Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Microsoft: Linux is a threat, it may mean prices cuts and less businessfor us

Reply
Thread Tools

Microsoft: Linux is a threat, it may mean prices cuts and less businessfor us

 
 
Divine
Guest
Posts: n/a
 
      09-06-2004
On Tue, 07 Sep 2004 01:20:12 +1200, Nathan Mercer wrote:

> Divine wrote:
>> On Mon, 06 Sep 2004 05:24:18 -0700, Nathan Mercer wrote:
>>
>>
>>>>One of MS's own managers has admitted it is going to be 2011 before MS's
>>>>OSes can be considered secure...what ever that means.....Has XP improved
>>>>in stability? yes, was Linux responsible? I would think only in very
>>>>minor terms myself.
>>>
>>>The Microsoft Security Program Manager in question did not say that at
>>>all
>>>
>>>The original article (if it even deserves to be called that) is at
>>>http://www.wired.com/wired/archive/12.09/view.html?pg=3
>>>
>>>"it's more of a 10-year timeline" does not equate to "is going to be
>>>2011 before MS's OSes can be considered secure"

>>
>>
>> Let's see...
>>
>> A 10 year timeline from this year is... 2014!

>
> yeah, a 10 year timeline for what though?


Producing a secure version of Windows!


> Microsoft realises it has had Security problems and has a comprehensive
> plan for solving those issues.


Who cares about having a "plan" for future "features" - what is more
important is fixing the security bugs that exist *now*!


> Steps have been taken to protect the confidentiality, integrity, and
> availability of data and systems at every phase of the software
> development process—from design, to delivery, to maintenance.


Funny that - no results have come from it.


> As well as a solid roadmap for Security enabled features out over the
> next 5-10 years


Wow! That must be all the stuff that recently got dumped from Shorthorn.


> IMHO, in general Linux/OSS is still in denial.


About what?

Bugzilla will show you all there is to see about any kind of bug in OSS.


> Microsoft tried that for a while.


Didn't work eh?

Then it tried the FUD.

That didn't work either.


Now it's attempting to fight Linux.

That won't work either.


Open Source software, such as Linux is cheaper to aquire, and to deploy
and to use.

Development of Open Source software such as Linux, is faster - fixes to
any kind of flaw are rapidly produced, tested and deployed. New high
quality features are likewise rapidly implemented and throughly tested.


> Burying your head into the sand does not make the problem go away.


Agreed. But what problems are you talking about?


> You don't even believe there are security problems with OSS, do you?


Oh - there are bugs in Open Source software. Solutions, however, are
rapidly found, tested and distributed - much faster that what Micro$oft
can do, and done publically!


In my opinion, given present development trends, the next three years will
see many new and innovative features implemented in OSS that will result
in Micro$oft being left behind and perpetually playing catch-up.

All major proprietary software products will either be struggling to
compete with Open Source software or will have high-quality ports
available for the Linux platform.

All hardware manufacturers will be providing drivers for the major
distributions of *nix.

Linux, of course, will have settled on 3 main distributions - Debian,
RedHat/Mandrake, and Suse; with other distributions being based on the
three main ones.

In 6 years time Windows will no longer be in the datacentre; and few new
software products will be released first on the Windows platform.

Unix/Linux usage and admin will be standard courses at Tertiary level, and
schools software will be GNU/Open Source.


I think that this is a reasonable possibility given present trends.


Divine

--
"Even the most fanatical Microsoft supporter has to see that Longhorn has
become Shorthorn."

 
Reply With Quote
 
 
 
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      09-06-2004
Divine wrote:
>>"it's more of a 10-year timeline" does not equate to "is going to be
>>2011 before MS's OSes can be considered secure"


> Let's see...
> A 10 year timeline from this year is... 2014!


who says they started this year.
2001 is about(from memory) when they started pushing security over
all/most else.

--
Dave Hall
http://www.dave.net.nz
 
Reply With Quote
 
 
 
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      09-07-2004
Divine wrote:
>>Steps have been taken to protect the confidentiality, integrity, and
>>availability of data and systems at every phase of the software
>>development process—from design, to delivery, to maintenance.


> Funny that - no results have come from it.


You don't seem to read much about the subject that make up your
arguements. XPSP2 broke so many things all in the name of security.
Sure, it's not perfect, but is a major step in the right direction.

> All hardware manufacturers will be providing drivers for the major
> distributions of *nix.


not all do, but many decently sized companies do that now.

> Linux, of course, will have settled on 3 main distributions - Debian,
> RedHat/Mandrake, and Suse; with other distributions being based on the
> three main ones.


you mean like it is now?

> Unix/Linux usage and admin will be standard courses at Tertiary level, and
> schools software will be GNU/Open Source.


I think that this is wishfull thinking.

--
Dave Hall
http://www.dave.net.nz
 
Reply With Quote
 
Nathan Mercer
Guest
Posts: n/a
 
      09-07-2004
Divine <(E-Mail Removed)> wrote in message news:<pan.2004.09.06.14.20.55.742229@TRACKER>...
> >>>>One of MS's own managers has admitted it is going to be 2011 before MS's
> >>>>OSes can be considered secure...what ever that means.....Has XP improved
> >>>>in stability? yes, was Linux responsible? I would think only in very
> >>>>minor terms myself.
> >>>
> >>>The Microsoft Security Program Manager in question did not say that at
> >>>all
> >>>
> >>>The original article (if it even deserves to be called that) is at
> >>>http://www.wired.com/wired/archive/12.09/view.html?pg=3
> >>>
> >>>"it's more of a 10-year timeline" does not equate to "is going to be
> >>>2011 before MS's OSes can be considered secure"
> >>
> >> Let's see...
> >>
> >> A 10 year timeline from this year is... 2014!

> >
> > yeah, a 10 year timeline for what though?

>
> Producing a secure version of Windows!


Windows is secure now.
You don't just tick a box and now be secure. Security is a journey
not a destination. Security requires the right people, the right
tools and technologies and most importantly the right people and
process

> > Microsoft realises it has had Security problems and has a comprehensive
> > plan for solving those issues.

>
> Who cares about having a "plan" for future "features" - what is more
> important is fixing the security bugs that exist *now*!


Well, customers certainly care about a product roadmap
They like to see a regular, predictable release cycle that delvers
value and integration. Something that helps to Lower Deployment and
Management Costs

I would suggest that you really don't grasp the real world issues that
business deal with when it comes to IT.

> > Steps have been taken to protect the confidentiality, integrity, and
> > availability of data and systems at every phase of the software
> > development processâ€"from design, to delivery, to maintenance.

>
> Funny that - no results have come from it.


Rubbish. How anyone can come to that conclusion from the Windows
Security push is beyone me. Do you really truely honestly believe
that no results have some from Microsoft's security initiatives?

So Security is all relative. So who are you comparing Microsoft
Security against?

I presume its Linux, and here are some quick facts:

False that Linux doesn't have monthly patching
there has been more patches for RH EL3 than Windows Server 2003 every
month since they both shipped with a Kernel re-compile an average of
1x/month in 2004
https://rhn.redhat.com/errata/rhel3e...-security.html

False that Open Source does better testing
Microsoft's commercial model allows for a healthy tester:developer
ratio
and supplies them with the required training, and has individuals that
are accountable. Microsoft does required testing, with regression
tests, stress testing, application and interoperability testing,
threat modelling and penetration testing with independant audits
www.secunia.com will show you RH EL 2.1 and 3.0 have many more
Security Advisories than Windows 2000, Windows XP and Windows Server
2003

Where is the Security training in the OSS world? Where are the
skilled developers doing Security work? Where is the incentive for
them to be working on doing security testing on older "unsexy" code?
If they're not trained and skilled, how do they know what security
issues to look for?
Many eyes do not magically make all bugs shallow. The figures speak
for themselves

False that Linux has less Security Vulnerabilities
A hard-hitting, objective, independent report from Forrester available
from http://microsoft.com/windowsserversy...ulnerable.mspx
shows that Microsoft has the lowest overall total, with 101 less Vulns
that RedHat and 42 less high-severity vulns that RedHat

Microsoft’s has fewer vulnerabilities and the lowest days of risk

Responsiveness: On average, Microsoft had a fix available 25 days
after a security issue was publicly disclosed.

Thoroughness: Microsoft was the only vendor to have corrected 100% of
the publicly known flaws during the study's time period.

Relative Severity: Windows has the fewest vulnerabilities and the
fewest "high severity" vulnerabilities of any platform measured.

False that Linux resolves security issues quicker, with 100% of flaws
fixed by Microsoft

False that Open source provides higher assurance
Windows 2000 has EAL4+ Common Criteria certification with Windows XP
(including XP Embedded), Windows Server 2003, Windows Certificate
Server and ISA 2004 all in Evaluation for EAL4
Microsoft also provides Qualified source code inspection through the
Shared Source program

from RedHats recent SEC filing Red Hat SEC 10K FY2004
“We may not be able to timely release major product releases and
upgrades to our products because we depend on the support of Linux
developers not employed by us for improvements and advancement of our
Red Hat Enterprise Linux technologies.”

False that the Open source model assures source integrity
Linux and Open Source Attacks:
14 compromises of open source code repositories in 2 years
8 attempted insertions of back doors or Trojan Horses that anyone
knows of!

