Re: [DDN] Microsoft: Open source 'not reliable or dependable'
I just had a 'Healthy Choice' 'Premium Fudge Bar' reading this. It tasted really good. Executive Director wrote: Taran, Do not try to obscure the issue of the vulnerabilities language you used. What you should say in a few words, rather than a lengthy treatise, is that you misspoke. I would say that, but I didn't. And since we're writing, you're not making much sense. And we can leave it at that. In my original message, I did not say Linux had less vulnerabilities than Windows. I simply stated that I wished Microsoft would fix Windows. Now, if you misread, that is your problem and you most certainly should leave it at that instead of resorting to these sorts of replies; if I were easily threatened and didn't know what I wrote I may simply crawl off wounded by your keen misreading of what was clearly written. However, what I wrote was clear. I am not threatened by the vast amount of knowledge you have at your disposal through search engines. You see, I have that capacity as well. But your initial search was flawed... you misread what I wrote, which I find amusing. Yes. I said it. I'm amused. Again, go back and read the original message, carefully. Now, if you want, you can tell me that you do not wish Microsoft to fix Windows. That would be a position that I would find amusing, but you are certainly entitled to your opinion, so I wouldn't try to misdirect the discussion so that I would look smarter than you. That would be too low for me. What I can do is proceed with my life as if nothing has happened. This is because nothing has happened. :-) I'm done with this thread. If you want to bash me, proceed with vigor. It's unhealthy to hold in aggression. Have some ice cream; I must recommend the 'Healthy Choice Premium Fudge Bar'. Quite tasty. I have to sleep early for a conference tomorrow, otherwise I would stick around and see how this ends up. Have fun! -- Taran Rampersad Presently in: San Fernando, Trinidad and Tobago [EMAIL PROTECTED] Looking for contracts/work! http://www.knowprose.com/node/9786 New!: http://www.OpenDepth.com http://www.knowprose.com http://www.digitaldivide.net/profile/Taran Pictures: http://www.flickr.com/photos/knowprose/ Criticize by creating. — Michelangelo ___ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message.
Re: [DDN] Microsoft: Open source 'not reliable or dependable'
The problem with government funded research, like all other research, is that I do not have access to the full research project and what exactly was studied. If you wish to challenge facts based on these studies (well, you call them misstatements instead of facts), then you must answer specific questions, or those facts are meaningless. I will give you an example...someone mentioned in one of the responses to this that Windows, as-is, comes with a certain set of applications. Similarly, Linux distributions come with a certain set of applications. Some have more than others. So, in these studies, which included applications did they consider? If I took every application available in the apt-get universe for Debian / Ubuntu and installed them all, I'd probably have a great deal more vulnerabilities there than on my XP box. On the other hand, installing MS Office or just Outlook significantly increases the number of security vulnerabilities a Windows machine has (so many of my critical updates concern members of the Office family). It may be argued (and often is) that Windows by itself is crippled. A fair comparison would be to look at what the Linux distros (and which distros are we talking about?) have included by default, and then install the commercially popular equivalents for Windows, so we're comparing apples to apples. Were these included in the research study you mentioned? Was the Windows machine in the study configured to turn off things like the sysadmin messenger service, or were these left on? Without knowing these things, the study is meaningless. Just as it is meaningless to give a Linux operating system a reliability or security score without mentioning which distro(s) were tested and how they were configured / which applications were installed. I'm not bashing Windows so much as pointing out that you should question your steadfast reliance on these studies. A government study undertaken by a pro-Microsoft organization, or even a non-biased organization that doesn't have a great deal of open source expertise, simply isn't going to produce reliable results. When statistical research is so easily skewed, and no original statistics or even use-cases are published, the studies are meaningless. We are left relying only on real-world experience, which you dismiss as anecdotal. To move this away from the Linux vs. Windows argument, I'll ask you another