Bonum Certa Men Certa

Microsoft is Still Attacking Free/Open Source Software With Security FUD

Nana the cat



Summary: Free software's "many eyeballs" defence is being slammed by Microsoft employees who cite their own reports and continue to show incompetence and extreme negligence when it comes to security

IS MICROSOFT really changing? Is Microsoft finally accepting that "open source" (as it insists on calling it) is acceptable? Hell no.



Back in December we showed that Microsoft was smearing Free software even though it can run on Windows and now we find the monopolist using its own lies that its arrogant employees have manufactured in order to fuel this latest security spin and lies about Free software's security. Microsoft titled this FUD "Microsoft’s Many Eyeballs and the Security Development Lifecycle". Blankenhorn states in his response that "Closed source still state religion at Microsoft"

But closed source remains a sort of state religion at Microsoft, as I learned this week from Fred Trotter, an expert in open source medical software.

Fred wrote this week about some FUD (Fear, Uncertainty and Doubt) Shawn Hernan of Microsoft is spreading within the security community — that open source is less secure despite its being visible.


Yes, that would be Microsoft, which is still doing extra PR work to pretend that it has an "open source" side and that CodePlex is not just a shell/front for Microsoft. To advertise the CodePlex Foundation as not tied to Microsoft, these liars previously recruited Microsoft MVP Miguel de Icaza (before he was officially their MVP). They also exploit their long-standing friendships with British Library staff in order to achieve this. The true intentions are so obvious to see that it takes gullible or misinformed individuals to fall for it.

Regarding those Microsoft claims of "better" security in proprietary software, here is a new article which attributes the rise in E-mail malware to Microsoft Windows botnets (zombie PCs). The article says: "Malicious spam volumes increased dramatically in the back half of 2009, reaching three billion messages per day, compared to 600 million messages per day in the first half of 2009. But this is still a tiny fraction of the estimated global spam volume, thought to be about 200 billion messages per day.

"A new report by net security firm M86 Security points the finger of blame for the torrent of malware, phishing and other scams (collectively defined as malicious spam) and junk mail more generally towards botnet networks of compromised machines. It reckons five botnets were responsible for 78 per cent of the malicious spam it fought in the second half of 2009.

"M86 reports that the major spam botnets such as Rustock, Pushdo (or Cutwail) and Mega-D continue to dominate spam output, supported by second-tier botnets such as Grum, and Lethic. Rustock alone pushed out 34 per cent of spam in 2H09. Pushdo zombie drones puked out one in five spam messages (20 per cent), with Mega-D zombies account for 9 per cent of the global junk mail nuisance."

“[S]ince 2007, 5 major maintainers on Ubuntu are linked to Novell [...] Mostly the one maintaining .NET packages.”
      --Oiaohm
Needless to say, this is only affecting Windows and Microsoft's utter negligence [1, 2, 3] contributes to it. The last thing we need is for GNU/Linux to inherit the same security problems through Mono and Moonlight. In today's IRC conversations (the relevant part starts here), it came up that "since 2007, 5 major maintainers on Ubuntu are linked to Novell [...] Mostly the one maintaining .NET packages." That's a claim from Oiaohm, who added: "Matt Asay will allow .NET to infect more. Then end of next year MS can drop the patent wall on them." Maybe this is a good opportunity to ask Asay some questions in Slashdot. Well, Slashdot treats him like a celebrity and some months ago he was mentioned in their front page because former Microsoft employees voted him one of the "most influential in FOSS" (no coders at all were seen as worthy for this list, not even Richard Stallman). But then again, as the new call for questions states, "Matt [Asay] is on the board of advisors for Slashdot's parent company, Geeknet." We previously complained about Slashdot's new Microsoft slant [1, 2, 3, 4, 5], not to mention the hiring of former Microsoft employees who can change the agenda and groom particular people who are helpful to them (Matt Asay is the one who brought Microsoft to OSBC [1, 2, 3]). MinceR says that "Geeknet is completely corrupted". Why is it that Slashdot picks questions for Jim Zemlin, for example (he is a marketing person from the Linux Foundation), whereas technical people from the heavily-disrespected GNU receive no opportunity to offer their side of the story? Slashdot reached out in the same way to some Microsoft employees.

