Slashdot Mirror
Microsoft Silently Backs Favorable Presentation at RSA
lildogie writes "Two researchers, from the Florida Institute of Technology and Boston-based Security Innovation Inc., 'surprised the audience at a computer-security convention last month with their finding that a version of Microsoft Windows was more secure than a competing Linux operating system' according to the Seattle Post-Intelligencer. 'This week, the researchers released their finished report, and it included another surprise: Microsoft was funding the project all along.' When will they ever learn?"
If you want your product to be found safe or secure of what ever, you fund reasearch. Cell phone compinies fund research to show that they are safe, but a recently publish study buy a guy from University of Washington proved otherwise.
All these research by MS funded institutions and researchers, Alexis de Tocqueville etc... It's to predictable. Do people actually believe anything they're saying? At least this time they didn't claim Torvalds isn't the father of Linux.
But at the time they weren't too worried about the long term growing threat, they were worried about the pending case. Now the big picture nightmare is being realized on all fronts and they need to go down in flames shooting off ridiculous attacks/defenses that they paid for because the net result will probably be in the black, at least beyond the slashdotters, of keeping more people from moving to linux than they drive toward linux because those people found out that MS paid for the study and yada yada. Count on that MS reads the likes of Slashdot and give them a little benefit of the doubt -- not with their ethics, but with their business sense. In this case I think the ensuing flood of "when will they learn" posts will be overstated. I should note however that MSFT has had a pretty disappointing performance and that the public is catching onto the hole they're in, and not every investor is going to stay on the ship just because Microsoft is selling video games.
But then I think, I am a Debian addict and I am defending MS's business decisions, and then I think I've been up all night perfecting my porn site and I'm beginning to hallucinate. I don't know where I'm going with this... Back to the porn!
We are not questioning their results, our problem is with their methodology.
Their primary metric is "days since a vulnerability is disclosed to when a patch is released".
Microsoft doesn't officially disclose anything (aka "responsible disclosure") until all of their major customers have already been hit, and they have a fix ready.
Open-source software on the other hand has a tendency of being overly paranoid, and will release a security bulletin for every little thing as quickly as possible. This puts them at a natural disadvantage, using the above metric.
According to these "researchers", not letting your customers know that there's a vulnerability is preferred to letting them know as soon as possible. This sort of sounds like a good idea, until you factor in the fact that black hats will know pretty much immediately, word spreads quick.
DJ kRYPT's Free MP3s!
When the sales team is given a quality product to push, they can do it with integrity and morals.
When the sales team is given a garbage product to push, they can not do it with integrity and morals.
The suckage of their business practices is in direct proportion to the suckage of their product offerings.
MS Word has been downhill since word 97. I remember MS Visual Studio 5 which had a Great help system. After 5 they said "screw the help, just use the MSDN CD." Something serious happened in microsoft about the time when the internet was getting big. They totally lost their minds.