May 2004 â€" CVSHome open source repository hacked
March 2004 â€" GNOME Desktop source server breached
December 2003 â€" FSF Savannah â€" GNU source hacked
December 2003 - Gentoo Distribution compromised
November 2003 â€" Debian Distribution source hacked
November 2003 â€" Trojan Horse inserted in Linux Kernel
August 2003 â€" GNU Software source server hacked
April 2003 â€" B…..X client â€" Back Door inserted
November 2002 â€" tcpdump, libpcap â€" Trojans inserted
October 2002 â€" sendmail â€" Trojans inserted in source
October 2002 â€" Fragrouter â€" Trojan inserted in source
August 2002 â€" OpenSSH â€" Remote back door installed
May 2002 â€" Fragrouter â€" Trojan inserted in source
May 2002 â€" IRSSI â€" Remote back door installed

False that Linux customers don't get attacked
Zone-h.org January 2004
“As we can see, except from the period between Aug 03 and Nov 03,
the Linux family was far more attacked than the Windows family”

CNET April 2004
“…compromised a large number of Linux and Solaris machines in
high-speed computing networks at Stanford University, California, and
other academic research facilities .”

ZDNet Australia March 2004
Server compromise delays GNOME 2.6
“…found evidence on Tuesday that indicated that the project's Web
server had been compromised…”

ITWorld, January 2004
“Computer security researchers are again warning about a critical
vulnerability in the Linux kernel that could be used by malicious
hackers to take control of systems using the popular open source
operating system..”

Federal Computing Week, May 2004
Linux has its own security holes
“…experts warn that Linux is no more bulletproof than any other
system. Agencies that adopt Linux should be aware of its
vulnerabilities…”

net net

Common Security "Wisdom"

Linux doesn’t require monthly patching
Open Source does better testing
Linux has less security vulnerabilities
Linux resolves security issues quicker
Linux provides higher customer assurance
Open source assures source integrity
Linux customers don’t get attacked

Common Security Facts:

Linux requires monthly patching
Microsoft does better testing
Linux has more security vulnerabilities
Microsoft resolves security issues quicker
Microsoft provides higher assurance
Open source model is vulnerable to attack
Linux customers frequently get attacked

> > As well as a solid roadmap for Security enabled features out over the
> > next 5-10 years

>
> Wow! That must be all the stuff that recently got dumped from Shorthorn.
>
>
> > IMHO, in general Linux/OSS is still in denial.

>
> About what?


About the fact that security is an industry wide problem, and Linux
has more than its fair share of Security problems

If you really can't see this, you truely have your blinkers on, and
continue to have your head in the sand hoping the problem will go
away. It won't

> Bugzilla will show you all there is to see about any kind of bug in OSS.
>
>
> > Microsoft tried that for a while.

>
> Didn't work eh?


Microsoft is beyond denial, Microsoft has been training developers,
testers on Security awareness for years now. This is why Microsoft
has turned around

> Then it tried the FUD.
>
> That didn't work either.
>
>
> Now it's attempting to fight Linux.
>
> That won't work either.
>
>
> Open Source software, such as Linux is cheaper to aquire, and to deploy
> and to use.


Cheaper to acquire yes, but in no way is it cheaper to deploy and use

An independent analysis of long-term Linux deployments concludes that
operating expenses for some companies can overcome initial purchase
savings, making Linux's total cost of ownership greater than that of
Windows.

In particular:
Linux planning costs were 5 to 25 percent higher
Linux training costs were 15 percent higher on average

http://download.microsoft.com/downlo...sCosts0404.pdf


> Development of Open Source software such as Linux, is faster - fixes to
> any kind of flaw are rapidly produced, tested and deployed. New high
> quality features are likewise rapidly implemented and throughly tested.


Rubbish. How Open source can rapidly produce new code

> > Burying your head into the sand does not make the problem go away.

>
> Agreed. But what problems are you talking about?


Security is an industry problem. My opinion is that in general
Linux/OSS hasn't got beyond the denial stage yet

> > You don't even believe there are security problems with OSS, do you?

>
> Oh - there are bugs in Open Source software. Solutions, however, are
> rapidly found, tested and distributed - much faster that what Micro$oft
> can do, and done publically!


The independant analysis I provided you above disproves this

After collecting a year's worth of vulnerability data, Forrester
analyzed Windows and four key Linux distributors on key metrics of
responsiveness to vulnerabilities, severity of vulnerabilities, and
thoroughness in fixing flaws

On average, Microsoft had a fix available 25 days after a security
issue was publicly disclosed

Microsoft was the only vendor to have corrected 100% of the publicly
known flaws during the study's time period

Windows has the fewest vulnerabilities and the fewest "high severity"
vulnerabilities of any platform measured.