DaemonFC, a former Microsoft MVP, says: "I still don't get why many large companies with lots of lawyers don't flinch at shipping Mono if it really is so bad... you'd think they'd clear something like that with their legal dept first..."

MinceR says that Microsoft "does everything they can to make the legal situation about mono-related patents as unclear as possible" and Oiaohm tells DaemonFC that Intel and other companies do know about the problem, which is why they stay out of Moonlight, for example [1, 2]. "Intel will not touch it," Oiaohm insists, "due to legal issues."

MinceR adds: "we see canonical pushing mono... if their legal department didn't warn them about this, when exactly will they do so?"

At a later stage in the day, Oiaohm dropped this interesting new link ("2010 CWE/SANS Top 25 Most Dangerous Programming Errors"). "Good read for those who think languages like .net are majorally more secure," he said. "That is the new list for bugs that common breached systems last year. Lot of them don't link to what .net and java languages protect against. To be correct php and other equal languages have been breached."

"The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification and elimination of defects that might otherwise go unrecognized by a more limited core development team."

--CIO David Wennergren, Department of Defense (October 2009)



Comments

Recent Techrights' Posts

XBox is Practically 'Dead Man Walking' at This Point
writings on the wall
SLAPP Censorship - Part 128 Out of 200: Making Laws Work for Britain, Not Oversensitive Americans Looking for 'Revenge' by Lawfare
The SLAPPs are intended to protect corporations (employers like Microsoft)
 
