Microsoft: Trust and Antitrust
Microsoft is in the news for two reasons today: the continuing saga of the antitrust cases, and Microsoft's public relations push for "trustworthy computing". A selection of links: Microsoft claims two months of code reviews and half-day seminars surpasses everything ever done by the open source community; Salon talks about the problems with a monoculture; SBC, an abusive telecom monopoly, complains about Microsoft's behavior, an abusive OS monopoly; and Microsoft responds, claiming that SBC is merely being self-serving.
No comment needed.
Vintage computer games and RPG books available. Email me if you're interested.
Personally, I think both sides have code review procedures which are legitimate. MS is bragging because the open source community can't match what it did within its own procedure. It would be like waterfall method people bragging that they got a product out the door in fewer milestones than an extreme team did. An answer to this is, "Ok, good for you but saying you are better than me is a non-sequitor."
And why do I need IE and Media Player on a server that's only running a database?
Step #1 of security, remove and/or disable everything to don't need to get the job done.
MSFT has been ignoring that for years, but maybe they are finally starting to learn.
Microsoft most likely is doing code reviews OF FUTURE PRODUCTS, I.E. .NET, .NET Server, Windows XP, Office NGO, etc.
You want security? Fine, buy our subscription products.
InThane
Microsoft really does brainwash their employees. I went to your site about the "myth" of open source software being more secure, and I see where you point to the Security Focus table to try and prove your point. For the *thousandth* time, that table takes into account every single application that ships with a distribution. Can we lump in all the vulnerabilities for MS Office/Outlook, MS Works, SQL Server, and Exchange into the NT/2000 group?
And even with those misleading statistics, the only distro above NT/2000 (42) is Red Hat (54).
Your lack of objectivity renders your entire article irrelevant.
I've seen you, and others, bandy about this type of statistic for some time. But I have not found a single reference to back it up. Can you back this statistic up with a valid reference?
One of the amazing things about Microsoft is its ability to turn on a dime. They almost missed the Internet. Then they played an amazing game of catch-up.
But that does not mean they will be able to do it every time.
There is a major difference in the nature of Microsoft's first two challenges (desktop and internet) and its current one (security). The first two were really exercises in marketing. The third is a technical challenge.
Then again probably not, FreeBSD has had every line of code reviewed before, and if you count the fact that it has more functionality pound for pound.
Some may chime in about how Open Source is supposedly a constant large scale code review but I've previously written on the fallacy of this kind of thinking
Oh well QE- fucking - D then, if YOU wrote on it we must be wrong. Let me clue you in, no developer, company, or whatever can prepare for every eventuality, once past a certain threshold no code can be 100% secure. There's always the possibility, that something will come along to break it. And when that thing comes, it's the OSS that gets fixed quicker, and better than any commercial offering.
I'm the big fish in the big pond bitch.
Still, this statistic is hardly a good indication that all Linux installations "in the wild" are being compromised within X hours. And this is the claim that is constantly made, complete with bogus statistics.