Bonum Certa Men Certa

Microsoft is Still Attacking Free/Open Source Software With Security FUD

Nana the cat



Summary: Free software's "many eyeballs" defence is being slammed by Microsoft employees who cite their own reports and continue to show incompetence and extreme negligence when it comes to security

IS MICROSOFT really changing? Is Microsoft finally accepting that "open source" (as it insists on calling it) is acceptable? Hell no.



Back in December we showed that Microsoft was smearing Free software even though it can run on Windows and now we find the monopolist using its own lies that its arrogant employees have manufactured in order to fuel this latest security spin and lies about Free software's security. Microsoft titled this FUD "Microsoft’s Many Eyeballs and the Security Development Lifecycle". Blankenhorn states in his response that "Closed source still state religion at Microsoft"

But closed source remains a sort of state religion at Microsoft, as I learned this week from Fred Trotter, an expert in open source medical software.

Fred wrote this week about some FUD (Fear, Uncertainty and Doubt) Shawn Hernan of Microsoft is spreading within the security community — that open source is less secure despite its being visible.


Yes, that would be Microsoft, which is still doing extra PR work to pretend that it has an "open source" side and that CodePlex is not just a shell/front for Microsoft. To advertise the CodePlex Foundation as not tied to Microsoft, these liars previously recruited Microsoft MVP Miguel de Icaza (before he was officially their MVP). They also exploit their long-standing friendships with British Library staff in order to achieve this. The true intentions are so obvious to see that it takes gullible or misinformed individuals to fall for it.

Regarding those Microsoft claims of "better" security in proprietary software, here is a new article which attributes the rise in E-mail malware to Microsoft Windows botnets (zombie PCs). The article says: "Malicious spam volumes increased dramatically in the back half of 2009, reaching three billion messages per day, compared to 600 million messages per day in the first half of 2009. But this is still a tiny fraction of the estimated global spam volume, thought to be about 200 billion messages per day.

"A new report by net security firm M86 Security points the finger of blame for the torrent of malware, phishing and other scams (collectively defined as malicious spam) and junk mail more generally towards botnet networks of compromised machines. It reckons five botnets were responsible for 78 per cent of the malicious spam it fought in the second half of 2009.

"M86 reports that the major spam botnets such as Rustock, Pushdo (or Cutwail) and Mega-D continue to dominate spam output, supported by second-tier botnets such as Grum, and Lethic. Rustock alone pushed out 34 per cent of spam in 2H09. Pushdo zombie drones puked out one in five spam messages (20 per cent), with Mega-D zombies account for 9 per cent of the global junk mail nuisance."

“[S]ince 2007, 5 major maintainers on Ubuntu are linked to Novell [...] Mostly the one maintaining .NET packages.”
      --Oiaohm
Needless to say, this is only affecting Windows and Microsoft's utter negligence [1, 2, 3] contributes to it. The last thing we need is for GNU/Linux to inherit the same security problems through Mono and Moonlight. In today's IRC conversations (the relevant part starts here), it came up that "since 2007, 5 major maintainers on Ubuntu are linked to Novell [...] Mostly the one maintaining .NET packages." That's a claim from Oiaohm, who added: "Matt Asay will allow .NET to infect more. Then end of next year MS can drop the patent wall on them." Maybe this is a good opportunity to ask Asay some questions in Slashdot. Well, Slashdot treats him like a celebrity and some months ago he was mentioned in their front page because former Microsoft employees voted him one of the "most influential in FOSS" (no coders at all were seen as worthy for this list, not even Richard Stallman). But then again, as the new call for questions states, "Matt [Asay] is on the board of advisors for Slashdot's parent company, Geeknet." We previously complained about Slashdot's new Microsoft slant [1, 2, 3, 4, 5], not to mention the hiring of former Microsoft employees who can change the agenda and groom particular people who are helpful to them (Matt Asay is the one who brought Microsoft to OSBC [1, 2, 3]). MinceR says that "Geeknet is completely corrupted". Why is it that Slashdot picks questions for Jim Zemlin, for example (he is a marketing person from the Linux Foundation), whereas technical people from the heavily-disrespected GNU receive no opportunity to offer their side of the story? Slashdot reached out in the same way to some Microsoft employees.

