The problem with government funded research, like all other research, is that I do not have access to the full research project and what exactly was studied. If you wish to challenge facts based on these studies (well, you call them misstatements instead of facts), then you must answer specific questions, or those facts are meaningless.
I will give you an example...someone mentioned in one of the responses to this that Windows, as-is, comes with a certain set of applications. Similarly, Linux distributions come with a certain set of applications. Some have more than others. So, in these studies, which included applications did they consider? If I took every application available in the apt-get universe for Debian / Ubuntu and installed them all, I'd probably have a great deal more vulnerabilities there than on my XP box. On the other hand, installing MS Office or just Outlook significantly increases the number of security vulnerabilities a Windows machine has (so many of my critical updates concern members of the Office family). It may be argued (and often is) that Windows by itself is crippled. A fair comparison would be to look at what the Linux distros (and which distros are we talking about?) have included by default, and then install the commercially popular equivalents for Windows, so we're comparing apples to apples. Were these included in the research study you mentioned? Was the Windows machine in the study configured to turn off things like the sysadmin messenger service, or were these left on? Without knowing these things, the study is meaningless. Just as it is meaningless to give a Linux operating system a reliability or security score without mentioning which distro(s) were tested and how they were configured / which applications were installed. I'm not bashing Windows so much as pointing out that you should question your steadfast reliance on these studies. A government study undertaken by a pro-Microsoft organization, or even a non-biased organization that doesn't have a great deal of open source expertise, simply isn't going to produce reliable results. When statistical research is so easily skewed, and no original statistics or even use-cases are published, the studies are meaningless. We are left relying only on real-world experience, which you dismiss as anecdotal. To move this away from the Linux vs. Windows argument, I'll ask you another question: Is it or is it not true that most websites today are running on an open source platform (Apache)? If this is the case, then I will grant you that the desktop revolution may have been based on the Windows operating system and not on Unix if you will grant me that the entire internet as we know it came about as a result of open source software, not proprietary vendors. Dave. ------------------- Dave A. Chakrabarti Projects Coordinator CTCNet Chicago [EMAIL PROTECTED] (708) 919 1026 ------------------- Executive Director wrote: > I guess that I will believe government funded research over anecdotal > evidence, but that's just me. > Believe whatever you like, but I have and will continue to challenge > misstatements of facts, whenever or wherever. > > Bash Windows all you like, but the vision of a common interface of Windows, > not Unix, is what has caused the PC revolution we all benefit from today. > > " "CERT's report did not include figures for how quickly vulnerabilities are > patched once they are discovered. " > > See my later email on the Forester research. > > Mike > > Michael F. Pitsch > [EMAIL PROTECTED] > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. > Chakrabarti > Sent: Tuesday, May 23, 2006 10:20 AM > To: The Digital Divide Network discussion group > Subject: Re: [DDN] Microsoft: Open source 'not reliable or dependable' > > Mike, > > I find this hard to believe, given how frequently Windows has to patch > vulnerabilities. Last year their patches often resulted in computers being > rendered unuseable. I had a client who could no longer access her Windows > login screen, requiring an extensive support session at her home to fix. I > assumed it was a virus, but found out later it was a Windows patch, > automatically downloaded and installed (she had automatic updates turned on, > as Microsoft recommends). I'm also under the impression that most of the > websites in the world are currently hosted on open source platforms > (Apache). These facts are also a simple Google away. > > If open source products truly "appeared" more secure only because so few > people are using it on the desktop, then it would also "appear" > incredibly insecure in the corporate server environment, where it actually > makes up a more significant chunk of the market than Microsoft products. > Websites would be constantly going down because of Apache vulnerabilities, > and we'd all be running to Microsoft for salvation. > > Facts can be distorted in any direction. The media exists to sell a product > (their writing) and will cater to their target audience. Media outlets that > are pro- open source will tell you Linux is incredibly user friendly, > MS-friendly organizations will tell you that open source is less stable, > less commercially reliable, has no support, etc. I'd take neither at face > value. In my own use, I've found that some open source operating systems > make it incredibly difficult to do things that I'm used to Windows doing > automatically (mounting a hard drive) until you learn how the system expects > you to work; I also found that some, like Debian, have application > installation processes that are *much* more advanced and user-friendly than > anything in Windows. As a website developer, I've come to prefer open source > content management systems for their flexibility and their community > support, which I find more robust than proprietary solutions. > > In addition, from the article you linked: > > "CERT's report did not include figures for how quickly vulnerabilities are > patched once they are discovered. According