Bonum Certa Men Certa

Unverified Claim: Sam Ransbotham's Belittling of Free/Libre Software Funded by Microsoft

Campus photos



Summary: "Open-Source Could Mean an Open Door for Hackers," says a new article from Robert Lemos, but the facts just don't add up and suspicions arise that Microsoft is in fact partly funding these claims

Two readers separately E-mailed us about a new article that looks too suspicious because it's flatly wrong. "This came up in the ACM daily email today," wrote one reader and another one writes: "Find out if there is any Microsoft connection"



"Apparently, this is another Microsoft-funded study bad-mouthing open source software," said the first reader. I asked: "Where can I see that it's Microsoft funded?"

"Even if that's not the case," he replied, "it has been characterized as a FUD attack."

"I didn't have time to investigate it myself," points out this first reader who cites Dana Blankenhorn and some of the comments we'll get to in a moment:

You don’t expect misleading FUD about open source from MIT’s Technology Review. But here it is.

The story is about a Boston College professor (and Georgia Tech grad — go Jackets) named Sam Ransbotham...

The misleading bit is the idea that open source vulnerabilities spread faster, and are exploited both sooner and with more force, than bugs in proprietary software.

It’s true, but it’s wrong to draw large conclusions from that.

In his work Ransbotham looked at a list of 883 known vulnerabilities and found 97 exploited over two years, 30 of them in open source. Attacks on open source were broader and moved faster than those on closed source.

The real story is a bit nastier. The biggest correlation Ransbotham found was not between open source and attack, but between the existence of a security signature and attacks.


Here is the original article. There is a comment titled "How Paid Studies Reflect Desires of Those Who Pay" and it says (emphasis in red is ours): "Paid studies are all notorious for proving that the sponsor of a study can usually get findings that support their desired outcome. Since this study is funded primarily by Microsoft, then the results should not be surprising. The article is not based on any outright deception or lies, simply on two levels of ignorance. First, the naivete and lack of programming expertise of the general audience who might accept these findings -- a response that no credible or responsible programmer would support, unless he or she also were a partisan MS loyalist. One must only read the weekly threat announcements of critical vulnerabilities in Microsoft and Adobe products, for example to realize that nothing could be more vulnerable than these highly vaunted proprietary products. The second level of ignorance relates to intrinsic security permissions in most UNIX/LINUX operating systems versus that of Microsoft Windows, including Windows Seven. Most of the worlds secure servers are all running on some UNIX based OS, not Windows, for matters of security and reliability -- they are running Solaris, UNIX, or some flavor of LINUX. And this has everything to do with inherent security permissions for the Root user account, versus the "administrative permissions" in Windows that always leave a number of little windows, shutters, back doors and ports wide open to attack, and ability to modify critical registry entries in the Windows OS. There is no "registry" to attack in UNIX, Solaris or LINUX, and nothing can modify a Root file unless it is a live password protected Root User. Autorun scripts and VBS scripts cannot exploit these systems at all."

Another commenter claims an "advertisement coincidence" when s/he writes: "The advertisement for this article is for Microsoft Server. Coincidence? I think not."

Comments

Recent Techrights' Posts

Slopwatch: A Cause for Hope, the Hype is Dying
For about a month we showed that becoming a slopfarm - for several weeks - resulted in utter failure and ruin for BetaNews
The EFF Sided With the Team That Strangles Women and Tells Women to Kill Themselves
They say that apathy and inaction are a form of a "stance"
Exemplary List of Things That Are Not Artificial Intelligence or Even Intelligence
The "age of AI" or "era of AI" or "AI revolution" mostly boils down to rebranding, just like "the cloud"
GitHub Copilot Can Cause the Bankruptcy of GitHub to Come Sooner and GitHub to be Shut Down Just Like Skype
Some publicly available information suggests that even for each paid subscriber for plagiarism (LLM 'coding') GitHub Copilot still loses more money than it makes
Our Lawsuits Against the 'Cancel Mob' (Ringleaders) Helped Reduce Anti-Free Software Online Abuse
That's not to say that lawsuits are the best way to handle terrible people. But that can help.
 
Microsoft - Like IBM - Does the "Relocation" Tricks (Start Over Elsewhere, Then Get Sacked by Microsoft)
It is a "low blow" or a "dick move"
After the Free Software Foundation's Campaign to Raise Money Let's See Campaigns to Finish Off Microsoft (Vista 11, GitHub etc.)
Microsoft is in effect collapsing
Your Publications Have No Major Impact Unless or Until You "Get Some Heat"
we're on the right track
Links 11/07/2025: Censorship Worsening, 3D Printing Success Stories, UK and France Unite Around Nukes
Links for the day
Gemini Links 11/07/2025: Zorin OS and Scriptonite Updates
Links for the day
Links 11/07/2025: Hardware, Russia, and China
Links for the day
Links 11/07/2025: Intel Collapsing and Microsoft Resorts to Bribery to Push Slop Via Obligatory Education
Links for the day
"Nat [Friedman] and [the Serial Strangler From Microsoft] Were Always Exceptionally Close," Says Former Housemate and Colleague
Now Alex (hiding behind another name when that suits him) not only attacks women but also people who merely report what he did to women
New Letter From the European Patent Office Explains How the Office Plots to Grant Many Illegal Patents, a Self-Fulfilling Prophecy of 'Growth'
Open letter to Mr Rowan (VP1) and Mr Aledo Lopez (COO)
Abuse of Process
5RB is employing people who help violent men
What Microsoft's Nat Friedman and Microsoft Lunduke Have in Common
"Get in da car; No time to explain, loser"
Microsoft and IBM Don't Have Much of a Future (They Mostly Pretend at This Point)
IBM and Microsoft are in some ways alike but in many ways different
It's Not Just Twitter (or X.com) That's Dying, Microsoft's Equivalent is Dying Also
Unable to find a business model
Wayland is Bad for the Planet
If you use Wayland, it'll take you longer to accomplish tasks and you will consume more energy (or battery life)
Legitimising Those Who Sabotage You
Microsoft is a very malicious company
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 10, 2025
IRC logs for Thursday, July 10, 2025
On Microsoft Layoffs
we might be looking at about 60,000 Microsoft layoffs since 2023
EPO Management Already Breaks Its Own Promise (Lie) on "Bringing Teams Together"
This gut-punching move happened just 2 days ago
Gemini Links 11/07/2025: Occupation of 2025 and "Old Man Yells At Soundcloud"
Links for the day
Tomorrow is the Last Day of the Fund-Raising Campaign of the Free Software Foundation (FSF)
They will probably extend the date, as usual
Fixing Patents in Europe, Little by Little (by Transparency and Reporting of Suppressed Facts)
Tomorrow and throughout the weekend we shall focus some more on the EPO
The Two Lies Microsoft is Telling in "the News" This Week (to Distract From Layoffs and Decreased Interest in Slop/Chaff)
Microsoft is run by liars and frauds who SLAPP critics
Tux Machines Already Destroyed SLAPPs
Attacks on the mere publication of GNU/Linux news won't be tolerated
PCLinuxOS is Available for Download Again
PCLinuxOS is important to us also because its founder, back then the partner of Susan, helped create Tux Machines more than 21 years ago
Links 10/07/2025: Microsoft E-mail 'Services' Collapse Again, "Yet Another Strava Privacy Leak"
Links for the day
Gemini Links 10/07/2025: Automating Git Repo Updates and Small Web 'Zine'
Links for the day
GNU/Linux Leftovers
mostly Linux stuff
Audiocasts/Shows: Going Linux, FLOSS Weekly, and RHEL Clones
3 new picks
We Are Already Fighting - With Considerable Success - SLAPPs in the UK
we intend to tell the full story
Bullies With Pens and Papers (or Apple Macs With Templates)
Not all barristers are evil, but there are perhaps "rotten apples"
Slopwatch: webpronews.com, linuxsecurity.com, linuxjournal.com
a pile of trash disguised as 'articles'
Links 10/07/2025: Linda Yaccarino Divorces MElonazi Site, Wildfires Hit Syria
Links for the day
The History and the Policy of the EPO's Stance on Breastfeeding (Corporate Monopolies Versus Babies' Health)
"The Case for Introducing a Breastfeeding Policy at the EPO"
Gemini Links 10/07/2025: Inventing Chords and "Nightmare Boss"
Links for the day
Igor Ljubuncic Once Again Shows That for Technical Reasons Wayland Still Sucks, Performs Considerably Worse Than What Existed for Decades
That is aside from compatibility factors and other crucial factors
Links 10/07/2025: "Apple Vs The Law" and Twitter Became Full Nazi Bar
Links for the day
Unable to Find Anyone to Work as Their Media Lawyer, Brett Wilson LLP Will Continue Losing Female Staff
What sort of sick person would wish to join Brett Wilson LLP to carry this baton?
Microsoft-Sponsored Propaganda Site Has Removed False 'Hit Piece' About Dr. Stallman (With Fake and Misrepresented Imagery) But Only After 4 Years
So they only removed that page some time around 2025, i.e. about 4 years after it had been published
Always Check Your Inputs
Garbage in, garbage out. Or wrong assumptions, wrong corollary.
Dan Neidle Said That Tax Evasion Facilitator Mr Zahawi (Working to Silence Bloggers Through Brett Wilson LLP) Targeted Not Only Him (But The Others Kept Quiet)
"Mr Neidle said after repelling Mr Zahawi he was contacted by bloggers and tweeters who had received similar threats. They deleted their work “and in most cases never commented publicly on anything again”."
SLAPP Funding Transparency Urgently Needed in the UK and Elsewhere (in Practice, Not Just in Theory)
Writing about crime - including Microsoft crime - is not a crime
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 09, 2025
IRC logs for Wednesday, July 09, 2025
Elodie Bergot Still Doing Illegal Things at the EPO, Based on the Local Staff Committee Munich
They keep taking away from the staff while compelling the staff to do illegal things
Gemini Links 09/07/2025: Extreme Testing and Golang Documentation in Geminispace
Links for the day
Vice President of the European Patent Office (EPO) Complains That Techrights Gives Visibility to Legal and Technical Issues at the EPO
"Follow-up on enquiries relating to Dir. 1218 and 1001"
Slopwatch: linuxsecurity.com and Various Slopfarms That Lie About "Linux" and Are Promoted by Google News
Google does not seem interested in tackling this problem
Links 09/07/2025: War Updates and Microsoft Moving to India to Cut Costs
Links for the day
GNU/Linux Was Always a 'Movement' of Inclusion of Tolerance
Even the licences themselves remove access barriers
Links 09/07/2025: "Subprime AI Crisis" and "OpenAI May Be in Major Trouble Financially"
Links for the day
Huge Piles of Legal Papers ('Paper DDoS') Do Not Impress Judges and Regulators
they just make judges and regulators even more suspicious of the eagerness to resort to 'paper DDoS'
Brett Wilson LLP Sent Over 5 Kilograms (or Over 12 Pounds) of Legal Papers! Because Writing About Microsoft Abuses is 'Illegal'.
How do you guys sleep at night? On a big pile of Microsoft money?
Extremism as a Weapon Against GNU/Linux (Microsoft Lunduke)
He ought to know the Halloween Documents. Wasn't he a Microsoft employee when these came out?
Lunduke Isn't Even Hiding His Anti-Linux Agenda (From "Linux Sucks" to "Linux is Pedophiles")
just trying to make a lot of trouble
Some People Use Computers to Get Actual Work Done
Tolerance and inclusion must extend to acceptance that some people don't agree with you, might never agree with you, and imposing what allegedly works for you on them is unreasonable
Example of "Old" Things That Still Work
The notion that something being "old" implies it must be discarded is typically advanced by those looking to sell more of something
Some Scheduled Maintenance Later Today
Typically the most vulnerable service during short interruptions is IRC
Computers Are Just a Tool
People don't get married because they love weddings, folks don't join the army because they love war, and most drivers don't drive to work because they love cars
Apple Way Past Its Prime
Apple deserves a decline
The FSF's SysOps Team Recovered From Serious Hardware Issue Within Hours
About half a day ago I noticed that all/most GNU/FSF sites were not reachable and thus reached out to a contact for any details
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 08, 2025
IRC logs for Tuesday, July 08, 2025
Slopwatch: Turning Bugs Into FUD About "Linux", Getting Basic Facts Wrong
all the screenshots are of fake articles; we don't want to link to any
Technical Reasons, Not Politics: With Wayland "it feels a lot like Linux from 20-25 years ago, which is horrendously frustrating, because it feels like we wasted one or two decades of progress and stability"
Lately, quite a few benchmarks were published to show Wayland compares poorly compared to what we had
PCLinuxOS Recovering From Fire
It looks like a nightmare scenario, where even backups onsite get destroyed
Links 09/07/2025: More Heatwaves, Officials Culled in Russia
Links for the day
Gemini Links 09/07/2025: XScreensaver and Resurrection
Links for the day