> In my opinion, given present development trends, the next three years will
> see many new and innovative features implemented in OSS that will result
> in Micro$oft being left behind and perpetually playing catch-up.


Time will tell

> All major proprietary software products will either be struggling to
> compete with Open Source software or will have high-quality ports
> available for the Linux platform.
>
> All hardware manufacturers will be providing drivers for the major
> distributions of *nix.
>
> Linux, of course, will have settled on 3 main distributions - Debian,
> RedHat/Mandrake, and Suse; with other distributions being based on the
> three main ones.
>
> In 6 years time Windows will no longer be in the datacentre; and few new
> software products will be released first on the Windows platform.


Once again time will tell, I really find this one hard to believe

> Unix/Linux usage and admin will be standard courses at Tertiary level, and
> schools software will be GNU/Open Source.
>
> I think that this is a reasonable possibility given present trends.


We will see, let the market speak for itself
If Linux is so good, why don't more people run it? The numbers speak
for themselves

Regards
Nathan, CISSP
[I speak for myself, and no one else...]
 
Reply With Quote
 
AD.
Guest
Posts: n/a
 
      09-07-2004
On Mon, 06 Sep 2004 18:18:12 -0700, Nathan Mercer wrote:

> Where are the skilled [open source]* developers doing Security work?


In the OpenBSD project mostly

* I added that bit for clarifying the context

Cheers
Anton
 
Reply With Quote
 
NOSPAM@NOSPAM.invalid.com
Guest
Posts: n/a
 
      09-07-2004
On Tue, 07 Sep 2004 12:18:28 +1200, Dave - Dave.net.nz wrote:

>> Unix/Linux usage and admin will be standard courses at Tertiary level, and
>> schools software will be GNU/Open Source.

>
> I think that this is wishfull thinking.


It's my prediction.

I am happy to let time prove me wrong, or right.


Divine

--
"Even the most fanatical Microsoft supporter has to see that Longhorn has
become Shorthorn."

 
Reply With Quote
 
AD.
Guest
Posts: n/a
 
      09-07-2004
On Tue, 07 Sep 2004 13:57:23 +1200, http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

> On Mon, 06 Sep 2004 18:18:12 -0700, Nathan Mercer wrote:
>
>> Well, customers certainly care about a product roadmap

>
> No. Developers care about that.


Well our customers seem to care about ours. Why wouldn't they?

And I wish you were right - frankly the time spent putting it together
for them would be better spent coding IMO.

Cheers
Anton
 
Reply With Quote
 
NOSPAM@NOSPAM.invalid.com
Guest
Posts: n/a
 
      09-07-2004
On Mon, 06 Sep 2004 18:18:12 -0700, Nathan Mercer wrote:

>> > yeah, a 10 year timeline for what though?

>>
>> Producing a secure version of Windows!

>
> Windows is secure now.


HAHAHAHAHAHaHaHaHaHaHaHaHahahahahahahahahahahahaha hah!


Divine

--
"Even the most fanatical Microsoft supporter has to see that Longhorn has
become Shorthorn."

 
Reply With Quote
 
NOSPAM@NOSPAM.invalid.com
Guest
Posts: n/a
 
      09-07-2004
On Mon, 06 Sep 2004 18:18:12 -0700, Nathan Mercer wrote:

> Well, customers certainly care about a product roadmap


No. Developers care about that.


Divine

--
"Even the most fanatical Microsoft supporter has to see that Longhorn has
become Shorthorn."

 
Reply With Quote
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      09-07-2004
(E-Mail Removed) wrote:
>>>Unix/Linux usage and admin will be standard courses at Tertiary level, and
>>>schools software will be GNU/Open Source.


>>I think that this is wishfull thinking.


> It's my prediction.
> I am happy to let time prove me wrong, or right.


Im happy for you

--
Dave Hall
http://www.dave.net.nz
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Testking.co.uk study guides with all new updates at very less prices loyola MCSD 5 01-03-2006 07:04 PM
Testking.co.uk study guides with all new updates at very less prices loyola MCSE 5 01-03-2006 07:04 PM
Testking.co.uk study guides with all new updates at very less prices loyola Microsoft Certification 5 01-03-2006 07:04 PM
Realexamquestions.com study guides with less prices and 100% passing guarantee realexxams@yahoo.com MCAD 0 12-26-2005 05:03 AM
Realexamquestions.com study guides with less prices and 100% passing guarantee realexxams@yahoo.com MCSA 0 12-26-2005 05:03 AM



Advertisments