Originally at http://www.ip-wars.net/story/2005/1/31/162618/771
Another Turn of the MS FUD Machine Crank
by T. W. Zellers
Just a quickie to keep in practice.
In an article on vnunet, Microsoft's Nick McGrath launches some more standard issue FUD. Most of the statements can be classed as unsupported assertions.
One myth we see is that Linux is more secure than Windows.
This is pejorative in the presumption that it is a myth rather than demonstrated experience.
Another is that there are no viruses for Linux
Hmm, I've never heard that one. In fact I know there are virii which can attack Linux. The difference is that such attacks are not widely successful because Linux is not a monoculture - even within the same distribution users have enormous flexibility in the services and options they run - and the security design of Linux, as with unix-like systems was intended from scratch as a multi-user system, whereas Windows still shows its single user roots. Virii are generally unsuccessful against Linux because it requires an inept configuration to leave the attack vectors susceptible and when vulnerabilities are uncovered they are generally patched (and applied by even marginally competent admins) before an exploit can be written and widely deployed.</FONT>
Who is accountable for the security of the Linux kernel?
This is a rather transparent confabulation of accountability with vulnerability. And it should be noted that the number of competing Linux distributions, both commercial and not, ensure an interest in seeing that vulnerabilities are patched and quickly; the GPL subsequently ensures that the patches required by that distro's makers are subsequently shared and distributed.
In Microsoft's world customers are confidant that we take responsibility. They know that they will get their upgrades and patches.
Really? I seem to recall a recent study on naked computers attached to the internet... Three minutes until the MS box was 0wn3ed. Please tell me how to configure a box with only some version of Windows to safely connect to the internet without third party hardware or software ... even for just long enough to download the patches and upgrades which still won't protect me.
McGrath went on to claim that another Linux myth centres on the number of open source developers who work to create the operating system.
"There a myth in the market that there are hundreds of thousands of people writing code for the Linux kernel. This is not the case; the number is hundreds, not thousands," he said.
It is probably true that the number of active developers on the kernel at any one time is only in the hundreds. But the synergy of open source is that as each kernel is released there are probably thousands who will test the new kernel and provide feedback to the actual developers for each development kernel, and tens or hundreds of thousands - possibly nearing the million mark by now, who will quickly report a problem with a kernel on the stable branch. This works.
McGrath argued that recent growth in Linux deployments came largely at the expense of installed Unix systems, rather than replacement of Windows servers.
The argument that "replacement" is the issue is itself a distraction, or in SouthParkian, a Wookie. I suspect most Linux deployments are servers which would not have been deployed at all, or the service would have been deployed on an already existing box had not Linux been available free of charge and demonstrably reliable and stable. Very likely most Linux boxes implement new services or augment existing services and do not replace existing services and servers until obsolescence claims the old. The low initial cost and low ongoing maintenance makes Linux a natural for a new utility service, whereas the migration cost (to any platform) of an existing service makes direct replacement a relative rarity.
A lot of customers have got trials and pilots of Linux, but are holding back Linux deployment into the mainstream because the operating system does not have the solution stack that they were expecting
This is probably somewhat true in both the desktop and for general (business) application services. But both of these are changing rapidly. Many smaller enterprises now feel that OpenOffice is adequate for their word processing and other office needs. Many business service applications are now becoming available for Linux when once they were Microsoft only.
...there is no single development environment for Linux as there is for Microsoft
"You say that like it is a bad thing." Developers and shops have their choice of tools and can use those which best fit their needs ... and the resulting code usually works on any Linux platform where the requirements are met. And often for various flavors of windows with the appropriate libraries installed as well. In actual fact the quote is not even true for the Microsoft platform
as while Visual Studio is by far the most common development environment there are plenty of shops which use Borland and IBM's tools by preference.
In the large, this is mostly FUD, pure and simple. There are a few legitimate criticisms as per the single sign-on comment, but part of that problem is the diversity of Linux/unix services and another large part is deliberate obstructionism by Microsoft. Kerberos and LDAP fulfill part of that need and that will grow as services mature. In the meantime Novell is offering its solution for directory services. Time, maturity and the growing demand for open standardized formats and protocols will allay these problems.
Mr. McGrath your time on the wheel is over. Next hamster, please.
------------------
Copyright 2005 by Terrence W. Zellers. This article is licensed under the Creative Commons/Attribution-ShareAlike 2.0 License
|