Slashdot Mirror
Microsoft Silently Backs Favorable Presentation at RSA
lildogie writes "Two researchers, from the Florida Institute of Technology and Boston-based Security Innovation Inc., 'surprised the audience at a computer-security convention last month with their finding that a version of Microsoft Windows was more secure than a competing Linux operating system' according to the Seattle Post-Intelligencer. 'This week, the researchers released their finished report, and it included another surprise: Microsoft was funding the project all along.' When will they ever learn?"
If you want your product to be found safe or secure of what ever, you fund reasearch. Cell phone compinies fund research to show that they are safe, but a recently publish study buy a guy from University of Washington proved otherwise.
All these research by MS funded institutions and researchers, Alexis de Tocqueville etc... It's to predictable. Do people actually believe anything they're saying? At least this time they didn't claim Torvalds isn't the father of Linux.
Microsoft too would lose credibility, if it had any to lose.
It's got nothing to lose, because it's lost it all already.
...to consider the possibility that if the study was unfavorable to Microsoft's position they would simply have pulled the plug and thrown away the results? Unless you can find fault with the study itself, there is nothing wrong with Microsoft financing studies which show Microsoft in a favorable way as long as the study itelf was legitimate. I realize this may be a difficult concept for many /.'ers to grasp but give it a shot.
Let Microsoft open the source code for their operating system and then let us see who has more reported vulnerabilities!
Ouch! The truth hurts!
But at the time they weren't too worried about the long term growing threat, they were worried about the pending case. Now the big picture nightmare is being realized on all fronts and they need to go down in flames shooting off ridiculous attacks/defenses that they paid for because the net result will probably be in the black, at least beyond the slashdotters, of keeping more people from moving to linux than they drive toward linux because those people found out that MS paid for the study and yada yada. Count on that MS reads the likes of Slashdot and give them a little benefit of the doubt -- not with their ethics, but with their business sense. In this case I think the ensuing flood of "when will they learn" posts will be overstated. I should note however that MSFT has had a pretty disappointing performance and that the public is catching onto the hole they're in, and not every investor is going to stay on the ship just because Microsoft is selling video games.
But then I think, I am a Debian addict and I am defending MS's business decisions, and then I think I've been up all night perfecting my porn site and I'm beginning to hallucinate. I don't know where I'm going with this... Back to the porn!
The worst thing MS ever did for itself is admit to competing against GNU/Linux.
They're just spreading the word further, to people who may never known of alternatives. Anyone who's semi-competent can then clarify the situation.
Keep it up Microsoft. Remember, it's a case of when - not if. You're helping to bring that date closer =)
Now everyone reading TFA knows better, because you already know about /.. How about the millions of people using Windows that were trying to ceonvert away because of security reasons, who dont know about /.. Until I switched from Windows to Mandrake Linux - I never even heard of this place, much less cared about which was more secure - however now I know better, my wife OTOH, doesn't - nor doesn't care to either I might add.
Stories like this are just like SPAM, the reason they keep happening is because it WORKS. Like it or not, its making an effect somewhere with someone and Redmond knows it.
MS recently announced that it would be giving the US military 30 days to apply security patches before releasing them (and disclosing them) to the public.
So now MS will have 30 days exposure for every security breach.
I look forward to a new report from the same guys next year showing these results.
Oh, I forgot, they won't be able to get the funding from MS.
- AndrewN
I use both Apache and IIS. If you ignore security, stability and some flexibility, IIS has some distinct advantages over Apache. For starters, it's far more user friendly with a nice mangement GUI. I know there are third-party and distro specific add-ons to manage Apache with a GUI, but that's not a straight Apache installation. Any idiot can setup IIS. It takes a slightly more savvy idiot willing to edit conf files or a 3d party GUI add-on to get Apache running properly. I find IIS's security simpler to manage. It doesn't have nearly the depth of security options you can put in an htaccess or realms, but most users want simple. What could be simpler than having access permissions tied to the file permissions? Apache does not have any built-in tools for creating and managing access files. Microsoft has targeted IIS towards the average sysadmin skill set and I think done it fairly well. I think they need to do more work in the security area. Specifically, things like including the IISLockdown tool functionality in the gui with some sane defaults. Some of the lockdown tool settings have been rolled into the newer versions, but it's still not all rolled in yet. I'd love to see a checkbox titled "deny access to IP addresses outside the US".
I certainly don't mean to let MSFT off the hook
for such brazen (and repeatedly brazen) self-
promotion. MSFT is a convicted (but yet to truly
be punished) monopolist corporation that cannot
be trusted to build a secure OS or Apps Suite,
let alone to "play fairly" in the marketplace.
But, hey folks, the 800 pound gorilla from Redmond
is not alone in these tactics. The pharmacutical
industry pulls the same kinds of tactics when it
comes to testing (and promoting) their drugs, and
they have (apparently) far more pull with the
government than MSFT does. How else to explain
their pricing structure in the USA (vs everywhere
else), let alone the "Pharamacutical Industry
Welfare Act of 2004" AKA the Medicare Prescription
Drug Plan? Pretty neat. The drug companies pay
the FDA for acceptance, and the government gives
them huge tax breaks for the flood of advertising
directed not at the doctors, but at the patients
in order to build demand for their product.
Then we also have the current regime in power that
is spending millions of taxpayer dollars for "public
education" regarding the "crisis" in Social Security.
It is nothing less than propaganda; it is illegal;
and they are getting away with it. Who, exactly,
will be the real beneficiaries of pension privatization?
The financial institutions on Wall Street that will
dictate where Trillions of dollars will be invested,
and like today, they will not be on the hook for
bad investment decisions, because they will still
get their management fees and commissions. But
John Q. Public and Joe Sixpack will be living in
cardboard boxes if the rosy projections go south.
There is no chance in Hades that the regime now
in power will recind their lame excuse for a
penalty against the Redmond monopolist, just like
there is no chance in Hades that Dubya will turn
into a populist, let alone a real "compassionate"
conservative. He has effectively exposed the
neo-cons true agenda, which is to "starve the beast"
called the social safety net, no matter what the cost.
When the sales team is given a quality product to push, they can do it with integrity and morals.
When the sales team is given a garbage product to push, they can not do it with integrity and morals.
The suckage of their business practices is in direct proportion to the suckage of their product offerings.
MS Word has been downhill since word 97. I remember MS Visual Studio 5 which had a Great help system. After 5 they said "screw the help, just use the MSDN CD." Something serious happened in microsoft about the time when the internet was getting big. They totally lost their minds.
By almost ANYBODY's log, MS-DOS 6.2 is more secure than many other OSes. It's certainly more secure than Linux, or OpenBSD, or any UNIX at all.
A default MS-DOS system has NO network ports opened.
The system must be accessed physically to intrude into it.
Everybody knows that once physical access has been reached, all bets are off. Very complex encrypted filesystem schemes must be implemented to make ANY OS more secure than any other, and rarely are.
with their methodology, the proof of the pudding is this:
all MS has to do to make their OS more secure as part of their 'trustworthy computing' is to announce the service pack and what it fixes one day *after* releasing the said service pack as the study uses a metric called 'days of risk'. can't beat the resulting -ve 'days of risk' unless the competitors did some serious time travelling to issue the patch. sure seems that if you actually make early disclosures it counts against you. some trustworthiness.
Is it any wonder that a well configured Windows system can be more secure than a poorly configured Linux system? I can easily turn my linux system into a security nightmare by enabling all services with default passwords, etc.. Or I can turn my Windows system into fort knox by disabling everything under the sun.