06.07.10

Gemini version available ♊︎

Unverified Claim: Sam Ransbotham’s Belittling of Free/Libre Software Funded by Microsoft

Posted in Free/Libre Software, GNU/Linux, Microsoft, Virtualisation, Windows at 8:49 pm by Dr. Roy Schestowitz

Campus photos

Summary: “Open-Source Could Mean an Open Door for Hackers,” says a new article from Robert Lemos, but the facts just don’t add up and suspicions arise that Microsoft is in fact partly funding these claims

Two readers separately E-mailed us about a new article that looks too suspicious because it’s flatly wrong. “This came up in the ACM daily email today,” wrote one reader and another one writes: “Find out if there is any Microsoft connection”

“Apparently, this is another Microsoft-funded study bad-mouthing open source software,” said the first reader. I asked: “Where can I see that it’s Microsoft funded?”

“Even if that’s not the case,” he replied, “it has been characterized as a FUD attack.”

“I didn’t have time to investigate it myself,” points out this first reader who cites Dana Blankenhorn and some of the comments we’ll get to in a moment:

You don’t expect misleading FUD about open source from MIT’s Technology Review. But here it is.

The story is about a Boston College professor (and Georgia Tech grad — go Jackets) named Sam Ransbotham…

The misleading bit is the idea that open source vulnerabilities spread faster, and are exploited both sooner and with more force, than bugs in proprietary software.

It’s true, but it’s wrong to draw large conclusions from that.

In his work Ransbotham looked at a list of 883 known vulnerabilities and found 97 exploited over two years, 30 of them in open source. Attacks on open source were broader and moved faster than those on closed source.

The real story is a bit nastier. The biggest correlation Ransbotham found was not between open source and attack, but between the existence of a security signature and attacks.

Here is the original article. There is a comment titled “How Paid Studies Reflect Desires of Those Who Pay” and it says (emphasis in red is ours): “Paid studies are all notorious for proving that the sponsor of a study can usually get findings that support their desired outcome. Since this study is funded primarily by Microsoft, then the results should not be surprising. The article is not based on any outright deception or lies, simply on two levels of ignorance. First, the naivete and lack of programming expertise of the general audience who might accept these findings — a response that no credible or responsible programmer would support, unless he or she also were a partisan MS loyalist. One must only read the weekly threat announcements of critical vulnerabilities in Microsoft and Adobe products, for example to realize that nothing could be more vulnerable than these highly vaunted proprietary products. The second level of ignorance relates to intrinsic security permissions in most UNIX/LINUX operating systems versus that of Microsoft Windows, including Windows Seven. Most of the worlds secure servers are all running on some UNIX based OS, not Windows, for matters of security and reliability — they are running Solaris, UNIX, or some flavor of LINUX. And this has everything to do with inherent security permissions for the Root user account, versus the “administrative permissions” in Windows that always leave a number of little windows, shutters, back doors and ports wide open to attack, and ability to modify critical registry entries in the Windows OS. There is no “registry” to attack in UNIX, Solaris or LINUX, and nothing can modify a Root file unless it is a live password protected Root User. Autorun scripts and VBS scripts cannot exploit these systems at all.”

Another commenter claims an “advertisement coincidence” when s/he writes: “The advertisement for this article is for Microsoft Server. Coincidence? I think not.”

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

2 Comments

  1. Agent_Smith said,

    June 7, 2010 at 8:53 pm

    Gravatar

    This is misleading. FUD at best. When something is open and everyone can know about it, people know the flaws and how to counter them. When the stuff is closed, the company which created it’s the only one that knows the flaws, and many times they try to be safe through obfuscation, hiding their garbage under the carpet. We both know this move doesn’t work.

    Dr. Roy Schestowitz Reply:

    Microsoft recently acknowledged never admitting flaws that it finds, even after patching them. That’s just insecurity with obscurity (hiding the severity of this problem).

DecorWhat Else is New


  1. What IBM Does Not Want You to Watch

    Let's 'Streisand it'...



  2. Good News, Bad News (and Back to Normal)

    When many services are reliant on the integrity of a single, very tiny MicroSD card you're only moments away from 2 days of intensive labour (recovery, investigation, migration, and further coding); we've learned our lessons and took advantage of this incident to upgrade the operating system, double the storage space, even improve the code slightly (for compatibility with newer systems)



  3. Someone Is Very Desperate to Knock My Account Off Twitter

    Many reports against me — some successful — are putting my free speech (and factual statements) at risk



  4. Links 18/1/2022: Deepin 20.4 and Qubes OS 4.1.0 RC4

    Links for the day



  5. Links 18/1/2022: GNOME 42 Alpha and KStars 3.5.7

    Links for the day



  6. IRC Proceedings: Monday, January 17, 2022

    IRC logs for Monday, January 17, 2022



  7. Links 17/1/2022: More Microsoft-Connected FUD Against Linux as Its Share Continues to Fall

    Links for the day



  8. The GUI Challenge

    The latest article from Andy concerns the Command Line Challenge



  9. Links 17/1/2022: digiKam 7.5.0 and GhostBSD 22.01.12 Released

    Links for the day



  10. IRC Proceedings: Sunday, January 16, 2022

    IRC logs for Sunday, January 16, 2022



  11. Links 17/1/2022: postmarketOS 21.12 Service Pack 1 and Mumble 1.4 Released

    Links for the day



  12. [Meme] Gemini Space (or Geminispace): From 441 Working Capsules to 1,600 Working Capsules in Just 12 Months

    Gemini space now boasts 1,600 working capsules, a massive growth compared to last January, as we noted the other day (1,600 is now official)



  13. [Meme] European Patent Office Space

    The EPO maintains a culture of illegal surveillance, inherited from Benoît Battistelli and taken to a whole new level by António Campinos



  14. Gemini Rings (Like Webrings) and Shared Spaces in Geminspace

    Much like the Web of 20+ years ago, Gemini lets online communities — real communities (not abused tenants, groomed to be ‘monetised’ like in Facebook or Flickr) — form networks, guilds, and rings



  15. Links 16/1/2022: Latte Dock 0.11 and librest 0.9.0

    Links for the day



  16. The Corporate Cabal (and Spy Agencies-Enabled Monopolies) Engages in Raiding of the Free Software Community and Hacker Culture

    In an overt attack on the people who actually did all the work — the geeks who built excellent software to be gradually privatised through the Linux Foundation (a sort of price-fixing and openwashing cartel for shared interests of proprietary software firms) — is receiving more widespread condemnation; even the OSI has been bribed to become a part-time Microsoft outsourcer as organisations are easier to corrupt than communities



  17. EPO's Web Site Constantly Spammed by Lies About Privacy While EPO Breaks the Law and Outsources Data to the United States

    The António Campinos-led EPO works for imperialism, it not only protects the rich; sadly, António’s father isn’t alive anymore and surely he would blast his son for doing what he does to progress his career while lying to staff and European citizens



  18. Links 16/1/2022: Tsunami and Patents

    Links for the day



  19. IRC Proceedings: Saturday, January 15, 2022

    IRC logs for Saturday, January 15, 2022



  20. Links 16/1/2022: Year of the GNU/Linux Desktop and Catch-up With Patent Misinformation

    Links for the day



  21. Patrick Breyer, Unlike Most German Politicians, Highlights the Fact That Unified Patent Court (UPC) and Unitary Patent Are Incompatible With EU Law

    A longtime critic of EPO abuses (under both Benoît Battistelli and António Campinos leadership), as well as a vocal critic of software patents, steps in to point out the very obvious



  22. Links 15/1/2022: Flameshot 11.0 and Libvirt 8.0

    Links for the day



  23. Blogging and Microblogging in Geminispace With Gemini Protocol

    Writing one’s thoughts and other things in Geminispace — even without setting up a Gemini server — is totally possible; gateways and services do exist for this purpose



  24. Links 15/1/2022: Raspberry Pi in Business

    Links for the day



  25. IRC Proceedings: Friday, January 14, 2022

    IRC logs for Friday, January 14, 2022



  26. Gemini Clients: Comparing Moonlander, Telescope, Amfora, Kristall, and Lagrange (Newer and Older)

    There are many independent implementations of clients (similar to Web browsers) that deal with Gemini protocol and today we compare them visually, using Techrights as a test case/capsule



  27. 2022 Starts With Censorship of Christmas and Other Greetings at the EPO

    The nihilists who run the EPO want a monopoly on holiday greetings; to make matters worse, they’re censoring staff representatives in their intranet whilst inconsistently applying said policies



  28. Links 14/1/2022: FFmpeg 5.0 and Wine 7.0 RC6

    Links for the day



  29. White House Asking Proprietary Software Companies That Add NSA Back Doors About Their Views on 'Open Source' Security

    The US government wants us to think that in order to tackle security issues we need to reach out to the collective 'wisdom' of the very culprits who created the security mess in the first place (even by intention, for imperialistic objectives)



  30. Links 14/1/2022: EasyOS 3.2.1 and Qt 6.3 Alpha

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts