Bonum Certa Men Certa

Unverified Claim: Sam Ransbotham's Belittling of Free/Libre Software Funded by Microsoft

Campus photos



Summary: "Open-Source Could Mean an Open Door for Hackers," says a new article from Robert Lemos, but the facts just don't add up and suspicions arise that Microsoft is in fact partly funding these claims

Two readers separately E-mailed us about a new article that looks too suspicious because it's flatly wrong. "This came up in the ACM daily email today," wrote one reader and another one writes: "Find out if there is any Microsoft connection"



"Apparently, this is another Microsoft-funded study bad-mouthing open source software," said the first reader. I asked: "Where can I see that it's Microsoft funded?"

"Even if that's not the case," he replied, "it has been characterized as a FUD attack."

"I didn't have time to investigate it myself," points out this first reader who cites Dana Blankenhorn and some of the comments we'll get to in a moment:

You don’t expect misleading FUD about open source from MIT’s Technology Review. But here it is.

The story is about a Boston College professor (and Georgia Tech grad — go Jackets) named Sam Ransbotham...

The misleading bit is the idea that open source vulnerabilities spread faster, and are exploited both sooner and with more force, than bugs in proprietary software.

It’s true, but it’s wrong to draw large conclusions from that.

In his work Ransbotham looked at a list of 883 known vulnerabilities and found 97 exploited over two years, 30 of them in open source. Attacks on open source were broader and moved faster than those on closed source.

The real story is a bit nastier. The biggest correlation Ransbotham found was not between open source and attack, but between the existence of a security signature and attacks.


Here is the original article. There is a comment titled "How Paid Studies Reflect Desires of Those Who Pay" and it says (emphasis in red is ours): "Paid studies are all notorious for proving that the sponsor of a study can usually get findings that support their desired outcome. Since this study is funded primarily by Microsoft, then the results should not be surprising. The article is not based on any outright deception or lies, simply on two levels of ignorance. First, the naivete and lack of programming expertise of the general audience who might accept these findings -- a response that no credible or responsible programmer would support, unless he or she also were a partisan MS loyalist. One must only read the weekly threat announcements of critical vulnerabilities in Microsoft and Adobe products, for example to realize that nothing could be more vulnerable than these highly vaunted proprietary products. The second level of ignorance relates to intrinsic security permissions in most UNIX/LINUX operating systems versus that of Microsoft Windows, including Windows Seven. Most of the worlds secure servers are all running on some UNIX based OS, not Windows, for matters of security and reliability -- they are running Solaris, UNIX, or some flavor of LINUX. And this has everything to do with inherent security permissions for the Root user account, versus the "administrative permissions" in Windows that always leave a number of little windows, shutters, back doors and ports wide open to attack, and ability to modify critical registry entries in the Windows OS. There is no "registry" to attack in UNIX, Solaris or LINUX, and nothing can modify a Root file unless it is a live password protected Root User. Autorun scripts and VBS scripts cannot exploit these systems at all."

Another commenter claims an "advertisement coincidence" when s/he writes: "The advertisement for this article is for Microsoft Server. Coincidence? I think not."

Comments

Recent Techrights' Posts

Slopwatch: Brittany Day and Brian Fagioli Are Still at It, Googlebombing "Linux" With LLM Slop (Taking Away Traffic From the Articles They're Plagiarising)
Some more sites that used to cover GNU/Linux have turned into slopfarms
[Meme] Being High on Drugs Isn't Happiness (Likewise, Being a "Star" in Social Control Media is Temporary)
Many entities - or people - will regret telling everybody "follow me on Twitter"
 