question: Is it or is it not true that most websites today are running on an open source platform (Apache)? If this is the case, then I will grant you that the desktop revolution may have been based on the Windows operating system and not on Unix if you will grant me that the entire internet as we know it came about as a result of open source software, not proprietary vendors. Dave. --- Dave A. Chakrabarti Projects Coordinator CTCNet Chicago [EMAIL PROTECTED] (708) 919 1026 --- Executive Director wrote: I guess that I will believe government funded research over anecdotal evidence, but that's just me. Believe whatever you like, but I have and will continue to challenge misstatements of facts, whenever or wherever. Bash Windows all you like, but the vision of a common interface of Windows, not Unix, is what has caused the PC revolution we all benefit from today. CERT's report did not include figures for how quickly vulnerabilities are patched once they are discovered. See my later email on the Forester research. Mike Michael F. Pitsch [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Chakrabarti Sent: Tuesday, May 23, 2006 10:20 AM To: The Digital Divide Network discussion group Subject: Re: [DDN] Microsoft: Open source 'not reliable or dependable' Mike, I find this hard to believe, given how frequently Windows has to patch vulnerabilities. Last year their patches often resulted in computers being rendered unuseable. I had a client who could no longer access her Windows login screen, requiring an extensive support session at her home to fix. I assumed it was a virus, but found out later it was a Windows patch, automatically downloaded and installed (she had automatic updates turned on, as Microsoft recommends). I'm also under the impression that most of the websites in the world are currently hosted on open source platforms (Apache). These facts are also a simple Google away. If open source products truly appeared more secure only because so few people are using it on the desktop, then it would also appear incredibly insecure in the corporate server environment, where it actually makes up a more significant chunk of the market than Microsoft products. Websites would be constantly going down because of Apache vulnerabilities, and we'd all be running to Microsoft for salvation. Facts can be distorted in any direction. The media exists to sell a product (their writing) and will cater
Re: [DDN] Microsoft: Open source 'not reliable or dependable'
I'm done with this thread. If you want to bash me, proceed with vigor. It's unhealthy to hold in aggression. Actually, if anyone wants to bash Taran or anyone else, take it off-list. I'm all for a vigorous debate about open source and proprietary software, but I won't allow it to be an excuse for flinging insults at each other. Play nice or play somewhere else. ac -- -- Andy Carvin acarvin (at) edc . org andycarvin (at) yahoo . com http://www.andycarvin.com http://www.digitaldivide.net http://www.pbs.org/learningnow -- ___ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message.
Re: [DDN] Microsoft: Open source 'not reliable or dependable'
I've been lurking this listserver for ages, and have not only appreciated those who spend so much of their time helping others, but appreciated the patience and kindness that I associate with the people here. A little sad and surprised to see this type of thing. Get back to what you all do best...*smile* This might lighten the mood: http://www.care2.com/ecards/p/8020-3532-10346-2209 Marianne Anderson, Med Instructor - ELC Educational Technology Specialist College of Arts Sciences Zayed University DubaiU.A.E. In the future all teachers will be IT Specialists. [EMAIL PROTECTED] 24/05/2006 4:33 pm I'm done with this thread. If you want to bash me, proceed with vigor. It's unhealthy to hold in aggression. Actually, if anyone wants to bash Taran or anyone else, take it off-list. I'm all for a vigorous debate about open source and proprietary software, but I won't allow it to be an excuse for flinging insults at each other. Play nice or play somewhere else. ac -- -- Andy Carvin acarvin (at) edc . org andycarvin (at) yahoo . com http://www.andycarvin.com http://www.digitaldivide.net http://www.pbs.org/learningnow -- ___ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message. BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marianne Anderson TEL;WORK:2082(106) ORG:;Arts Sciences - English Language Center EMAIL;WORK;PREF;NGW:[EMAIL PROTECTED] N:Anderson;Marianne END:VCARD BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marianne Anderson TEL;WORK:2082(106) ORG:;Arts Sciences - English Language Center EMAIL;WORK;PREF;NGW:[EMAIL PROTECTED] N:Anderson;Marianne END:VCARD ___ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message.
RE: [DDN] Microsoft: Open source 'not reliable or dependable'
That said, I do wish Microsoft luck in releasing anything soon, and I certainly hope that whatever they release doesn't permit the continued plague of flaws and vulnerabilities that the general population of the world has become familiar with. This opinion of course ignores the fact that that there are more vulnerabilities in Linux/Unix than in Windows. The US Government has reported that fewer vulnerabilities were found in Windows than in Linux/Unix operating systems in 2005. http://news.zdnet.co.uk/0,39020330,39245873,00.htm Opinions need to be supported to have any value. When you set personal bias aside, facts are a simple google away. Mike Michael F. Pitsch [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Taran Rampersad Sent: Monday, May 22, 2006 2:26 PM To: The Digital Divide Network discussion group Subject: Re: [DDN] Microsoft: Open source 'not reliable or dependable' Fouad Riaz Bajwa wrote: Microsoft: Open source 'not reliable or dependable' View the complete story at: http://news.com.com/Microsoft+Open+source+not+reliable+or+dependable/2 100-73 44_3-6074237.html?tag=nefd.pulse A senior Microsoft executive told a BBC documentary that people should use commercial software if they're looking for stability. Yeah, it's the same game... it's a game of influence, of marketing, and it works fairly well. But what the Microsoft executive needs to figure out is the difference between commercial and non-commercial software, which is a major faux-pas from an esteemed member of the software marketing community. I say marketing because it's an executive, and not an engineer who actually has something to do with the code. There are many commercial open source/[free software] applications out there. Linux, Apache, BSD... the difference between commercial and non-commercial is about *selling*, not about software licenses. Therefore I stand on a pretty strong foundation when I say that the Microsoft Executive in question is either willfully misleading or incompetent or ignorant, or a synergistic combination of all three. Now, had he said that FOSS isn't stable he would be expressing an opinion. What he has done is made a stronger case for FOSS commercial products, for the people out there who know the difference between commercial and non-commercial. I believe that this includes everyone on this list. That said, I do wish Microsoft luck in releasing anything soon, and I certainly hope that whatever they release doesn't permit the continued plague of flaws and vulnerabilities that the general population of the world has become familiar with. And here's where I cross the line and express an unsubstantiated opinion: Perhaps they should use the Blue Screen of Death as a marketing ploy, since it seems that the more some people see it, the more often they reinstall Windows. :-) -- Taran Rampersad Presently in: San Fernando, Trinidad and Tobago [EMAIL PROTECTED] Looking for contracts/work! http://www.knowprose.com/node/9786 New!: http://www.OpenDepth.com http://www.knowprose.com http://www.digitaldivide.net/profile/Taran Pictures: http://www.flickr.com/photos/knowprose/ Criticize by creating. - Michelangelo ___ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message. ___ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message.
Re: [DDN] Microsoft: Open source 'not reliable or dependable'
Mike, I find this hard to believe, given how frequently Windows has to patch vulnerabilities. Last year their patches often resulted in computers being rendered unuseable. I had a client who could no longer access her Windows login screen, requiring an extensive support session at her home to fix. I assumed it was a virus, but found out later it was a Windows patch, automatically downloaded and installed (she had automatic updates turned on, as Microsoft recommends). I'm also under the impression that most of the websites in the world are currently hosted on open source platforms (Apache). These facts are also a simple Google away. If open source products truly appeared more secure only because so few people are using it on the desktop, then it would also appear incredibly insecure in the corporate server environment, where it actually makes up a more significant chunk of the market than Microsoft products. Websites would be constantly going down because of Apache vulnerabilities, and we'd all be running to Microsoft for salvation. Facts can be distorted in any direction. The media exists to sell a product (their writing) and will cater to their target audience. Media outlets that are pro- open source will tell you Linux is incredibly user friendly, MS-friendly organizations will tell you that open source is less stable, less commercially reliable, has no support, etc. I'd take neither at face value. In my own use, I've found that some open source operating systems make it incredibly difficult to do things that I'm used to Windows doing automatically (mounting a hard drive) until you learn how the system expects you to work; I also found that some, like Debian, have application installation processes that are *much* more advanced and user-friendly than anything in Windows. As a website developer, I've come to prefer open source content management systems for their flexibility and their community support, which I find more robust than proprietary solutions. In addition, from the article you linked: CERT's report did not include figures for how quickly vulnerabilities are patched once they are discovered. According to security firm Secunia, 124 of its security advisories relate to flaws in Windows XP Professional, of which 29 are unpatched — which gives it a lands Microsoft's operating system with a Highly Critical security rating. In contrast, Red Hat 9 is affected by 99 Secunia warnings, but only one of these flaws has not been patched by Red Hat. SuSE Linux Enterprise Server 9 is covered in 91 advisories, but every one has been patched by the vendor. Both products get a 'Not Critical' rating. This seems to support Taran's comment that Windows needs to get its act together if it wants to deliver a more serious contender. From everything I've heard, VISTA is bloated enough to wipe out any of the older systems that the community technology world thrives on, which isn't a good sign. The fact that I can install current versions of open source operating systems on much older hardware and still produce useable machines makes Windows seem very inflexible/unscaleable by comparison. Dave. --- Dave A. Chakrabarti Projects Coordinator CTCNet Chicago [EMAIL PROTECTED] (708) 919 1026 --- Executive Director wrote: That said, I do wish Microsoft luck in releasing anything soon, and I certainly hope that whatever they release doesn't permit the continued plague of flaws and vulnerabilities that the general population of the world has become familiar with. This opinion of course ignores the fact that that there are more vulnerabilities in Linux/Unix than in Windows. The US Government has reported that fewer vulnerabilities were found in Windows than in Linux/Unix operating systems in 2005. http://news.zdnet.co.uk/0,39020330,39245873,00.htm Opinions need to be supported to have any value. When you set personal bias aside, facts are a simple google away. Mike Michael F. Pitsch [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Taran Rampersad Sent: Monday, May 22, 2006 2:26 PM To: The Digital Divide Network discussion group Subject: Re: [DDN] Microsoft: Open source 'not reliable or dependable' Fouad Riaz Bajwa wrote: Microsoft: Open source 'not reliable or dependable' View the complete story at: http://news.com.com/Microsoft+Open+source+not+reliable+or+dependable/2 100-73 44_3-6074237.html?tag=nefd.pulse A senior Microsoft executive told a BBC documentary that people should use commercial software if they're looking for stability. Yeah, it's the same game... it's a game of influence, of marketing, and it works fairly well. But what the Microsoft executive needs to figure out is the difference between commercial and non-commercial software, which is a major faux-pas from an esteemed member of the software marketing community. I say marketing because it's an executive
Re: [DDN] Microsoft: Open source 'not reliable or dependable'
Executive Director wrote: That said, I do wish Microsoft luck in releasing anything soon, and I certainly hope that whatever they release doesn't permit the continued plague of flaws and vulnerabilities that the general population of the world has become familiar with. I want you to reread what you quoted. And below, I shall refer to it. This opinion of course ignores the fact that that there are more vulnerabilities in Linux/Unix than in Windows. The US Government has reported that fewer vulnerabilities were found in Windows than in Linux/Unix operating systems in 2005. http://news.zdnet.co.uk/0,39020330,39245873,00.htm Read the top line: US-CERT found more vulnerabilities in Linux and Unix systems than in Windows in 2005, but that doesn't mean Windows is more secure Opinions need to be supported to have any value. When you set personal bias aside, facts are a simple google away. And yet selective reading remains a problem. Perhaps you could google which flaws took longer than 3 days to fix for either operating system? The beauty of Linux, in this case, is that it is easier to identify vulnerabilities and flaws before they are exploited. Not so with Windows. You'll also note that when I expressed my opinion that I made a comparison. However, if you really want me to roll my sleeves up, I can tack on the Microsoft Internet Explorer bugs/vulnerabilities, as well as Microsoft Outlook Express - since they too are rolled into the operating system. Statistics are subjective. We can both play with those numbers. CERT treats these as separate issues, but Microsoft doesn't (despite legal cases around the world). Certainly, the facts are just a google away. Perhaps you could google how many Linux users were and continue to be adversely affected by flaws as compared to Windows users? I'd love to see what information you turn up. Now, we can have an operating system war along these lines if this is what you wish. That was not my intent. I, as a registered user of a Microsoft Product (check the header on this message) am stating that Microsoft should be working toward fixing it's problems. I did not say that Linux was better or worse in that regard. You'll be hard pressed to see me making statements without a basis in fact, so perhaps you read what you wish to. What I did say is what you quoted above - which wasn't related to any other operating system. That said, please help Microsoft patch Windows. Oh. Sorry. You can't. Unless you work for Microsoft... do you? If you do work for Microsoft, I have a slew of questions for you which you should be able to handle well. This 'we look good by making others look bad' silliness has to stop somewhere. The criticisms I leveled at Microsoft were independent of Linux. All of that said, here's my comparison now that you have opened the door: If CERT can find more vulnerabilities in Linux, I count that as a success for Linux. That means things that Linux can fix things proactively; which the Linux community has been doing, as opposed to Microsoft's rendition of 'Oops, I did it again' after the flaw is already exploited. So another thing you can research is how many exploits for Windows were already being exploited before there were CERT advisories. As a licensed user of Microsoft, I reserve the right to criticize Microsoft. And as a registered user of Linux, I will do the same of Linux - as I do of any open source/free software product. If you choose to defend your choice based on what you find on Google, take a look here: http://www.google.tt/search?hl=ensafe=offq=%22operating+system%22btnG=Search Good day, and happy Googling! :-) -- Taran Rampersad Presently in: San Fernando, Trinidad and Tobago [EMAIL PROTECTED] Looking for contracts/work! http://www.knowprose.com/node/9786 New!: http://www.OpenDepth.com http://www.knowprose.com http://www.digitaldivide.net/profile/Taran Pictures: http://www.flickr.com/photos/knowprose/ Criticize by creating. — Michelangelo ___ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message.
