06.07.10

Gemini version available ♊︎

Unverified Claim: Sam Ransbotham’s Belittling of Free/Libre Software Funded by Microsoft

Posted in Free/Libre Software, GNU/Linux, Microsoft, Virtualisation, Windows at 8:49 pm by Dr. Roy Schestowitz

Campus photos

Summary: “Open-Source Could Mean an Open Door for Hackers,” says a new article from Robert Lemos, but the facts just don’t add up and suspicions arise that Microsoft is in fact partly funding these claims

Two readers separately E-mailed us about a new article that looks too suspicious because it’s flatly wrong. “This came up in the ACM daily email today,” wrote one reader and another one writes: “Find out if there is any Microsoft connection”

“Apparently, this is another Microsoft-funded study bad-mouthing open source software,” said the first reader. I asked: “Where can I see that it’s Microsoft funded?”

“Even if that’s not the case,” he replied, “it has been characterized as a FUD attack.”

“I didn’t have time to investigate it myself,” points out this first reader who cites Dana Blankenhorn and some of the comments we’ll get to in a moment:

You don’t expect misleading FUD about open source from MIT’s Technology Review. But here it is.

The story is about a Boston College professor (and Georgia Tech grad — go Jackets) named Sam Ransbotham…

The misleading bit is the idea that open source vulnerabilities spread faster, and are exploited both sooner and with more force, than bugs in proprietary software.

It’s true, but it’s wrong to draw large conclusions from that.

In his work Ransbotham looked at a list of 883 known vulnerabilities and found 97 exploited over two years, 30 of them in open source. Attacks on open source were broader and moved faster than those on closed source.

The real story is a bit nastier. The biggest correlation Ransbotham found was not between open source and attack, but between the existence of a security signature and attacks.

Here is the original article. There is a comment titled “How Paid Studies Reflect Desires of Those Who Pay” and it says (emphasis in red is ours): “Paid studies are all notorious for proving that the sponsor of a study can usually get findings that support their desired outcome. Since this study is funded primarily by Microsoft, then the results should not be surprising. The article is not based on any outright deception or lies, simply on two levels of ignorance. First, the naivete and lack of programming expertise of the general audience who might accept these findings — a response that no credible or responsible programmer would support, unless he or she also were a partisan MS loyalist. One must only read the weekly threat announcements of critical vulnerabilities in Microsoft and Adobe products, for example to realize that nothing could be more vulnerable than these highly vaunted proprietary products. The second level of ignorance relates to intrinsic security permissions in most UNIX/LINUX operating systems versus that of Microsoft Windows, including Windows Seven. Most of the worlds secure servers are all running on some UNIX based OS, not Windows, for matters of security and reliability — they are running Solaris, UNIX, or some flavor of LINUX. And this has everything to do with inherent security permissions for the Root user account, versus the “administrative permissions” in Windows that always leave a number of little windows, shutters, back doors and ports wide open to attack, and ability to modify critical registry entries in the Windows OS. There is no “registry” to attack in UNIX, Solaris or LINUX, and nothing can modify a Root file unless it is a live password protected Root User. Autorun scripts and VBS scripts cannot exploit these systems at all.”

Another commenter claims an “advertisement coincidence” when s/he writes: “The advertisement for this article is for Microsoft Server. Coincidence? I think not.”

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

2 Comments

  1. Agent_Smith said,

    June 7, 2010 at 8:53 pm

    Gravatar

    This is misleading. FUD at best. When something is open and everyone can know about it, people know the flaws and how to counter them. When the stuff is closed, the company which created it’s the only one that knows the flaws, and many times they try to be safe through obfuscation, hiding their garbage under the carpet. We both know this move doesn’t work.

    Dr. Roy Schestowitz Reply:
    June 7th, 2010 at 8:58 pm

    Microsoft recently acknowledged never admitting flaws that it finds, even after patching them. That’s just insecurity with obscurity (hiding the severity of this problem).

DecorWhat Else is New

  1. Daniel Stenberg Knows Almost Nothing About Gemini and He's Likely Just Protecting His Turf (HTTP/S)

    The man behind Curl, Daniel Stenberg, criticises Gemini; but it's not clear if he even bothered trying it (except very briefly) or just read some inaccurate, one-sided blurbs about it

  2. Links 29/05/2023: Videos Catchup and Gemini FUD

    Links for the day

  3. Links 28/05/2023: Linux 6.4 RC4 and MX Linux 23 Beta

    Links for the day

  4. Gemini Links 28/05/2023: Itanium Day, GNUnet DHT, and More

    Links for the day

  5. Links 28/05/2023: eGates System Collapses, More High TCO Stories (Microsoft Windows)

    Links for the day

  6. IRC Proceedings: Saturday, May 27, 2023

    IRC logs for Saturday, May 27, 2023

  7. No More Twitter, Mastodon, and Diaspora for Tux Machines (Goodbye to Social Control Media)

    People would benefit from mass abandonment of such pseudo-social pseudo-media.