Bots Covering Debian Releases
It would be quite safe to guess that chatbots were at least partly leveraged for that text
Gemini Links 12/01/2025: No Country For Old Men, Burned Homes, and "Planet P is Clean"
Links for the day
Links 12/01/2025: Microsoft Admits It's Laying Off Staff Only Where Staff is "Expensive" (Race to the Bottom)
Links for the day
[Meme] They Say That RMS Says the "F" Word (Freedom) Too Much...
About 32.7k US dollars are now left for the FSF to raise (in 6 days)
Links 12/01/2025: More Sanctions Against Russia, SCOTUS Signals Fentanylware (TikTok) Ban Will Stay
Links for the day
[Meme] A Jihad Against Servers the User Controls
We need to strive for and work towards greater control by users over "their" servers
Microsoft Azure-Only Bugs in "Linux" Can "Compromise the System."
From ubuntu.com and linux.org a few days ago
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, January 11, 2025
IRC logs for Saturday, January 11, 2025
Gemini Links 12/01/2025: DHL Express Does Not Deliver, Oddmuse Update
Links for the day
Links 11/01/2025: Social Control Media Facing Sanctions, Carter Respected at Funeral
Links for the day
If TikTok (China) Has the Rights of American Persons, Then ByteDance Can be Sentenced to Death
TikTok - like Julian Assange - does not enjoy any protections of the First Amendment and since it's not a person it would lack these protections as an American company, too
After a Year of Layoffs in Microsoft Nigeria (and Microsoft in Africa at Large) Windows Falls to New Lows and Bing Falls to 0.46% "Market Share"
Of course Microsoft gave bribes in Nigeria to suppress GNU/Linux adoption
An Important Lesson About Patents and Patent Maximalism (They Drive People and Companies Away)
This previously happened in Texas, where companies perceived their presence (in any form) to be a liability as patent trolls could drag them to friendly courts and win "damages"
When It Comes to Fentanylware (TikTok), a Digital Weapon of a Hostile Entity, Common Dreams is Jumping the Shark Again (Years After It Ran Out of Steam or Money)
Or maybe it likes the agenda promoted (curated) by Fentanylware (TikTok) and its parent company, Bytedance or Chinese Community Party (CPP)
BetaNews is Now Officially a Spamfarm With Phantom Authors and Fake Text (SPAM and Linkspam Made With LLM Slop)
That's it, the site is virtually dead now (maybe that was the plan all along)
Hazem Abbas of medevel is Ruining His Site With LLM Slop
Some of his articles are original, but now everything is suspect
[Meme] Real and Fake (or "several influential "open source" organizations [which] have come to be dominated by large companies")
The Free Software Foundation has not sold out
Free Software Foundation: Anchoring the FSF in its values
Original by Free Software Foundation
GNU/Linux Surges to All-Time Highs in Greenland, Windows Sinks to All-Time Lows
a lot of GNU/Linux gets detected there lately
Microsoft's "Donald Trump First" Doctrine
national deficits growing
Microsoft in Trouble as Azure Breaks and Only Days After Promising Investment in "Datacentres" Construction of Actual Datacentres Paused (Expect More Azure Layoffs Very Soon)
No wonder many people who got trapped inside Azure quit Azure, which keeps bleeding (losses and layoffs)
Gemini Links 11/01/2025: Wildfire, Militia and the Mole, IRC vs Social Control Media
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, January 10, 2025
IRC logs for Friday, January 10, 2025
Links 10/01/2025: Tata Consultancy Services (TCS) Shrinking, "Not every user owns an iPhone"
Links for the day
Gemini Links 10/01/2025: Oppositional Defiant Disorder and Linux Desktop Setup
Links for the day
[Meme] Donald Trump Will Pay Microsoft Back
bribery administration is 10 days away
statCounter Sees GNU/Linux Tripling in Share in 3 Years in Iran
ChromeOS adoption is low, but then again, nobody buys a Chromebooks with the expectation of better privacy
Using a Popular Ponzi Scheme to Sell Expensive Hardware Mislabelled as "Hey Hi" (AI)
Selling shovels in an age of "gold rush"
Search Engine-Optimised (SEO) Googlebombs Target "Linux", "Ubuntu", and "RISC-V", Still Composed by Bots
the way to defeat LLM slop (trash) is to call out serial sloppers or "repeat plagiarists"
Guardian Digital, Inc (linuxsecurity.com) is Again Spamming or Googlebombing "Linux" and "Security" Using LLM Slop
Guardian Digital is basically a dodgy company. Don't trust Guardian Digital with your security.
Unix Men (or UnixMen) Has Turned Into LLM Slop With Embedded Linkspam, Piggybacking "Linux" for SEO
Welcome to 2025 and the "new" Web
Computers as a Heat Source
suppose you have over a dozen activated monitors in a room or two
Social Control Media and 'Linux' Foundation Accelerate the Death of the Web
Social Control Media is basically a dying business
Links 10/01/2025: Disinformation Sold as "Artificial Intelligence (AI)" and as "Social Media" Now Facing Growing Scrutiny
Links for the day
Linux Foundation Increasingly Reliant on Paid Press Releases, Paid-for Stenography, and Even LLM Slop (Fake 'Articles')
This LLM slop is a big problem both for Linux and for Google
Links 10/01/2025: Scam Altman’s Younger Sister Files Lawsuit Claiming He Sexually Abused Her, Apple Faces Embargo
Links for the day
Gemini Links 10/01/2025: Internet Archive Gopher Search Interface and Falling "in Love With the Small Web"
Links for the day
Starting 2025 on a Strong Note
we ought to find more time to produce our own stories
Entire News Sites Have Become Just the Output of Bots (or Chatbots Disguised as "Authors")
the Web is screwed
Colombian Trends Help Explain Why Microsoft Rushes to Start the Year With Mass Layoffs (Before Some Staff is Even Back to Work!)
No wonder there are mass layoffs (first of GAFAM) as early as week 1 of 2025
LLM Slop and Bot-Generated Marketing for the Linux Foundation and Its Openwashing
Of course it's chaff
Microsoft Gives Money to Trump, Poor or Even Sluggish Adoption of "Hey Hi" (AI) Reported Amid Mass Layoffs
Microsoft now uses its media moles to downplay layoffs and bribes
More IBM Layoffs (2025)
IBM is being scattered away, yet the media barely covers it. It'll just happen "silently" over time.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, January 09, 2025
IRC logs for Thursday, January 09, 2025