial success, Microsoft announced that the joys of WGA would soon be extended to all the products in its line. And to ensure that there were no embarrassing ambiguities in the future, WGA in all its glory would be directly integrated into Vista, the designated heir to XP whose father may have been Bill Gates but whose mother was clearly Steve Jobs. In the meantime, the chortles and snickers from the open sourcers turned to guffaws and screams of laughter as they fell to the floor holding their ribs from an excess of merriment.

Rumors then began to quickly spread that part three of Microsoft’s spyware system would introduce a new friend to WGA’s tattler and Jewish mother: an executioner. This would come in the form of a “kill switch” that would allow Microsoft to remotely disable your nongenuine Windows at the behest and whim of Redmond. (Industry wits noted that given the number of security attacks and virus infections afflicting Windows, most people might not notice any difference in operations.) In response to a query from Ziff-Davis columnist Ed Bott, a Microsoft PR representative, speaking in Modern Flack, provided the following chunk of verbiage:

No, Microsoft anti-piracy technologies cannot and will not turn off your computer. In our ongoing fight against piracy, we are constantly finding and closing loopholes pirates use to circumvent established policies. The game is changing for counterfeiters. In Windows Vista we are making it notably harder and less appealing to use counterfeit software, and we will work to make that a consistent experience with older versions of Windows as well. In alignment with our anti-piracy policies we have been continually improving the experience for our genuine customers, while restricting more and more access to ongoing Windows capabilities for those who choose not to pay for their software. Our genuine customers deserve the best experience, and so over time we have made the following services and benefits available only to them: Windows Update service, Download Center, Internet Explorer 7, Windows Defender, and Windows Media Player 11, as well as access to a full range of updates including non-security related benefits. We expect this list to expand considerably as we continue to add value for our genuine customers and deny value to pirates. Microsoft is fully committed to helping any genuine customers who have been victims of counterfeit software, and offer free replacement copies of Windows to those who’ve been duped by high quality counterfeiters. There is more information at our website http://www.microsoft.com/resources/howtotell.

A careful reading of this statement revealed plenty of ambiguities (we didn’t ask whether WGA was going to shut down the computer, but Windows), but Microsoft’s PR people clammed up and refused to talk further. Not making people feel any better was an online article by respected security analyst Robert Schneier in which he reported that a Microsoft representative had told him that:

In the fall, having the latest WGA will become mandatory and if it’s not installed, Windows will give a 30 day warning and when the 30 days is up and WGA isn’t installed, Windows will stop working, so you might as well install WGA now.[11]

At this point, the open source people were snorting liquids through their noses as they rolled around the floor laughing hysterically, but Windows people were depressed. Forums and blogs exploded with comments from users that now was the time to finally take a look at Linux, OpenOffice, and other open source alternatives to Windows.[12] It made sense. While Microsoft was spending time and energy figuring out ways to torture many of its customers, new versions of Linux had just about caught up to Windows in terms of ease of install, functionality, and peripheral support. There were still problems, but at least you could be sure that if anyone in the open source community attempted to put something like WGA into Linux, Richard Stallman would personally throttle them. No one was enthusiastic about the prospect of allowing Bill Gates and Steve Ballmer to hold a loaded pistol at their PCs on a 24/7 basis. Given the past experiences with WGA, just how could you be sure that some idiot at Microsoft wouldn’t inadvertently do something that crippled your system at just the wrong time? Certainly some people thought the possibility existed. Before finishing this book, I spoke to an acquaintance at Microsoft who told me that: this:

I recommend to my friends that they always keep a copy of OpenOffice on their systems in the event that MS Office’s activation system locks up the software when they’re not expecting it and they can’t reach a phone or the Internet to reactivate it. Interoperability is excellent and you can usually get something done. It’s good protection against our copy protection

It appeared that open source has a friend in Redmond, after all!

[1] Free as in Freedom: Richard Stallman’s Crusade for Free Software by Sam Williams (O’Reilly Media, 2002)

[2] http://en.wikipedia.org/wiki/EULA

[3] I purchased a retail copy of Red Hat Linux in the 1990s and attempted to install it on my PC. The install promptly failed when Linux failed to know what to do with my then state-of-the art Adaptec SCSI interface card. A plaintive inquiry sent to the famed Linux community was answered by a condescending message that since Adaptec wasn’t releasing its drivers under the GPL, I shouldn’t expect Linux to work. I promptly gave up on Red Hat and Linux and continued using and buying Windows.

[4] This sounds like a facetious statement. It’s not. The field sales office I worked in was located in Secaucus, New Jersey. The MicroPro offices were down the hall from the studios of one of the region’s most popular Top 40 radio stations at the time, Z-100, and I became used to seeing a limo periodically drive up to our forsaken location and drop off such music stars as Cyndi Lauper, Bob Geldof, Madonna, and so on, for on-the-air PR appearances. I struck up an acquaintance with one of the DJs who worked there, and he explained in loving detail how the industry worked.

[5] Rock Stars do the Dumbest Things by Margaret Moser (Renaissance Press, 1998). A long-buried classic worth your time!

[6] “The Shameful Destination of your Music Purchase Dollars” by David Berlind (http://blogs.zdnet.com/BTL/?p=3486), August 14, 2006

[7] The Borg are Star Trek’s baddest bad guys, a race of cyborgs ruled by queens who run around the galaxy in large cube-style ships assimilating other races while announcing “resistance is futile.” In high-tech, Bill Gates is usually assumed to be the chief Borg queen.  However, given Steve Job’s recent penchant for suing everyone, Apple’s increasing monopoly in the music world, and the suspicious design of the Apple Cube and the Next computer, many people think Apple’s CEO may auditioning for the role.

[8] LAME, licensed under the lesser GPL

[9] “Virus Suspects arrested in UK and Finland” by Quentin Reade. (Webuser, http://www.webuser.co.uk/news/87558.html?aff=rss), June 27th, 2006

[10] Windows Secret Newsletter, issue 78 (http://windowssecrets.com/comp/060629/)

[11] http://www.schneier.com/blog/archives/2006/06/microsoft_windo_1.html

[12] I have. I’m tired of talking to Ramesh every time I swap a motherboard, something I do fairly frequently.