Bonum Certa Men Certa

Unverified Claim: Sam Ransbotham's Belittling of Free/Libre Software Funded by Microsoft

Campus photos



Summary: "Open-Source Could Mean an Open Door for Hackers," says a new article from Robert Lemos, but the facts just don't add up and suspicions arise that Microsoft is in fact partly funding these claims

Two readers separately E-mailed us about a new article that looks too suspicious because it's flatly wrong. "This came up in the ACM daily email today," wrote one reader and another one writes: "Find out if there is any Microsoft connection"



"Apparently, this is another Microsoft-funded study bad-mouthing open source software," said the first reader. I asked: "Where can I see that it's Microsoft funded?"

"Even if that's not the case," he replied, "it has been characterized as a FUD attack."

"I didn't have time to investigate it myself," points out this first reader who cites Dana Blankenhorn and some of the comments we'll get to in a moment:

You don’t expect misleading FUD about open source from MIT’s Technology Review. But here it is.

The story is about a Boston College professor (and Georgia Tech grad — go Jackets) named Sam Ransbotham...

The misleading bit is the idea that open source vulnerabilities spread faster, and are exploited both sooner and with more force, than bugs in proprietary software.

It’s true, but it’s wrong to draw large conclusions from that.

In his work Ransbotham looked at a list of 883 known vulnerabilities and found 97 exploited over two years, 30 of them in open source. Attacks on open source were broader and moved faster than those on closed source.

The real story is a bit nastier. The biggest correlation Ransbotham found was not between open source and attack, but between the existence of a security signature and attacks.


Here is the original article. There is a comment titled "How Paid Studies Reflect Desires of Those Who Pay" and it says (emphasis in red is ours): "Paid studies are all notorious for proving that the sponsor of a study can usually get findings that support their desired outcome. Since this study is funded primarily by Microsoft, then the results should not be surprising. The article is not based on any outright deception or lies, simply on two levels of ignorance. First, the naivete and lack of programming expertise of the general audience who might accept these findings -- a response that no credible or responsible programmer would support, unless he or she also were a partisan MS loyalist. One must only read the weekly threat announcements of critical vulnerabilities in Microsoft and Adobe products, for example to realize that nothing could be more vulnerable than these highly vaunted proprietary products. The second level of ignorance relates to intrinsic security permissions in most UNIX/LINUX operating systems versus that of Microsoft Windows, including Windows Seven. Most of the worlds secure servers are all running on some UNIX based OS, not Windows, for matters of security and reliability -- they are running Solaris, UNIX, or some flavor of LINUX. And this has everything to do with inherent security permissions for the Root user account, versus the "administrative permissions" in Windows that always leave a number of little windows, shutters, back doors and ports wide open to attack, and ability to modify critical registry entries in the Windows OS. There is no "registry" to attack in UNIX, Solaris or LINUX, and nothing can modify a Root file unless it is a live password protected Root User. Autorun scripts and VBS scripts cannot exploit these systems at all."

Another commenter claims an "advertisement coincidence" when s/he writes: "The advertisement for this article is for Microsoft Server. Coincidence? I think not."

Comments

Recent Techrights' Posts

Slopwatch: Anti-Linux Articles Published by Bots, Dominating Google News
So a lot of the Web is Microsoft chatbot-generated anti-Linux FUD
EPO Staff Representatives Confront the President Who Says 'F--king' in Front of Female Workers Over Measurable Discrimination Against Female Colleagues
Central Staff Committee versus Lukashenko's sponsor
 
They Will Never Leave Linus Torvalds Alone, Rust is Just Another Way to Cause Instability and Infighting in Linux
We already identified the Rust "community" as troublemakers more than 5 years ago and we wrote about the evidence
Moving Away From Certificate Authorities (CAs) Like Let's Encrypt Means Taking Away From the US Government the Power to 'Censor' Sites by Revoking Certificates
Gemini capsule is cheap to run and easy (easier than a Web site) to maintain. More people disillusioned and frustrated with social control media flock to it.
BetaNews' Managing Editor Wayne William Took Charge of GNU/Linux Articles and His Articles Are Real (He Actually Wrote Them)
We are frankly relieved to see that Wayne William recognised the problem and did something about it
Links 14/02/2025: Publicity Rights Violated (ByteDance), Bribes to Trump Passed via Social Control Media 'Settlements' Again
Links for the day
Gemini Links 14/02/2025: Constitution, Cosmic DE, and More
Links for the day
Links 14/02/2025: Measles Outbreak in Texas, Zelensky Warns Russia Will Attack a NATO Country
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, February 13, 2025
IRC logs for Thursday, February 13, 2025
Gemini Links 13/02/2025: gwit and Restart
Links for the day
Links 13/02/2025: Algorithm Bots and 'Teleport' Breakthrough
Links for the day
IBM Layoffs in 'RTO' Clothing Reported by Thomas Claburn
This "hey hi" (AI) nonsense is just a go-to excuse that IBM and GAFAM (and many others) use
Still Waiting for the EU to Abolish the Illegal and Unconstitutional Court Linked to EPO Corruption and Lobbyism by the Patent Litigation Industry
Sadly, all the blogs that used to talk about those issues have been infiltrated and then completely hijacked by the very perpetrators of the illegality
Social Engineering of the Free Software Movement is a Corporate Takeover With Code of Conduct (CoC) to Drive Out or Expel Dissent
Richard Stallman (RMS) covered "cancel culture"
Links 13/02/2025: Mass Layoffs at Google (Disguised as "Buyouts"), Telecoms Price Hikes as Collusion/Price-Fixing
Links for the day
[Video] Richard Stallman Questions and Answers Session in Google's YouTube or Invidious
From last night
Gemini Links 13/02/2025: Broken Watches and Naming Types
Links for the day
Corrupt Bill Gates Worming His Way Into Richard Stallman Videos in Google's YouTube
Reputation laundering riding other people's names?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 12, 2025
IRC logs for Wednesday, February 12, 2025
Links 12/02/2025: Crytek Layoffs, Security Holes, and Giving Ukraine to Russia
Links for the day
Relaying GAFAM Talking Points and Lies Using GAFAM LLMs, or Slop Pasted in by Brittany Day
linuxsecurity.com is relaying slop, i.e. misinformation
Photos From This Evening's Talk by Dr. Richard Stallman in Torino, Maybe a Video Soon
The talk that Dr. Richard Stallman gave today (a few hours ago) was recorded and streamed
IlSoftware.it Covers Richard Stallman's Visit to Give Talks in Italy
The publication is in Italian, the talk was in English
Macho Patent Office
At the EPO there's always room for women in top roles
Gemini Links 12/02/2025: "Bream Gives Me Hiccups", Making Chinese Tea, and More
Links for the day
This is Why Codeberg Issues an Apology Today
This response was clear and relatively swift
The Register Studies (to Affirm) Reports of IBM Layoffs "at the Finance and Operations business unit"
something about that specific unit
Links 12/02/2025: SSL FUD, DEI Phase-out, Felonies Committed by MElon (Data Breaches)
Links for the day
Italian Media Covers Richard Stallman's English Talk Ahead of Tonight's Public Appearance
article in La Stampa
Destruction and Distortion of Information, Including Facts About Linux (Bonus: This is Destroying the Planet)
All that LLMs have going for them is hype, and moreover media that intentionally misrepresents them and their supposed capabilities
Google Seems to Have Just Killed All Instances of Invidious
YouTube is rapidly becoming just "another Neflix"
Microsoft Skype in a Freefall: About 20% Decrease in Site Traffic in 3 Months (Amid Microsoft Phasing Out Credits)
Microsoft axing more services/features may mean that now they scrape the bottom of the barrel and Skype will simply die, discontinuing service (like ICQ) in a matter of years
Gemini Links 12/02/2025: Depression, Gabbro, WikiTok, and More
Links for the day
Links 12/02/2025: Health, Security, and Monopolies
Links for the day
Gemini Protocol is Increasingly Important to the Net
Gemini Protocol will turn 6 this summer
Former EPO Manager Warns That the Illegal 'Court' for "Unitary Patents" Enables “Law Shopping”
Daniel X. Thomas opposed the very existence of the UPC, which any honest person could recognise was both illegal and unconstitutional
Like GAFAM, the EPO is Passing the Financial Pains to Staff
the EPO is operating illegally at this point
Morale at Microsoft Ruined by the Company Labelling Thousands of Workers 'Low Performers', Sacking Them on the Spot and Denying Them Basic Benefits
people laid off as "low performers" go to social control media to bemoan the label
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 11, 2025
IRC logs for Tuesday, February 11, 2025