DaemonFC, a former Microsoft MVP, says: "I still don't get why many large companies with lots of lawyers don't flinch at shipping Mono if it really is so bad... you'd think they'd clear something like that with their legal dept first..."

MinceR says that Microsoft "does everything they can to make the legal situation about mono-related patents as unclear as possible" and Oiaohm tells DaemonFC that Intel and other companies do know about the problem, which is why they stay out of Moonlight, for example [1, 2]. "Intel will not touch it," Oiaohm insists, "due to legal issues."

MinceR adds: "we see canonical pushing mono... if their legal department didn't warn them about this, when exactly will they do so?"

At a later stage in the day, Oiaohm dropped this interesting new link ("2010 CWE/SANS Top 25 Most Dangerous Programming Errors"). "Good read for those who think languages like .net are majorally more secure," he said. "That is the new list for bugs that common breached systems last year. Lot of them don't link to what .net and java languages protect against. To be correct php and other equal languages have been breached."

"The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification and elimination of defects that might otherwise go unrecognized by a more limited core development team."

--CIO David Wennergren, Department of Defense (October 2009)



Comments

Recent Techrights' Posts

A farewell to Finland, an occupied territory
Finland, Finland, Finland
[Meme] Escalating After Failures
4 stages of cancel culture
Red Hat Had 2+ Days to Deny Reports of Impending Layoffs. But Red Hat Chose to Keep Silent.
Red Hat DOES NOT deny layoffs on the way
Attempts to Sink the Free Software Movement (Under the Guise of Saving It)
We can see who's being drowned
Microsoft-Connected Sites Trying to Shift Attention Away From Microsoft's Megabreach Only Days Before Important If Not Unprecedented Grilling by the US Government?
Why does the mainstream media not entertain the possibility a lot of these talking points are directed out of Redmond?
[Video] Microsoft's Attack on Education
Microsoft's cult-like activities and overt entryism
 
