Microsoft Raises Security Game, Notes Shortcomings Elsewhere

LMCBoy writes "Steve Ballmer recently told an industry conference that Microsoft software is more secure than Linux. PJ at Groklaw has a nice, thorough analysis of this dubious claim. She points out that not only are there vastly more Microsoft exploits reported, but that the exploits tend to be much more severe, involving remote administrator access." In related news, mhesseltine writes "According to an article from the Washington Post, in an unusually ironic twist, Microsoft has started talking smack about their own products, instead of those of their competitors. Bill Gates said of Office 'it's too hard to find things in e-mail' and described some features of Word as 'clunky.'"

Clunky...

[daeley]

Of course the clunkiest feature of Office is the part where you have pay several hundred dollars for it. I wish they'd get that bug ironed out already.

Nobody's ass on the line?

[morven2]

Ballmer states that there's "nobody who has his rear end on the line" with Linux.

I posit that Linux developers have something rather important on the line; their reputations, professional and personal. When you ship open-source code, you are showing the world how good, or how bad, you are. Your reputation can be made or broken by the code you release.

Contrast that with all too many developers in commercial shops, whose code is read by nobody but their immediate co-workers and nobody takes responsibility for bugs.

If Microsoft employees' asses are on the line, show me a firing or two every time a security hole shows up. And not just the line programmers; bring me the heads of the designers who designed things badly, the project managers who made hitting deadline more important than getting it right, and the managers who let it all happen.

I would say that in the vast majority of cases, commercial programmers' asses are NOT on the line, in terms of security problems. As long as you crank out code fast enough to keep up with your co-workers ...

Re:Nobody's ass on the line?

[OglinTatas]

And who's ass is on the line when the EULA states that microsoft is not responsible for its own products?

YOU are entirely responsible. Talk to your reseller for support, and if things break to an extent your business is damaged, don't expect more than a refund of the purchase price of the software. Same for open source, really. So what is Ballmer's point?

to wit:

" 5. PRODUCT SUPPORT. SOFTWARE support for the SOFTWARE is not provided by MS, Microsoft Corporation, or their affiliates or subsidiaries..."

and:

"EXCLUSION OF LIABILITY/DAMAGES. The following is without prejudice to any rights you may have at law which cannot legally be excluded or restricted. You acknowledge that no promise, representation, warranty or undertaking has been made or given by Manufacturer and/or Microsoft Corporation (or related company of either) to any person or company on its behalf in relation to the profitability of or any other consequences or benefits to be obtained from the delivery or use of the SOFTWARE and any accompanying Microsoft hardware, software, manuals or written materials. You have relied upon your own skill and judgement in deciding to acquire the SOFTWARE and any accompanying hardware, manuals and written materials for use by you. Except as and to the extent provided in this agreement, neither Manufacturer and/or Microsoft Corporation (or related company of either) will in any circumstances be liable for any other damages whatsoever (including, without limitation, damages for loss of business, business interruption, loss of business information or other indirect or consequential loss) arising out of the use or inability to use or supply or non-supply of the SOFTWARE and any accompanying hardware and written materials. Manufacturer's and/or Microsoft Corporation (or related company of either) total liability under any provision of this agreement is in any case limited to the amount actually paid by you for the SOFTWARE and/or Microsoft hardware."

Note the comparison to RH6!

Ballsack^H^H^H^Hmer said: "The data doesn't jibe with that. In the first 150 days after the release of Windows 2000, there were 17 critical vulnerabilities. For Windows Server 2003 there were four. For Red Hat (Linux) 6, they were five to ten times higher"

Why don't we compare Windows Server 2003 to RedHat Enterprise v3? Or Windows 2000 to RedHat 9? RedHat 6? That's what, 3-4 years old now!

And don't make me bring up WinME, Steverino.

Ballmer's Personal Reality Field

[Lord+Grey]

From the Groklaw article, quoting Steve Ballmer:

"Should there be a reason to believe that code that comes from a variety of people around the world would be higher-quality than from people who do it professionally? ..."

Why, yes there is, Mr. Ballmer. Among other reasons, there's vastly more people looking at the code and none of them having marketing directors breathing down their necks. Many more reasons, stated by many different people, can be found via Google in five minutes.

"Why is its pedigree better than code done in a controlled fashion? I don't get that,' he said."

You've just stated something that everyone knew long ago.

"There is no road map for Linux, nobody who has his rear end on the line. We think it's an advantage a commercial company can bring--we provide a road map, indemnify customers. They know where to send e-mail. None of that is true in the other world. So far, I think our model works pretty well."

Roadmaps make good software? Email answered by overworked and underpaid contractors make good software? Indemnification makes a Microsoft OS-based computer more secure, perhaps?

No, no and no.

Re:Really?

[Rary]

Precisely.

This is nothing new. Remember when Windows 2000 came out, and magazines were filled with all those Microsoft ads making fun of the Windows 98 BSOD?

They trashed Win98 to sell Win2K. Why wouldn't they trash Office2K/XP to sell Office03?