Posted on 11/15/2002 8:18:56 AM PST by AdA$tra
According to a report published November 12 by Aberdeen Group^, "Security advisories for open source and Linux software accounted for 16 out of the 29 security advisories - about one of every two advisories - published for the first 10 months of 2002 by Cert (www.cert.org^, Computer Emergency Response Team)."
Aberdeen says Microsoft products have had no new virus or trojan horse advisories in the first 10 months of 2002, while Unix, Linux, and Open Source software went from one in 2001 to two in the first 10 months of 2002, that in the same 2002 time period "networking equipment" (operating system unspecified) had six advisories, and Mac OSX had four.
In other words, all except Microsoft had increases in reported vulnerabilities this year.
"Contrary to popular misperception," the report says, "Microsoft does not have the worst track record when it comes to security vulnerabilities. Also contrary to popular wisdom, Unix- and Linux-based systems are just as vulnerable to viruses, Trojan horses, and worms. Furthermore, Apple's products are now just as vulnerable, now that it is fielding an operating system with embedded Internet protocols and Unix utilities. Lastly, the incorporation of open source software in routers, Web server software, firewalls, databases, Internet chat software, and security software is turning most Internet-aware computing devices and applications into possible infectious carriers."
The report lauds Microsoft for having overhauled its development process in an attempt to fix security problems, and says, "Perhaps it is time for some of the suppliers of open source and Linux software to take similar measures."
(You'll need to register with Aberdeen to read the rest of the report -- it's one of their free ones -- but I believe I've covered the Linux-relevant high points here.)
And yet, here I sit with my virus-free, trojan-free Linux box, receiving tons of viruses and trojans from Windows users (that don't affect me), watching news item after news item about sites run on Windows servers getting defaced and broken into.
According to what I've heard from my many sysadmin and network security specialist friends, no OS or network-connected software is secure unless it's administered properly and security patches are applied as soon as they are available.
And then, after I started writing this story, a ZDNet article with the headline Linux utility site hacked, infected^ came across my monitor, and I started wondering, "What if these Aberdeen people are right? What if this isn't just Microsoft-sponsored nonsense?"
A look at CERT's 2002 Advisories^ and Incident Notes^ pages was not overly reassuring. Yes, I saw some Microsoft vulnerabilities there that Aberdeen apparently missed, and one for Oracle.
I also think we have enough Microsoft viruses left over from last year that we don't need any new ones this year.
But the real issue is that we all need to be more security-conscious. The Aberdeen report points out that the system with the most reported vulnerabilities can change from year to year, but that the overall vulnerability and incident trend is up. Way up. In other words, whatever operating systems we use, we all need to watch out more for security flaws than we have in the past, and work harder to protect ourselves from them.
Not surprising. RedHat has a squad of people testing and patching the Open Source code which goes into the distribution. If you look at a particular package, like "foobar.1.0.5-12.i386.rpm", the "-12" in the version number is the RedHat Patch Level, and RedHat applies patches to everything.
As you've observed, people are not perfect, and all OS code has bugs. It is actually a good thing that RedHat is sending you all of those notices -- it means that someone is looking through that code, even if you cannot, and fixing problems -- that's what you're paying for when you buy a major distro.
Hmmm. It seems that 100,000 Spanish government workers disagree with you.
In real practical terms, Windows plug & play driver installation is probably the biggest single remaining advantage. I can tell an idiot to install (more likely upgrade) Windows on very random hardware, and add stuff like aftermarket USB, SCSI, etc., and be pretty confident that they will succeed.
There is a cost, but there is also a payback. In general, the reason MS fears Linux so much is that Linux is an "agressive follower." The open source community lets commercial developers figure out what people want, and then copies them. Unfair! Right? Except this was exactly Microsoft's playbook: Groupware? SQL servers? App servers? System-independent distributed object language systems? All not invented at Microsoft, but by disrupting existing markets with lower pricing (or bundling), Microsoft consistently delivered high value to Microsft customers willing to wait for Microsoft to get it right. Now the shoe is on the other foot.
Now, if you are willing to wait for Python to mature to the level of C#.NET, you get to build infinitely large systems without paying Microsoft for every new connection to your system. In most practical cases, people contemplating building such systems can wait - they are not ready to architect such system correctly yet.
Kiki Stockhammer? ;)
Well, I guess that you don't like Spain. Which of course has nothing to do with whether or not Linux is being used professionally on the desktop, and in large numbers.
So what about Japan, Germany, Peru and Hong Kong?
Or how about New Zealand, Australiaand Taiwan?
Or maybe the United Kingdom and Namibia?
Linux on the desktop is already happening. It's just not happening here. And that is entirely due to Microsoft's bullying of OEM computer manufacturers.
From the perspective of national security, is it really wise to hang on to a buggy, unsecure, proprietary legacy operating system when the rest of the world is housing their data and doing their work on a better platform?
The only people that think so are those that believe that Microsoft must be propped up at any cost, even if that cost is our country's security.
I still fail to see what sports are popular in a country have to do with the reality that Linux on the desktop is happening.
And as far as what we can learn from other countries, I suggest that you examine the history of the auto industry in the last 50 years. Japanese car companies nearly destroyed US car companies in the 1970's. Chrysler required a bailout. Ford and GM weren't much better off. It was because of their inability to change with the times and their belief that the American car buyer would continue to buy junk because it had always been that way that nearly destroyed them.
And you might want to examine the US consumer electronics industry as well. Once upon a time, every TV manufactured was manufactured in this country. Now none of them are. The companies that survived were nearly all bought out by the Japanese after losing nearly all of their market to Asian firms.
Advance or be discarded, that's the reality of business. The US auto industry learned that lesson painfully, the US consumer electronics industry even more so. If the US computer industry persists on sticking with a legacy operating system, the results will be the same.
They're known as stockholders.
I mean, seriously, do you really believe that most of the various people who shill for Microsoft here have no financial motive?
You are free to disagree that replacing a buggy, unsecure legacy operating system in government departments, the same departments that contain your tax information, military pay records, arrest records and public health statistics with a reliable, stable operating system is not in the best interest of the public. I happen to think that is a short-sided and dangerous point-of-view.
2. Your auto industry example fails miserably as well. Windows XP is not a "K" car and Linux is not an innovative improvement to the desktop like Hondas and Toyotas were in the seventies. Windows is getting better with each release and Microsoft is in no need of a government bailout.
In the 70's, Detroit failed to see the importance of fuel economy. In the 90's, Microsoft failed to see the importance of security. In the 70's, Detroit kept making cars the way they always had, despite warnings from industry watchers that times, they were a changin'. In the 90's, Microsoft kept punching out software the way they always had, despite warnings from industry watchers (Bugtraq, FBI, insurance companies) that the times, they were a changin'.
Yup, you're right. No comparison there. /sarcasm
As to the soccer analogy it fits. the reason third world countries love soccer is beacuse all you need is a ball. I also like any opportunity to slam soccer because it isn't a sport. Unlike soccer though, I actually play Linux from time to time.
Actually, I never noticed an analogy, merely a weak attempt to take potshots at several countries' decisions to get off of the Microsoft upgrade treadmill. And the UK and Japan hardly rate as third-world countries. Technically, the UK, Germany and Spain are first-world countries. Please make a note of it.
Personally, I think soccer is a stupid sport too, but your attempt to link the playing of a sport to the installation of hundreds of thousands of Linux desktops (which you insisted was a toy) in half a dozen industrialized nations doesn't stand up to examination.
I do believe that the point of the discussion is that in spite of your opinion that Linux on the desktop is a toy, quite a few people in positions of power around the world think differently.
Your different opinion is noted. And then compared to the expert opinions of others in positions to deploy Linux on the desktop to get work done. Your opinion seems lacking somehow.
I don't really care what their motives are. I only care that they have an observed tendency to lie, downplay Microsoft's unethical behavior and ignore factual evidence that Microsoft's products are not only poorly made, but made intentionally so.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.