  8. Links 28/05/2023: New Wine and More

    Links for the day

  9. Links 27/05/2023: Plans Made for GNU's 40th Anniversary

    Links for the day

  10. Social Control Media Needs to be Purged and We Need to Convince Others to Quit It Too (to Protect Ourselves as Individuals and as a Society)

    With the Tux Machines anniversary (19 years) just days away we seriously consider abandoning all social control media accounts of that site, including Mastodon and Diaspora; social control networks do far more harm than good and they’ve gotten a lot worse over time

  11. Anonymously Travelling: Still Feasible?

    The short story is that in the UK it's still possible to travel anonymously by bus, tram, and train (even with shades, hat and mask/s on), but how long for? Or how much longer have we got before this too gets banned under the false guise of "protecting us" (or "smart"/"modern")?

  12. With EUIPO in Focus, and Even an EU Kangaroo Tribunal, EPO Corruption (and Cross-Pollination With This EU Agency) Becomes a Major Liability/Risk to the EU

    With the UPC days away (an illegal and unconstitutional kangaroo court system, tied to the European Union in spite of critical deficiencies) it’s curious to see EPO scandals of corruption spilling over to the European Union already

  13. European Patent Office (EPO) Management Not Supported by the EPO's Applicants, So Why Is It Still There?

    This third translation in the batch is an article similar to the prior one, but the text is a bit different (“Patente ohne Wert”)

  14. EPO Applicants Complain That Patent Quality Sank and EPO Management Isn't Listening (Nor Caring)

    SUEPO has just released 3 translations of new articles in German (here is the first of the batch); the following is the second of the three (“Kritik am Europäischen Patentamt – Patente ohne Wert?”)

  15. German Media About Industry Patent Quality Charter (IPQC) and the European Patent Office (EPO)

    SUEPO has just released 3 translations of new articles in German; this is the first of the three (“Industrie kritisiert Europäisches Patentamt”)

  16. Geminispace Continues to Grow Even If (or When) Stéphane Bortzmeyer Stops Measuring Its Growth

    A Gemini crawler called Lupa (Free/libre software) has been used for years by Stéphane Bortzmeyer to study Gemini and report on how the community was evolving, especially from a technical perspective; but his own instance of Lupa has produced no up-to-date results for several weeks

  17. Links 27/05/2023: Goodbyes to Tina Turner

    Links for the day

  18. HMRC: You Can Click and Type to Report Crime, But No Feedback or Reference Number Given

    The crimes of Sirius ‘Open Source’ were reported 7 days ago to HMRC (equivalent to the IRS in the US, more or less); but there has been no visible progress and no tracking reference is given to identify the report

  19. IRC Proceedings: Friday, May 26, 2023

    IRC logs for Friday, May 26, 2023

  20. One Week After Sirius Open Source Was Reported to HM Revenue and Customs (HMRC) for Tax Fraud: No Response, No Action, Nothing...

    One week ago we reported tax abuses of Sirius ‘Open Source’ to HMRC; we still wait for any actual signs that HMRC is doing anything at all about the matter (Sirius has British government clients, so maybe they’d rather not look into that, in which case HMRC might be reported to the Ombudsman for malpractice)

  21. Links 26/05/2023: Weston 12.0 Highlights and US Debt Limit Panic

    Links for the day

  22. Gemini Links 26/05/2023: New People in Gemini

    Links for the day

  23. IRC Proceedings: Thursday, May 25, 2023

    IRC logs for Thursday, May 25, 2023

  24. Links 26/05/2023: Qt 6.5.1 and Subsystems in GNUnet

    Links for the day

  25. Links 25/05/2023: Mesa 23.1.1 and Debian Reunion

    Links for the day

  26. Links 25/05/2023: IBM as Leading Wayland Pusher

    Links for the day

  27. IRC Proceedings: Wednesday, May 24, 2023

    IRC logs for Wednesday, May 24, 2023

  28. Links 25/05/2023: Istio 1.16.5 and Curl 8.1.1

    Links for the day

  29. Gemini Links 25/05/2023: On Profit and Desire for Gemini

    Links for the day

  30. SiliconANGLE: Sponsored by Microsoft and Red Hat to Conduct the Marriage Ceremony

    SiliconANGLE insists that paying SiliconANGLE money for coverage does not lead to bias, but every sane person who keeps abreast of SiliconANGLE — and I read their entire feed every day — knows that it’s a ludicrous lie (Red Hat/IBM and the Linux Foundation also buy puff pieces and “event coverage” from SiliconANGLE, so it’s marketing disguised as “journalism”

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts