2+2=5: Microsoft Prepares FUD Security Assault on Linux

by Steve Mallett

Related link: http://news.osdir.com/article347.html

"Microsoft Corp. is preparing a major PR assault over Windows' perceived security failings in which it will criticize Linux for taking too long to fix bugs, we have learned.

In a sign that the inroads made by the Open Source community are starting to rattle the software giant, Microsoft has hired several analysts to review how fast holes are patched in the open source software and is expected to announce that Windows compares favorably."

I'm half way through a third or fourth read of Orwell's 1984 and reading that Microsoft is planning to dirty the idea of proactively uncovering problems as a security problem reminds me of MiniTruth, the Ministry of Truth, trying to convince Winston Smith that 2+2=5.

Can you resist the fear of the rat eating your face?


2003-11-11 14:18:20
How about all those SBC vans I see rolling around town with big 1+1=1 plastered on its sides?

Oh, wait, is even mentioning this a thought crime?

Uhhhh... these aren't the droids you're looking for. Move along, move along.

2003-11-11 16:21:08
Time for honest folk to speak up
Microsoft has learned that waiting patiently for the truth to get media attention does not work in our corrupt age, so it is taking necessary steps to counter lies and the lying linux lovers who tell them. Even linux hypocrites, if they spare a moment for honesty and decency, know that the malicious assault on Microsoft is disgraceful and that linux is a security Chernobyl waiting to be recognize.
2003-11-11 16:21:39
Time for honest folk to speak up
2003-11-11 16:25:03
Time for honest folk to speak up
Would you care to expand on how Linux security is a "Chernobyl waiting to be recognize"?
2003-11-12 04:00:21
Time for honest folk to speak up
Ok I know that was a troll, but let's do a little comparison...

Microsoft, in their own words, as reported in http://www.wired.com/news/technology/0,1282,56381,00.html (emphasis mine):

"Mundie, a computer scientist who rose to CEO at parallel computing systems-maker Alliant before joining Microsoft in 1992, acknowledged that Microsoft's business models may have abetted crackers. The company's revenues were driven by sales of new versions of software with hordes of new features.

"As you do that over a period of 20-odd years, you end up with a lot of features that aren't used by many people," Mundie said. Left unmanaged, he explained, these chunks of code become breeding grounds for security holes. "

Chernobyl, as reported in http://www.magma.ca/~jalrober/Chernobylhere.htm (emphasis mine):

There was generally a poor "safety culture" at Chernobyl. It, according to the IAEA, is "that assembly of characteristics and attitudes in organizations and individuals which establishes that, as an overriding priority, ... safety issues receive the attention warranted by their significance". Examples of the poor safety culture at Chernobyl were inadequate examination of a test program that had not been done during commissioning but was being conducted at the time of the accident; violation of operating procedures; and pressure on the operators to maintain production at the expense of safety.

2003-11-12 07:04:00
Sad but true...
What I find amazing about this is the fact that Microsoft will be able to show smaller times due to the very definition of "public" release of vulnerabilities. It wasn't too long ago that Microsoft entered into "privledged" relationships with a variety of security firms and groups wherein those groups would hold any vulnerabilities close to their chests until after Microsoft had created a fix for the security holes that they found. The idea was that public vulnerabilities would decrease and Microsoft would be able to patch fixes before someone made slight modifications to proof-of-concept code in order to make an "internet-killer."

As Open Source is by nature open in every sense of the word, vulerabilities are announced and addressed in an open forum. There are delays, but they are still small and quite impressive. More importantly, they are real. Microsoft's short times (releasing fixes before there are vulnerabilities... amazing how that happens) have a "manufactured" air that will probably skew results.

I am all for stable and secure software. Having battled Blaster, Welchia, and SoBig acorss a few hundred computers has made me a little bitter however.

Also root exploits are much different than privelege escalations. Most Linux vulnerabilities that have been coming out lately are the latter... sadly Microsoft's are the former... and, as has been proven, much more of a problem.

2003-12-01 10:45:20
Time for honest folk to speak up
Ballmer, is that you? Why you hiding behind that anonymous login, Monkey Boy?