IBM's Fall
IBM's fate is closely connected to that of the Free software movement because of the salaries
Social Dialogue at the European Patent Office (EPO) is Dead, the Strikes and Work Stoppage-Like Actions Carry on
What next for the EPO?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 05, 2026
IRC logs for Sunday, July 05, 2026
Links 05/07/2026: Shadows of the Upper Peninsula and 2026 Old Computer Challenge
Links for the day
Not Everything Should be Electric
technology has become detrimental to society
Gemini Links 05/07/2026: Eye of the Beholder and Baldur’s Gate 3 and Alhena 5.6.5
Links for the day
GNU/Linux Market Share is Already High
GNU/Linux has fast become and is still becoming mainstream in recent years
The 9-Step IBM Algorithm: Gaming Wall Street While Shedding Off Staff and Bribing the Mainstream Media to Play Along
Any time IBM preaches manners (e.g. CoC) to the community remember that IBM works closely with and flatters the dictator
They Could Never Kill the Ideas of Richard Stallman (RMS), But They Are Still Trying
Killing an idea is harder than killing a person and killing a person is illegal
Only Germany Objected to Salary Adjustment (Reduction) Procedure of "Team Campinos"
"flash report on the Administrative Council of 30 June and 1 July 2026"
A "Never Slop" Policy in Quibble
"every change in the repository must be made by a human"
Series on GNU/Linux in Japan
This series can last a week or longer
75% of All the Patents Last Year Were Software
The corporate media has more or less ceased to discuss this matter
At Microsoft "the Morale of Developers is at an All-time Low"
Numerous reports today say that after at least 5 studios got marked for shutdown (mothballing) by Microsoft there are rumours about Obsidian as well
Links 05/07/2026: Data Breaches, Heat Waves, and Weinstein Rape Conviction Upheld
Links for the day
Confidentiality at Risk With Slop 'Coding'
People who continue to cheer for slop aren't just misguided fanbis and fangurls
False Narratives of Slop "Efficiency" as Debt Climbs
false stories about slop
July 8 as "D-Day" for Microsoft, Mass Layoffs Planned
Microsoft's grip on the market has slipped for a long time
GNU/Linux Leaps to 6% in Thailand
Can we expect 10% by year's end?
EC Looking for Input on Digital Networks Act Until Next Month
New initiative
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 04, 2026
IRC logs for Saturday, July 04, 2026
Gemini Links 05/07/2026: Ragebaited and Removing Lines in Emacs
Links for the day
Links 05/07/2026: "Tesla Slams Into Crowded Cafe" and "ChatGPT [Turned] Into a Sociopath"
Links for the day
BRICS and Windows: All-Time Lows
Expect many more Microsoft layoffs in years to come
Do No Evil, Do Not DDoS
Sites that attract DDoS attacks because of their message are sites that are difficult to debunk or debate
France is Winning the Race Against Windows
France instructs, then orders, government agencies to adopt GNU/Linux
Not 2.5% and Not 2.5 Billion Dollars for "Hey Hi"; 2 Waves of Microsoft Layoffs Rumoured This Month, July 8th, Then July 22nd (Just Before 'Results')
People there join unions, knowing they will be terminated silently or otherwise
Microsoft Double Trouble With Slop
What does Microsoft even sell at this point?
Based on US Government Sites, GNU/Linux Has Reached About 8% "Market Share" in Desktops/Laptops
Culled to exclude mobile platforms, GNU/Linux would likely be above 8%
TheLayoff.com is Deleting Comments About IBM Offshoring
Meanwhile, rage-baiting Internet trolls and sometimes trolls who paste in LLM slop are immune from censorship
American Independence Needs Independent Media
The American regime's hostility towards media is an international problem
Techrights Was Always a Community Platform
Techrights is about whistleblowers
Phenomenal Growth for GNU/Linux in Afghanistan
This is impressive because for many years it was registered at near 0%
Daniel Pocock Pursuing Complaint in the United States Against Software in the Public Interest (SPI) et al
It seems like the only people who don't support him are those whom he criticises
Gemini Links 04/07/2026: Busy Squirrel, Independence Day Celebrations, PalmOS Programming
Links for the day
Canonical/Ubuntu is Breaking CP (cp) to Help Microsoft Turn Coreutils Into Proprietary Software for Windows
What we could do reliably in the 1970s (before GNU) we cannot do in 2026?
Brett Wilson LLP is Downsizing, Apparently Closing Down the Oversized and Overpriced Office
Address changed 13 hours ago
Free Software Has No Kings or CEOs
The kingdom is a cross-border phenomenon, so national flags and other such symbolism overlook the core problem [...] Free Software can help lead us out of the current imbalances
The United States Lost Freedom of Speech
independence refers to a condition, not an activity
IBM Replacing the People Who Built IBM With Cheaper and Younger Staff, According to IBM Insiders
This is a very common sentiment in IBM
For USA 250 Microsoft is Messing With Our Minds (2.50%) to Distract From Mass Layoffs
The slopfarms contribute to this noise
"Defective by Design" Turns 20
DBD is still as relevant as ever (probably more relevant than ever before)
A Bicycle for the Feeble Mind, or How Computers Got Worse for Productivity (Intentionally)
Many of us still adopt and champion the "workstation" mentality
Links 04/07/2026: Microsoft Tax Haven (Evasion) Tactics, Tobacco Bans, and More
Links for the day
Links 04/07/2026: 2026 Old Computer Challenge and Trying Gopher
Links for the day
SLAPP Censorship - Part 127 Out of 200: Lawsuits by Americans Filed in the UK a Burden on British Taxpayers, No Way to Recover the Funds When Americans Lose Their Cases
Are Garrett and Graveley 'pulling a 4Chan'?
Links 04/07/2026: USMCA (Covering Software Patents) Might Not be Renewed, Slop Bros Try to Pay Weird Al to Endorse Their Scheme
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 03, 2026
IRC logs for Friday, July 03, 2026