Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Microsoft Operating Systems Security Software Windows

Microsoft Raises Security Game, Notes Shortcomings Elsewhere 490

LMCBoy writes "Steve Ballmer recently told an industry conference that Microsoft software is more secure than Linux. PJ at Groklaw has a nice, thorough analysis of this dubious claim. She points out that not only are there vastly more Microsoft exploits reported, but that the exploits tend to be much more severe, involving remote administrator access." In related news, mhesseltine writes "According to an article from the Washington Post, in an unusually ironic twist, Microsoft has started talking smack about their own products, instead of those of their competitors. Bill Gates said of Office 'it's too hard to find things in e-mail' and described some features of Word as 'clunky.'"
This discussion has been archived. No new comments can be posted.

Microsoft Raises Security Game, Notes Shortcomings Elsewhere

Comments Filter:
  • Really? (Score:4, Insightful)

    by DAldredge ( 2353 ) <SlashdotEmail@GMail.Com> on Wednesday October 22, 2003 @03:48PM (#7284284) Journal
    Do you think it could POSSIBLE be due to the fact that Office 2003 just came out and the need to find a reason to get people to buy it?

    "Bill Gates said of Office 'it's too hard to find things in e-mail' and described some features of Word as 'clunky.'""

    • Re:Really? (Score:5, Funny)

      by digital bath ( 650895 ) on Wednesday October 22, 2003 @03:57PM (#7284382) Homepage
      Maybe he was talking about clippy. I bet clippy haunts old Bill's dreams at night.

      Bill: "WHY oh WHY did I ask for an animated paperclip????"
      Clippy: "It looks like you're suffering from a nervous breakdown. Press F2 for synonyms of 'nervous breakdown'."

      Clunkiest 'bug' I've ever seen in office.
    • Re:Really? (Score:5, Insightful)

      by Rary ( 566291 ) on Wednesday October 22, 2003 @04:16PM (#7284608)
      Precisely.

      This is nothing new. Remember when Windows 2000 came out, and magazines were filled with all those Microsoft ads making fun of the Windows 98 BSOD?

      They trashed Win98 to sell Win2K. Why wouldn't they trash Office2K/XP to sell Office03?

    • Re:Really? (Score:4, Funny)

      by Cylix ( 55374 ) * on Wednesday October 22, 2003 @04:29PM (#7284719) Homepage Journal
      It's Official...

      Steve and Bill are high on life per say. If you can call high on life smoking dubious amounts of crack-cocaine.

      In the twisted ramblings of these two mad men there is a rhyme to their reason. It is just unfortunate that to discern their meanings you must be "in the zone."

      Thus, Bill and Steve reached an agreeement they would be bundling crack with windows 2003 family edition.

      Bill and Steve could not be reached for comment, but a spokesperson for Microsoft said they were all really buzzing with these new enhancements to the windows product line.

  • by Realistic_Dragon ( 655151 ) on Wednesday October 22, 2003 @03:50PM (#7284302) Homepage
    When the version of Linux is Lindows and it's adminstered by a monkey who leave it lying around a student lab logged in as root.

    On a more serious note, securit depends more on the person administering it than the software itself up to a point. Sure you _can_ leave yourself wide open on Linux as well as on Windows, it's just that on Windows it's much easier (eg using OE or IE or not turning off messaging services or RPC) compared to Linux (installing something compromised or bad physical security).
  • by pheared ( 446683 ) <kevin.pheared@net> on Wednesday October 22, 2003 @03:50PM (#7284304) Homepage
    Microsoft has started talking smack about their own products, instead of those of their competitors

    I guess when you are so proficient at talking smack you are likely to hit one of your own at some point.
    • taking smack. Mainlining, that is. That's the only explanation for the numbers in his "analysis" (emphasis on the anal) of the comparative security of Windows vs. Linux.

      Doesn't he realize that taking all that smack will just ruin his dancing career?

  • Early versions... (Score:2, Interesting)

    by exi7 ( 315026 )
    Don't cream in your pants just yet... Gates actually "described early versions of the Word text-processing program as "clunky."
  • Well... (Score:3, Interesting)

    by Sir Haxalot ( 693401 ) on Wednesday October 22, 2003 @03:51PM (#7284319)
    I've had to download 5 updates in the last 3 days, so it must be getting safer, but one assumes if you're constantly downloading security patches there's got to be something insecure about it...
  • Clunky... (Score:5, Funny)

    by daeley ( 126313 ) * on Wednesday October 22, 2003 @03:52PM (#7284321) Homepage
    Of course the clunkiest feature of Office is the part where you have pay several hundred dollars for it. I wish they'd get that bug ironed out already.
    • No. It's the EULA. That's the feature of MSOffice/MSWind that caused me to switch to Linux. And that was back when the EULAs were, relative to today, friendly.