RE: [DDN] Microsoft: Open source 'not reliable or dependable'
He said this: This opinion of course ignores the fact that that there are more vulnerabilities in Linux/Unix than in Windows. I said this: This opinion of course ignores the fact that that there are more vulnerabilities in Linux/Unix than in Windows. The US Government has reported that fewer vulnerabilities were found in Windows than in Linux/Unix operating systems in 2005. http://news.zdnet.co.uk/0,39020330,39245873,00.htm http://news.zdnet.co.uk/0,39020330,39245873,00.htm And goes on to say: Linux/Unix-based operating systems - a set that includes Mac OS X, as well as the various Linux distributions and flavours of Unix - had over twice as many vulnerabilities as Windows, according to the United States Computer Emergency Readiness Team (US-CERT), which is part of the US Department of Homeland Security. Change the subject, (security) confuse and obscure the issue all you like, (applications) but it doesn't change simple facts above. And obviously the info below deals with only a portion of those twice as many vulnerabilities. Also, the author of the letter did not mention the report by a security firm further down the page which stated that of the 124 security advisories in Windows XP that 29 remain unpatched. And of the commercial Linux vendors that are affected by the same level of security advisories, Red Hat had patched 98 of 99, and SuSE had patched 91 of 91. Forrester Research Inc. released a report last spring measuring days of risk, the percentage of the vulnerabilities actually patched and the percentage of the vulnerabilities rated as high by the U.S. government's National Institute for Standards and Technology's ICAT project. Forrester, which is based in Cambridge, Mass., found that Microsoft did the best job of releasing patches quickly and making a thorough effort at patching all vulnerabilities. http://searchwindowssecurity.techtarget.com/tip/1,289483,sid45_gci1120422,0 0.htm http://searchwindowssecurity.techtarget.com/tip/1,289483,sid45_gci1120422,00 .htm Personal bias is an powerful thing, but it does not allow you to wish things to become true. Mike Michael F. Pitsch [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED] On Behalf Of Jon maddog Hall Sent: Tuesday, May 23, 2006 11:41 AM To: The Digital Divide Network discussion group Subject: Re: [DDN] Microsoft: Open source 'not reliable or dependable' [EMAIL PROTECTED] said: Opinions need to be supported to have any value. When you set personal bias aside, facts are a simple google away. Indeed. The author of this letter did not include the entire sub-title of the article: US-CERT found more vulnerabilities in Linux and Unix systems than in Windows in 2005, but that doesn't mean Windows is more secure. and it would be of interest as to what the study considers to be a Linux distribution, which normally contains multiple mail carriers, multiple web browsers, multiple office packages, all of which may have a vulnerability but may not be applicable in a given customer's environment; versus the Windows operating system that is basically useless as it comes, but has 812 vulnerabilities. By the time you add Microsoft Office and various other applications to bring the Microsoft platform to the same functionality level as Linux, you might find that Microsoft has as many or more vulnerabilities. Also, the author of the letter did not mention the report by a security firm further down the page which stated that of the 124 security advisories in Windows XP that 29 remain unpatched. And of the commercial Linux vendors that are affected by the same level of security advisories, Red Hat had patched 98 of 99, and SuSE had patched 91 of 91. [EMAIL PROTECTED] said: Opinions need to be supported to have any value. When you set personal bias aside, facts are a simple google away. Yes indeed. Sometimes facts take a little reading and thinking too. md -- Jon maddog Hall Executive Director Linux International(R) email: [EMAIL PROTECTED] 80 Amherst St. Voice: +1.603.672.4557 Amherst, N.H. 03031-3032 U.S.A. WWW: http://www.li.org Board Member: Uniforum Association, USENIX Association (R)Linux is a registered trademark of Linus Torvalds in several countries. (R)Linux International is a registered trademark in the USA used pursuant to a license from Linux Mark Institute, authorized licensor of Linus Torvalds, owner of the Linux trademark on a worldwide basis (R)UNIX is a registered trademark of The Open Group in the USA and other countries. ___ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message. ___ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo
RE: [DDN] Microsoft: Open source 'not reliable or dependable'
Claude, But this discussion is simply about a misstatement of facts. I have read, interpreted and reported the facts correctly. I would thank you to not confuse or change the issue at hand. Mike Michael F. Pitsch [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Claude Almansi (BW) Sent: Tuesday, May 23, 2006 12:25 PM To: The Digital Divide Network discussion group Subject: Re: [DDN] Microsoft: Open source 'not reliable or dependable' Executive Director wrote: That said, I do wish Microsoft luck in releasing anything soon, and I certainly hope that whatever they release doesn't permit the continued plague of flaws and vulnerabilities that the general population of the world has become familiar with. This opinion of course ignores the fact that that there are more vulnerabilities in Linux/Unix than in Windows. The US Government has reported that fewer vulnerabilities were found in Windows than in Linux/Unix operating systems in 2005. http://news.zdnet.co.uk/0,39020330,39245873,00.htm Thanks for the very interesting article, Mike. Quoting from it: In the Windows vs Unix debate, the number of vulnerabilities is less relevant than the amount that are turned into successful attacks. We see far more successful attacks against Windows, because it's the most common environment, Greg Day, security analyst at McAfee, told ZDNet UK. As Linux becomes more common, we'll see more attacks against it, Day added. McAfee recommended firms look more at the probability of attack, rather than whether an attack is possible. The info about the speed with which vulnerabilities are respectively patched for Windows and for Linux/Unix is also revealing Opinions need to be supported to have any value. When you set personal bias aside, facts are a simple google away. (...) Mmm, I'd change that into ... facts are a simple google *and a careful reading of what you googled* away. Besides - but there I'll let the tech-competent people confirm or infirm what follows - one problem with Windows, if I understood correctly, is that software applications shoot roots in the system deeper than they do with Unix/Linux. Hence the big number of security alerts about Explorer, Outlook Express, but even about Word, like this one for instance: Microsoft Security Advisory (919637) Vulnerability in Word Could Allow Remote Code Execution Published: May 22, 2006 http://www.microsoft.com/technet/security/advisory/919637.mspx (...) What causes the vulnerability? When a user opens a specially crafted Word file using a malformed object pointer, it may corrupt system memory in such a way that an attacker could execute arbitrary code. (...) The patch will only be released on June 13. Maybe if Microsoft was a mite more thorough in checking software before releasing it as stable version, and a mite faster in providing patches, they wouldn't have to be concerned that this new report of a vulnerability in Word was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed. So, warning users when the vulnerability has already been not only discovered, but exploited, is what puts users at risk, according to Microsoft.. Best Claude Claude Almansi Castione, Switzerland www.adisi.ch ___ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message. ___ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message.
RE: [DDN] Microsoft: Open source 'not reliable or dependable'
What fascinates more than anything else in the ongoing Linux -v- Windows debate is the importance placed on potential code exploits over and above anything and everything else of consideration... User preference, suitability of purpose, sustainability and supportability, interactivity with existing systems and data, training requirements, ease-of-use... all pale to insignificance when a suspected 'exploit' raises its head. What also fascinates is the way these reported exploits are only deemed the responsibility of manufacturers to patch (albeit the manufacturer can be a corporation or community - noting Open Source is often both), yet most potential exploits are mitigated by the simplest of methods - Do not access the 'net under a user account with administrative rights; run an up-to-date virus scanner; do not accept html emails, and do not open email attachments from an unknown source. Somehow the matter of practicalities, common sense and reasonable use seems to have been lost in this continuing battle of platform evangelism. Don Cameron ___ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message.
[DDN] Microsoft: Open source 'not reliable or dependable'
Microsoft: Open source 'not reliable or dependable' View the complete story at: http://news.com.com/Microsoft+Open+source+not+reliable+or+dependable/2100-73 44_3-6074237.html?tag=nefd.pulse A senior Microsoft executive told a BBC documentary that people should use commercial software if they're looking for stability. I don't think (open source) is anti-Microsoft in the sense that it's giving people choices in the technologies that they use, Jonathan Murray, the vice president and chief technology officer of Microsoft Europe, told BBC World in the first part of the documentary The Code Breakers, which aired this week. Some people want to use community-based software, and they get value out of sharing with other people in the community. Other people want the reliability and the dependability that comes from a commercial software model. And again, at the end of the day, you make the choice based on what has the highest value to you, Murray continued. It isn't clear from Murray's statement which category he believes commercial open-source companies such as Red Hat and MySQL fit into. Forwarded by --- Fouad Riaz Bajwa FOSS Advocate www.fossfp.org ___ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message.