The open source: Don't forget to lock the back door

It is getting pretty easy to defend the choice of open-source software for corporate projects these days. It is common knowledge that the Internet runs mostly on open-source software.

If you are among the few who aren't aware of just how much of the Internet is open source, I urge you to visit the Netcraft Web survey at www.netcraft. com/survey.

Market share for the open source Apache Group Web server is at about 58 per cent, and has been increasing steadily for more than four years.

In contrast, Microsoft Internet Information Server market share was about 24 per cent in 1998, saw a small favorable blip in late 1999, and is now currently in decline at about 22 per cent.

Also in decline, iPlanet (aka Sun/ Netscape) is at a measly 8 per cent.

But open source got a boost recently with news that Microsoft engineers may have installed a back door into server extensions for its Web-authoring software, Front Page. A "back door" is a secret entrance that programmers create to break into customers' installations of their software.

First, Microsoft officials recommended that customers remove the DLL file. Now some doubt has arisen as to whether or not this back door exists. It hardly matters. What matters is that you may never know.

That's the testimony in favor of open source. Because you have no access to the source code for the Microsoft software in question, you have no choice but to choose whether you are going to trust Microsoft or its critics.

This same conundrum occurred just a few months ago when someone discovered an item called NSAKEY in the cryptography API in Windows. This led to the speculation that the National Security Agency conspired with Microsoft to provide a way to unlock the information on every computer with Windows installed.

In denial

Mirosoft officials deny this, of course, but would they really admit it if it were true? I believe it's true; if I were with the NSA, Microsoft would be the first company with which I'd try to strike a deal to create such a key. And if I were with Microsoft, I'd take that deal.

One might argue that Microsoft has more integrity than that and would pass up the deal in order to protect the privacy of its customers. In response, I'd offer them a copy of Judge Thomas Penfield Jackson's findings of fact - that is, once I could get control of my hysterical laughter.

However, the important point is that it doesn't really matter if this story is true or false. The fact is that the only way you could know for sure is if Windows were open-source software. And it isn't. Nor is it likely ever to become open source.

Firewall in the pm

Before I sign off on this column, I want to recommend a dandy program I discovered called pmfirewall.

Pmfirewall is a free program that automatically configures a Linux system as a firewall. For the most part, it just asks a series of simple questions, such as whether or not you want people to access an FTP server inside your firewall, and then creates a firewall configuration script based on the answers.

The pmfirewall setup program is text-based, which is actually quite a good thing. It is usually a waste of resources to put X11 on a machine that is only going to direct network traffic.

Most people construct a firewall by using a utility called ipchains to create a set of rules for how your server should direct network traffic. Pmfirewall uses but doesn't replace ipchains. It simply relieves you of the tedious task of writing up the ipchains' firewall rules manually. And, because pmfirewall does such an excellent job of that, I used it to replace the set of ipchains' rules that I had already created the hard way.

Finally, because pmfirewall is released under the GNU GPL (General Public License), you can examine the source code for yourself to be sure it doesn't create a back door opening to your network. You can get pmfirewall from

Nicholas Petreley is the founding editor of IDG's sister publication LinuxWorld ( and and works with Linux Standard Base. Reach him at

Join the newsletter!

Error: Please check your email address.

More about ApacheiPlanetMicrosoftNational Security AgencyNetcraftNSA

Show Comments

Market Place