to security firm Secunia, 124 of > its security advisories relate to flaws in Windows XP Professional, of which > 29 are unpatched - which gives it a lands Microsoft's operating system with > a "Highly Critical" security rating. > > In contrast, Red Hat 9 is affected by 99 Secunia warnings, but only one of > these flaws has not been patched by Red Hat. SuSE Linux Enterprise Server 9 > is covered in 91 advisories, but every one has been patched by the vendor. > Both products get a 'Not Critical' rating." > > This seems to support Taran's comment that Windows needs to get its act > together if it wants to deliver a more serious contender. From everything > I've heard, VISTA is bloated enough to wipe out any of the older systems > that the community technology world thrives on, which isn't a good sign. The > fact that I can install current versions of open source operating systems on > much older hardware and still produce useable machines makes Windows seem > very inflexible/unscaleable by comparison. > > Dave. > > ------------------- > Dave A. Chakrabarti > Projects Coordinator > CTCNet Chicago > [EMAIL PROTECTED] > (708) 919 1026 > ------------------- > > > > > Executive Director wrote: >> " That said, I do wish Microsoft luck in releasing anything soon, and >> I certainly hope that whatever they release doesn't permit the >> continued plague of flaws and vulnerabilities that the general >> population of the world has become familiar with. " >> >> This opinion of course ignores the fact that that there are more >> vulnerabilities in Linux/Unix than in Windows. >> >> "The US Government has reported that fewer vulnerabilities were found >> in Windows than in Linux/Unix operating systems in 2005." >> http://news.zdnet.co.uk/0,39020330,39245873,00.htm >> >> Opinions need to be supported to have any value. When you set personal >> bias aside, facts are a simple google away. >> >> Mike >> >> >> Michael F. Pitsch >> [EMAIL PROTECTED] >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Taran >> Rampersad >> Sent: Monday, May 22, 2006 2:26 PM >> To: The Digital Divide Network discussion group >> Subject: Re: [DDN] Microsoft: Open source 'not reliable or dependable' >> >> Fouad Riaz Bajwa wrote: >>> Microsoft: Open source 'not reliable or dependable' >>> View the complete story at: >>> http://news.com.com/Microsoft+Open+source+not+reliable+or+dependable/ >>> 2 >>> 100-73 >>> 44_3-6074237.html?tag=nefd.pulse >>> >>> A senior Microsoft executive told a BBC documentary that people >>> should use commercial software if they're looking for stability. >> Yeah, it's the same game... it's a game of influence, of marketing, >> and it works fairly well. But what the Microsoft executive needs to >> figure out is the difference between commercial and non-commercial >> software, which is a major faux-pas from an esteemed member of the > software marketing community. >> I say marketing because it's an executive, and not an engineer who >> actually has something to do with the code. >> >> There are many commercial open source/[free software] applications out >> there. Linux, Apache, BSD... the difference between commercial and >> non-commercial is about *selling*, not about software licenses. >> Therefore I stand on a pretty strong foundation when I say that the >> Microsoft Executive in question is either willfully misleading or >> incompetent or ignorant, or a synergistic combination of all three. >> >> Now, had he said that FOSS isn't stable he would be expressing an opinion. >> What he has done is made a stronger case for FOSS commercial products, >> for the people out there who know the difference between commercial >> and non-commercial. I believe that this includes everyone on this list. >> >> That said, I do wish Microsoft luck in releasing anything soon, and I >> certainly hope that whatever they release doesn't permit the continued >> plague of flaws and vulnerabilities that the general population of the >> world has become familiar with. And here's where I cross the line and >> express an unsubstantiated opinion: Perhaps they should use the Blue >> Screen of Death as a marketing ploy, since it seems that the more some >> people see it, the more often they reinstall Windows. :-) >> >> -- >> Taran Rampersad >> Presently in: San Fernando, Trinidad and Tobago [EMAIL PROTECTED] >> >> Looking for contracts/work! >> http://www.knowprose.com/node/9786 >> >> New!: http://www.OpenDepth.com >> http://www.knowprose.com >> http://www.digitaldivide.net/profile/Taran >> >> Pictures: http://www.flickr.com/photos/knowprose/ >> >> "Criticize by creating." - Michelangelo >> >> _______________________________________________ >> DIGITALDIVIDE mailing list >> DIGITALDIVIDE@mailman.edc.org >> http://mailman.edc.org/mailman/listinfo/digitaldivide >> To unsubscribe, send a message to >> [EMAIL PROTECTED] with the word UNSUBSCRIBE in the > body of the message. >> >> _______________________________________________ >> DIGITALDIVIDE mailing list >> DIGITALDIVIDE@mailman.edc.org >> http://mailman.edc.org/mailman/listinfo/digitaldivide >> To unsubscribe, send a message to [EMAIL PROTECTED] > with the word UNSUBSCRIBE in the body of the message. > _______________________________________________ > DIGITALDIVIDE mailing list > DIGITALDIVIDE@mailman.edc.org > http://mailman.edc.org/mailman/listinfo/digitaldivide > To unsubscribe, send a message to [EMAIL PROTECTED] with > the word UNSUBSCRIBE in the body of the message. > > > _______________________________________________ > DIGITALDIVIDE mailing list > DIGITALDIVIDE@mailman.edc.org > http://mailman.edc.org/mailman/listinfo/digitaldivide > To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE > in the body of the message. > _______________________________________________ DIGITALDIVIDE mailing list DIGITALDIVIDE@mailman.edc.org http://mailman.edc.org/mailman/listinfo/digitaldivide To unsubscribe, send a message to [EMAIL PROTECTED] with the word UNSUBSCRIBE in the body of the message.
