![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
janestarzMicrosoft says Linux isn't safe. Linux users always said Microsoft isn't safe.
Slashdot article to be found here.
Original article posted below. Italics are comments of other slashdot readers.
[quote]
Linux security is a 'myth', claims Microsoft
Open source OS 'not ready for mission-critical computing'
Robert Jaques, vnunet.com 28 Jan 2005
A senior Microsoft executive, speaking exclusively to vnunet.com, has dismissed Linux's reputation as a secure platform as a "myth", claiming that the open source development process creates fundamental security problems.
Nick McGrath, head of platform strategy for Microsoft in the UK, said that the myths surrounding the open source operating system are rapidly being exploded, and that customers are dismissing Linux as too immature to cope with mission-critical computing.
"The biggest challenge we need to face centres on the myth and reality. There are lots of myths out there as to what Linux can do. One myth we see is that Linux is more secure than Windows. Another is that there are no viruses for Linux," said McGrath.
"Who is accountable for the security of the Linux kernel? Does Red Hat, for example, take responsibility? It cannot, as it does not produce the Linux kernel. It produces one distribution of Linux.
"In Microsoft's world customers are confidant that we take responsibility. They know that they will get their upgrades and patches."
McGrath went on to claim that another Linux myth centres on the number of open source developers who work to create the operating system.
"There a myth in the market that there are hundreds of thousands of people writing code for the Linux kernel. This is not the case; the number is hundreds, not thousands," he said.
"If you look at the number of people who contribute to the kernel tree, you see that a significant amount of the work is just done by a handful.
"There are very few of the improvements that come through the wider community. There are more skilled developers writing for the Microsoft platform than for open source.
"The way that 2004 started off there were a lot of myths in the marketplace around the cost and capability of Linux. But now a lot of the ideology has been replaced with commercial reality."
McGrath argued that recent growth in Linux deployments came largely at the expense of installed Unix systems, rather than replacement of Windows servers.
"We are increasingly seeing that the biggest challenges in the marketplace are less for Microsoft and more in the Unix space. Customers are moving away from Risc to Intel as the price performance ratio is compelling," he said.
"A lot of the percentage growth figures mask the fact that Linux is coming from a very small base. There are more Unix servers than Linux servers in the UK. There are more Windows servers than Linux servers in the UK."
The credibility of Linux in the enterprise is beginning to suffer, according to McGrath, as companies complete trials and find the platform wanting.
"A lot of customers have got trials and pilots of Linux, but are holding back Linux deployment into the mainstream because the operating system does not have the solution stack that they were expecting," he said.
"Most customers look for more than just a product from their vendors. They need a solution that comes with the appropriate levels of support and service. This is where Linux is becoming more challenged as people expect more from Linux.
"Linux is not ready for mission-critical computing. There are fundamental things missing. For example, there is no single development environment for Linux as there is for Microsoft, neither is there a single sign-on system.
"There are bits of the Linux software stack that are missing. These are factors that are holding back Linux."
[unquote]
----------------
Hilarious and often truthful and insightful comments from slashdotters:
Slashdot reader SilverspurG: Care to elaborate? Just what part of the software stack is missing?
Slashdot reader Had3l: They don't know, it's missing.
Slashdot reader tdemark:
Who is accountable for the safety of drinking water? Does Evian, for example, take responsibility? It cannot, as it does not produce water. It packages one distribution of water.
Slashdot reader Jesus_666: That's why water is not ready for mission-critical drinking, as it's development model is fundamentally flawed and it's lacking a single 'drink-on system'. Because of that Microsoft has been forcing it's employees to only drink Jack Daniel's Tennessee Whiskey since 1984.
Slashdot reader Coryoth: I think the difference doesn't actually look good for Microsoft really. Yes they say
Personally I'd be more willing to trust the system that has lots of companies wanting to step up and offer to be responsible. If I wanted accountability I'd pay one those comanies to be responsible for any issues, rather than Microsoft, standing alone, claiming they are responsible "sort of, in a way, maybe".
Slashdot reader bennomatic: Microsoft isn't a software company. They're a marketing company. They do what it takes to sell whatever they've got. I used to say that MS could pipe all their employee toilets into a packaging facility and sell Microsoft Excrement at a profit. With their marketing muscle, they could find an audience for just about any product.
Unfortunately, part of marketing, especially when your product is getting negative publicity, is pointing out perceived flaws in competing products. I believe the term often used is FUD, and it's nothing new or unique to MS. Heck, it's pretty much how GWB won a second term.
When it comes to this sort of thing, they have a wide lattitude of opinions they can express, especially when there is no Linux, Inc. to sue them for slander. The Linux community, however, has been quite good at spreading the word about MS badness; they're just trying to do the reverse because their feelings are hurt.
Slashdot reader agraupe: Here's my personal evaluations of security differences:
Spyware:
Windows: I run a spyware checker every week or two, and it almost consistently finds new spyware.
Linux: Is there a spyware checker for linux? Does there need to be? I know that my Linux box runs consistently fast, and has no search bars.
Default Habits:
Windows: The Windows XP install, by default, seems to create an Administrator account with no password, no User account, and no suggestion that there should be a user account. Also, there's many services that are on by default, that really shouldn't be.
Linux: All linux distros I've used require a root password, and strongly emphasize that root is not to be used for day-to-day computing. Depending on the distro, most unnecessary services are off by default.
Updating:
Windows: Use an insecure browser, tied to the OS itself, to browse to Windows Update, wherein the system is updated. Note that these updates have a nasty habit of breaking things, and this does not update third-party software which may be vulnerable.
Linux: sudo apt-get update; sudo apt-get OR upgrade
sudo emerge sync; sudo emerge --update world
Do I need to go on?
Slashdot reader roguelazer:
Yes, what a good point. There are multiple DE's for linux. This is a bad thing, because it means developers have a choice. There should only be one piece of software for each category, and it should be manufactured by Microsoft. Choice is bad, people!
Slashdot reader lisandro: "Microsoft bigwig Nick McGrath claims that Linux security is highly exaggerated, and that the open source development model is 'fundamentally flawed'."
Why, of course he does. That's his job.
In other stories, water's wet, sky is blue and women have secrets. More news at 10!
----------
NoKey and I had much fun reading the comments on the item/article to eachother. Yes, Microsoft Windows is easier to use. No, I can't install programs myself. But somewhere that is good. At least if I download a .exe (windows executable) on [the linux version of] Kazaa that will 99% of the time contain spyware/viruses/adware, it can't install, because it won't work. I don't run as root, so if I accidentally type "rm -rf/" in a shell I will only delete my own files, in stead of rendering my system completely useless.
The sad thing is that these kinds of marketing ploys, this kind of publicity will actually be believed. Mostly by the kind of people who did indeed vote for GWB (George Dubya). Sad thing is that my brother (university student) will also believe it. He thinks Windows is safe enough.
In any case, with so many smart minds willing to look a little further than a marketing ploy, I feel safe enough using a OS they will fix whenever there is something wrong.
Slashdot article to be found here.
Original article posted below. Italics are comments of other slashdot readers.
Preformatted text are quotes from the article, often vital to the reply of the slashdot reader.
[quote]
Linux security is a 'myth', claims Microsoft
Open source OS 'not ready for mission-critical computing'
Robert Jaques, vnunet.com 28 Jan 2005
A senior Microsoft executive, speaking exclusively to vnunet.com, has dismissed Linux's reputation as a secure platform as a "myth", claiming that the open source development process creates fundamental security problems.
Nick McGrath, head of platform strategy for Microsoft in the UK, said that the myths surrounding the open source operating system are rapidly being exploded, and that customers are dismissing Linux as too immature to cope with mission-critical computing.
"The biggest challenge we need to face centres on the myth and reality. There are lots of myths out there as to what Linux can do. One myth we see is that Linux is more secure than Windows. Another is that there are no viruses for Linux," said McGrath.
"Who is accountable for the security of the Linux kernel? Does Red Hat, for example, take responsibility? It cannot, as it does not produce the Linux kernel. It produces one distribution of Linux.
"In Microsoft's world customers are confidant that we take responsibility. They know that they will get their upgrades and patches."
McGrath went on to claim that another Linux myth centres on the number of open source developers who work to create the operating system.
"There a myth in the market that there are hundreds of thousands of people writing code for the Linux kernel. This is not the case; the number is hundreds, not thousands," he said.
"If you look at the number of people who contribute to the kernel tree, you see that a significant amount of the work is just done by a handful.
"There are very few of the improvements that come through the wider community. There are more skilled developers writing for the Microsoft platform than for open source.
"The way that 2004 started off there were a lot of myths in the marketplace around the cost and capability of Linux. But now a lot of the ideology has been replaced with commercial reality."
McGrath argued that recent growth in Linux deployments came largely at the expense of installed Unix systems, rather than replacement of Windows servers.
"We are increasingly seeing that the biggest challenges in the marketplace are less for Microsoft and more in the Unix space. Customers are moving away from Risc to Intel as the price performance ratio is compelling," he said.
"A lot of the percentage growth figures mask the fact that Linux is coming from a very small base. There are more Unix servers than Linux servers in the UK. There are more Windows servers than Linux servers in the UK."
The credibility of Linux in the enterprise is beginning to suffer, according to McGrath, as companies complete trials and find the platform wanting.
"A lot of customers have got trials and pilots of Linux, but are holding back Linux deployment into the mainstream because the operating system does not have the solution stack that they were expecting," he said.
"Most customers look for more than just a product from their vendors. They need a solution that comes with the appropriate levels of support and service. This is where Linux is becoming more challenged as people expect more from Linux.
"Linux is not ready for mission-critical computing. There are fundamental things missing. For example, there is no single development environment for Linux as there is for Microsoft, neither is there a single sign-on system.
"There are bits of the Linux software stack that are missing. These are factors that are holding back Linux."
[unquote]
----------------
Hilarious and often truthful and insightful comments from slashdotters:
"There are bits of the Linux software stack that are missing"
Slashdot reader SilverspurG: Care to elaborate? Just what part of the software stack is missing?
Slashdot reader Had3l: They don't know, it's missing.
Slashdot reader tdemark:
"Who is accountable for the security of the Linux kernel? Does Red Hat, for example, take responsibility? It cannot, as it does not produce the Linux kernel. It produces one distribution of Linux."
Who is accountable for the safety of drinking water? Does Evian, for example, take responsibility? It cannot, as it does not produce water. It packages one distribution of water.
Slashdot reader Jesus_666: That's why water is not ready for mission-critical drinking, as it's development model is fundamentally flawed and it's lacking a single 'drink-on system'. Because of that Microsoft has been forcing it's employees to only drink Jack Daniel's Tennessee Whiskey since 1984.
Slashdot reader Coryoth: I think the difference doesn't actually look good for Microsoft really. Yes they say
"we're here and responsible for our stuff"but phrased a little differently, what they're really saying is that in all the world there's only one company that has sufficient faith in Microsoft OS software that they're willing to be responsible for it (and if you read the EULA they're not responsible anyway). In contrast Linux has many companies who are all sufficiently confident in Linux that they're willing to stand up and actually take responsibility for it. Why are they so confident? Because they know that even if a problem is found they can fix it themselves and provide that fix to their customers.
Personally I'd be more willing to trust the system that has lots of companies wanting to step up and offer to be responsible. If I wanted accountability I'd pay one those comanies to be responsible for any issues, rather than Microsoft, standing alone, claiming they are responsible "sort of, in a way, maybe".
Slashdot reader bennomatic: Microsoft isn't a software company. They're a marketing company. They do what it takes to sell whatever they've got. I used to say that MS could pipe all their employee toilets into a packaging facility and sell Microsoft Excrement at a profit. With their marketing muscle, they could find an audience for just about any product.
Unfortunately, part of marketing, especially when your product is getting negative publicity, is pointing out perceived flaws in competing products. I believe the term often used is FUD, and it's nothing new or unique to MS. Heck, it's pretty much how GWB won a second term.
When it comes to this sort of thing, they have a wide lattitude of opinions they can express, especially when there is no Linux, Inc. to sue them for slander. The Linux community, however, has been quite good at spreading the word about MS badness; they're just trying to do the reverse because their feelings are hurt.
Slashdot reader agraupe: Here's my personal evaluations of security differences:
Spyware:
Windows: I run a spyware checker every week or two, and it almost consistently finds new spyware.
Linux: Is there a spyware checker for linux? Does there need to be? I know that my Linux box runs consistently fast, and has no search bars.
Default Habits:
Windows: The Windows XP install, by default, seems to create an Administrator account with no password, no User account, and no suggestion that there should be a user account. Also, there's many services that are on by default, that really shouldn't be.
Linux: All linux distros I've used require a root password, and strongly emphasize that root is not to be used for day-to-day computing. Depending on the distro, most unnecessary services are off by default.
Updating:
Windows: Use an insecure browser, tied to the OS itself, to browse to Windows Update, wherein the system is updated. Note that these updates have a nasty habit of breaking things, and this does not update third-party software which may be vulnerable.
Linux: sudo apt-get update; sudo apt-get OR upgrade
sudo emerge sync; sudo emerge --update world
Do I need to go on?
Slashdot reader roguelazer:
"there is no single Development Environment for Linux as there is for Microsoft"
Yes, what a good point. There are multiple DE's for linux. This is a bad thing, because it means developers have a choice. There should only be one piece of software for each category, and it should be manufactured by Microsoft. Choice is bad, people!
Slashdot reader lisandro: "Microsoft bigwig Nick McGrath claims that Linux security is highly exaggerated, and that the open source development model is 'fundamentally flawed'."
Why, of course he does. That's his job.
In other stories, water's wet, sky is blue and women have secrets. More news at 10!
----------
NoKey and I had much fun reading the comments on the item/article to eachother. Yes, Microsoft Windows is easier to use. No, I can't install programs myself. But somewhere that is good. At least if I download a .exe (windows executable) on [the linux version of] Kazaa that will 99% of the time contain spyware/viruses/adware, it can't install, because it won't work. I don't run as root, so if I accidentally type "rm -rf/" in a shell I will only delete my own files, in stead of rendering my system completely useless.
The sad thing is that these kinds of marketing ploys, this kind of publicity will actually be believed. Mostly by the kind of people who did indeed vote for GWB (George Dubya). Sad thing is that my brother (university student) will also believe it. He thinks Windows is safe enough.
In any case, with so many smart minds willing to look a little further than a marketing ploy, I feel safe enough using a OS they will fix whenever there is something wrong.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2005-02-09 09:39 am (UTC)Installing programs on linux is fun, if you don't mind /usr/local <.<
The thing which makes linux safe is that everyone can look through it for holes. Sure, maybe only a few find holes and contribute, but there's bound to be more than a handful of people who have nothing better to do than to look for security holes.