Canonical Supports Monopoly
more of the same
Links 22/05/2024: "Copilot+" as Mass Surveillance and Microsoft Defying Consent in Scarlett Johansson's Case
Links for the day
Microsoft-Connected Person Was Threatening to Sue Me and to Sue My Wife (Because His Feelings Were Hurt After Had He Spent More Than a Decade Defaming Me and Violating My Family's Dignity, Privacy)
litigation was chosen and we shall defend everything we wrote
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 21, 2024
IRC logs for Tuesday, May 21, 2024
Czech Republic: Windows Down From 98% to 43%, GNU/Linux Rises to Over 3%
modest gains for GNU/Linux
Links 22/05/2024: Pixar Layoffs and More Speculation About Microsoft Shutdowns/Layoffs (Ninja Theory)
Links for the day
Gemini Links 21/05/2024: Caesar II for MS-DOS and Reinventing the Assertion Wheel
Links for the day
Internal Memos/Communications Hinting at "a New, But Masked, Round of Layoffs" at Red Hat
A negative outlook heads of a long weekend
Nigeria: Windows Down to 6%, Android at All-Time High of 77%
Google is becoming the "new monopoly" in some places
[Meme] Money In, No Money Out (Granting Loads of Invalid European Patents)
EPO production?
Staff Representation at the EPO Has Just Explained to Heads of Delegations (National Delegates) Why the EPO's Financial Study is Another Hoax
Here we are again 5 years later
Canonical and Red Hat Are Not Competing With Microsoft Anymore
What a shame they hired so many people from Microsoft...
Links 21/05/2024: "Hating Apple Goes Mainstream", Lots of Coverage About Julian Assange Ruling
Links for the day
Gemini Links 21/05/2024: Losing Fats and Modern XMPP
Links for the day
Microsoft Windows Used to Have Nearly 100% in China and Now Google Has 50% (With Android)
Will China bring about a faster "fall" for Microsoft?
Pursuing a Case With No Prospects (Because It's "Funny")
the perpetrators are taking a firm that's considered notorious
GNU/Linux Growing Worldwide (the Story So Far!)
Microsoft is unable to stop GNU/Linux
GNU/Linux in Honduras: From 0.28% to 6%
Honduras remains somewhat of a hotspot
Good News From Manchester and London, Plus High Productivity in Techrights
what has happened and what's coming
[Video] The 'Linux' Foundation Cannot be Repaired Anymore (It Sold Out)
We might need to accept that the Linux Foundation lost its way
Links 21/05/2024: Tesla Layoffs and Further Free Speech Perils Online
Links for the day
Gemini Links 21/05/2024: New Gemini Reader and Gemini Games
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, May 20, 2024
IRC logs for Monday, May 20, 2024
Red Hat Loves Microsoft Monopoly (and Proprietary Surveillance With Back Doors)
full posting history in RedHat.com
[Video] Just Let Julian Assange Go Back to Australia
Assange needs to be freed
The WWW declares the end of Google
Reprinted with permission from Cyber|Show
Gemini Links 20/05/2024: CMSs and Lua "Post to midnight.pub" Script Alternative
Links for the day
Windows Has Fallen Below 5% in Iraq, GNU/Linux Surged Beyond 7% Based on statCounter's Stats
Must be something going on!
Brodie Robertson - Never Criticise The Linux Foundation Expenses (With Transcript)
Transcript included
Links 20/05/2024: Protests and Aggression by Beijing
Links for the day
Can an election campaign succeed without social media accounts?
Reprinted with permission from Daniel Pocock
Read "Google Is Not What It Seems" by Julian Assange
In this extract from his new book When Google Met Wikileaks, WikiLeaks' publisher Julian Assange describes the special relationship between Google, Hillary Clinton and the State Department -- and what that means for the future of the internet
Fact check: relation to Julian Assange, founded Wikileaks at University of Melbourne and Arjen Kamphuis
Reprinted with permission from Daniel Pocock
Julian Assange: Factual Timeline From an Online Friend
a friend's account
Breaking News: Assange Wins Right to Challenge Extradition to the US
This is great news, but maybe the full legal text will reveal some caveat
Gambia: Windows Down to 5% Overall, 50% on Desktops/Laptops
Windows was measured at 94% in 2015
Links 20/05/2024: Microsoft Layoffs and Shutdowns, RTO as Silent Layoffs
Links for the day
The Issue With Junk Traffic in Geminispace (Gemini Protocol)
Some people have openly complained that their capsule was getting hammered by bot
Peter Eckersley, Laura Smyth & the rushed closure of dial-up Internet in Australian universities
Reprinted with permission from Daniel Pocock
Brittany Day, Plagiarist in Chief (Chatbot Slinger)
3 articles in the front page of LXer.com right now are chatbot spew
Guardian Digital, Inc (linuxsecurity.com) Has Resorted to Plagiarism by Chatbots, Flooding the World Wide Web With Fake 'Articles' Wrongly Attributed to Brittany Day
busted
[Meme] Bullying the Victims
IBM: crybully of the year 2024
Ian.Community Should be Safer From Trademark Censorship
We wish to discuss this matter very quickly
Microsoft and Its Vicious Attack Dogs (Attacking Women or Wives in Particular)
Sad, pathetic, destructive people
Upcoming Series About the Campaign to 'Disappear' the Father of GNU/Linux
Today we have Julian Assange's fate to focus on
A Month From Now Gemini Protocol Turns 5
June 20
Colombia: From Less Than 0.5% to Nearly 4% for GNU/Linux
it's not limited to this one country
Rumour: Well Overdue Red Hat Layoffs to be Announced in About 3 Days
we know they've planned the layoffs for a while
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 19, 2024
IRC logs for Sunday, May 19, 2024
Gemini Links 20/05/2024: Updated Noto Fontpacks and gemfeed2atom
Links for the day