    • But getting fixes is like getting your money worth!

      Think about it this way.
      If you used Windows Update and went to windowsupdate.microsoft.com every week to find NO UPDATES! how pissed would you be?

      Now, I go to windowsupdate and find an update for IE, a DirectX update, new sound card driver, oh Windows Media Player9....
      I feel like I am getting my Win XP license worth!

      Same thing applies to cars.
      I want a car that is inexpensive, reliable, that
      runs well and gets good mileage.

      So I chose to buy a 93 Ford Fies
  • by grasshoppa ( 657393 ) * on Wednesday October 22, 2003 @03:52PM (#7284322) Homepage
    Wednesday, October 22 2003 @ 06:44 AM EDT

    You know I couldn't resist covering this story. Microsoft's Steve Ballmer picked up his glove and slapped Linux across the face in a speech given at an industry conference thrown by...who else, Gartner?

    In his speech, he said some peculiar things about security:

    "Ballmer ... disputed the notion that open-source code is more secure than Windows. 'The data doesn't jibe with that. In the first 150 days after the release of Windows 2000, there were 17 critical vulnerabilities. For Windows Server 2003 there were four. For Red Hat (Linux) 6, they were five to ten times higher,' he said.

    "'The vulnerabilities are there. The fact that someone in China in the middle of the night patched it--there is nothing that says integrity will come out of that process. We have a process that will lead to sustainable level of quality. Not saying we are the cat's meow here--I'm saying it is absolutely not good reasoning to think you will get better quality out of Linux.'"

    Ballmer's being a naughty boy again. China indeed. "In the middle of the night." Trying to frighten the children with overtones. And playing with numbers. What year is it again? Red Hat 6? Pardon me for pointing it out, but they are up to 9 now. He's choosing a 150-day period from back in the day -- and I wonder how long it took to pick the best segment of time to use -- and using that for comparison? There is a lot that can be said about this, but it's not really necessary to do any research on this sad subject, I don't think. Everyone on a Windows box just went through the worst summer and fall of security issues of all time. They already know he's just ...well, what would be the precise word here? You hate to say lying. It's so cold.

    However, let's do a little research, just for fun.

    Judge for yourself which operating system is more vulnerable to security problems by going down the list on CERT's Incident Notes page. It goes back to 1998. And here is their Current Activity page. It's almost all Microsoft issues. Here's their Vulnerabilities Notes page. It's all Microsoft, except for one, which isn't Linux. Here is their most recent quarterly summary. And after you look at all the data, what do you think now? Was Mr. Ballmer accurate? The only way I could find Linux prominently on any list was to type it into the Customized Search engine by itself on this page , and then when you get to the list, it's a list for all vulnerabilities of all the distributions of Linux, not just Red Hat. I couldn't find anything equivalent to Microsoft announcing a vulnerability and then saying there was no patch and you should just shut that particular functionality down. Ballmer said there were 17 critical vulnerabilities in Windows 2000 in the 150-day period and that Red Hat had considerably more. But look at the list: it shows only 16 vulnerabilities for all flavors of Linux for the entire year of 2000. CERT only lists the big ones, but Ballmer did say "critical". It makes you wonder where he got his numbers from or how he defines "critical".

    Funny he would choose such an old time period, don't you think, for his comparison? Maybe it's because looking at July through October of this year would be devastating? I see only two Linux vulnerabilities on the list for that time period, both buffer overflow vulnerabilities, so evidently there has been considerable improvement on the Linux side.

    Look at what could happen to you on a Windows box in the first two weeks of September 2003, though, just using a handful of the many recent vulnerabilities here and here and here and here and here and here and here. I didn't include July and August or October or the rest of September, out of kindness. Now, what Mr. Ballmer needs to do is show me anything like that kind of news coverage of security vulnerabilities in GNU/Linux, for any two week period. And speaking of critical, look at what the results could be from the Windows security issues:

    "'An att
  • FUD. (Score:5, Insightful)

    by Eric_Cartman_South_P ( 594330 ) on Wednesday October 22, 2003 @03:52PM (#7284324)
    Even if the shit MS is shoveling was true, which it isn't, I'd rather have a system with 100 security holes a year that all get fixed in hours (think *BSD, Linux, and with a sprinkle of extra time even MasOS X) than a system with 10 security holes a year that get patched months later if at all (think Windowe).

    • Re:FUD. (Score:2, Insightful)

      by Anonymous Coward
      Everyone hates Microsoft because they release patches with inadequate QA that break certain configurations.

      On the other hand, everyone loves Open Source because they release 0-day security patches that have had no QA whatsoever.
      • Everyone hates Microsoft because they release patches with inadequate QA that break certain configurations.

        True

        On the other hand, everyone loves Open Source because they release 0-day security patches that have had no QA whatsoever.

        Yet... even without a 45-day formal QA process, those 0-day patches almost never break anything. Somehow, these OSS developers can close a security hole without breaking anything else, and they can generally do it within hours of the time the defect comes to their attent

        • Re:FUD. (Score:5, Insightful)

          by jridley ( 9305 ) on Wednesday October 22, 2003 @04:47PM (#7284887)
          I believe that this is a result of design. If you have a well designed system, then a vulnerability is probably a result of a simple programming flaw. Fixing such problems is usually just a matter of changing a few lines of code, or at most perhaps adding a layer of error checking.

          If you have a system designed like a Big Ball of Mud [laputan.org], then a vulnerability is likely to be the result of unanticipated interactions between different modules. When you try to fix that, then you are just changing to a different set of unanticipated interactions. Fixing such systems often involves making sweeping changes across all of the modules that you can think of that interact with the problem module.

          It's not surprising that "fixing" something in such a system breaks other things. All you can hope for is that you break less than you fix, and the breaks won't be discovered for a while.
  • Since the sources to windows are not open, it would be most likely to have the fewest discovered security holes. Programs like OpenSSH and the Linux kernel itself (and many others) has sources available which makes it easier to locate the security holes but then again they are fixed quicker.

    Now, since this isn't even true (according to PJ at Groklaw), we can only imaging how much more there is in Microsoft Windows.
  • by stratjakt ( 596332 ) on Wednesday October 22, 2003 @03:55PM (#7284356) Journal
    Gates highlights improvements in Office 2003 over Office 2000 during the product launch!

    It's arma-fucking-geddon!
  • of course! (Score:5, Funny)

    by gTsiros ( 205624 ) on Wednesday October 22, 2003 @03:55PM (#7284358)
    The programs we sell right now are not any good!

    So, as soon as the next version comes out, buy it! We will have everything fixed, honest!
  • by morven2 ( 5718 ) * on Wednesday October 22, 2003 @03:55PM (#7284359)
    Ballmer states that there's "nobody who has his rear end on the line" with Linux.

    I posit that Linux developers have something rather important on the line; their reputations, professional and personal. When you ship open-source code, you are showing the world how good, or how bad, you are. Your reputation can be made or broken by the code you release.

    Contrast that with all too many developers in commercial shops, whose code is read by nobody but their immediate co-workers and nobody takes responsibility for bugs.

    If Microsoft employees' asses are on the line, show me a firing or two every time a security hole shows up. And not just the line programmers; bring me the heads of the designers who designed things badly, the project managers who made hitting deadline more important than getting it right, and the managers who let it all happen.

    I would say that in the vast majority of cases, commercial programmers' asses are NOT on the line, in terms of security problems. As long as you crank out code fast enough to keep up with your co-workers ...
    • by Rombuu ( 22914 ) on Wednesday October 22, 2003 @04:10PM (#7284545)
      Yeah, that's why all the Bind and Sendmail authors were rounded up and shot year ago.
    • by OglinTatas ( 710589 ) on Wednesday October 22, 2003 @04:25PM (#7284683)
      And who's ass is on the line when the EULA states that microsoft is not responsible for its own products?

      YOU are entirely responsible. Talk to your reseller for support, and if things break to an extent your business is damaged, don't expect more than a refund of the purchase price of the software. Same for open source, really. So what is Ballmer's point?

      to wit:

      " 5. PRODUCT SUPPORT. SOFTWARE support for the SOFTWARE is not provided by MS, Microsoft Corporation, or their affiliates or subsidiaries..."

      and:

      "EXCLUSION OF LIABILITY/DAMAGES. The following is without prejudice to any rights you may have at law which cannot legally be excluded or restricted. You acknowledge that no promise, representation, warranty or undertaking has been made or given by Manufacturer and/or Microsoft Corporation (or related company of either) to any person or company on its behalf in relation to the profitability of or any other consequences or benefits to be obtained from the delivery or use of the SOFTWARE and any accompanying Microsoft hardware, software, manuals or written materials. You have relied upon your own skill and judgement in deciding to acquire the SOFTWARE and any accompanying hardware, manuals and written materials for use by you. Except as and to the extent provided in this agreement, neither Manufacturer and/or Microsoft Corporation (or related company of either) will in any circumstances be liable for any other damages whatsoever (including, without limitation, damages for loss of business, business interruption, loss of business information or other indirect or consequential loss) arising out of the use or inability to use or supply or non-supply of the SOFTWARE and any accompanying hardware and written materials. Manufacturer's and/or Microsoft Corporation (or related company of either) total liability under any provision of this agreement is in any case limited to the amount actually paid by you for the SOFTWARE and/or Microsoft hardware."

  • Well, DUH (Score:4, Funny)

    by JRHelgeson ( 576325 ) on Wednesday October 22, 2003 @03:55PM (#7284363) Homepage Journal
    Of Course Windows is more secure than linux, once you disconnect it from the network...
  • by Anonymous Coward on Wednesday October 22, 2003 @03:56PM (#7284372)
    Ballsack^H^H^H^Hmer said: "The data doesn't jibe with that. In the first 150 days after the release of Windows 2000, there were 17 critical vulnerabilities. For Windows Server 2003 there were four. For Red Hat (Linux) 6, they were five to ten times higher"

    Why don't we compare Windows Server 2003 to RedHat Enterprise v3? Or Windows 2000 to RedHat 9? RedHat 6? That's what, 3-4 years old now!

    And don't make me bring up WinME, Steverino.
  • by Coryoth ( 254751 ) on Wednesday October 22, 2003 @03:56PM (#7284374) Homepage Journal
    "There is no road map for Linux, nobody who has his rear end on the line. We think it's an advantage a commercial company can bring--we provide a road map, indemnify customers. They know where to send e-mail." Steve Ballmer said. He neglected to add "It's not like we read that email, but at least you know where they can stick it - sorry, I mean send it", but was clearly thinking it.
  • by Lord Grey ( 463613 ) * on Wednesday October 22, 2003 @03:56PM (#7284376)
    From the Groklaw article, quoting Steve Ballmer:
    "Should there be a reason to believe that code that comes from a variety of people around the world would be higher-quality than from people who do it professionally? ..."
    Why, yes there is, Mr. Ballmer. Among other reasons, there's vastly more people looking at the code and none of them having marketing directors breathing down their necks. Many more reasons, stated by many different people, can be found via Google in five minutes.
    "Why is its pedigree better than code done in a controlled fashion? I don't get that,' he said."
    You've just stated something that everyone knew long ago.
    "There is no road map for Linux, nobody who has his rear end on the line. We think it's an advantage a commercial company can bring--we provide a road map, indemnify customers. They know where to send e-mail. None of that is true in the other world. So far, I think our model works pretty well."
    Roadmaps make good software? Email answered by overworked and underpaid contractors make good software? Indemnification makes a Microsoft OS-based computer more secure, perhaps?

    No, no and no.

    • by Groo Wanderer ( 180806 ) <charlie&semiaccurate,com> on Wednesday October 22, 2003 @04:13PM (#7284569) Homepage
      There is one thing most people don't realize about the Young Frankenstein monster's attacks on linux, they are not off the cuff responses. MS does rather carefull studies on what 'resonates' with CxO level buyers and attacks on that.

      The last one of these had IP issues being the most scary to buyers, so they went after that, about the time the whole SCO thing surfaced. Before that. there were other avenues.

      Since the whole IP liability issue is being handled rather deftly by the community, there is little to attack on anymore, so they went polling for the next round. The roadmap issue is the next 'attack point'.

      Things like that don't get made up, it is not a broad enough topic to have been picked out of thin air. Expect to see a lot more of this in the near future, and when it gets summarily shot down, they will pay polsters and move on to the next topic. Same old same old. *YAWN*.

      -Charlie
      • "MS does rather carefull studies on what 'resonates' with CxO level buyers and attacks on that."

        Yea but besides Microsoft press releases and MS's known lacky the Gartner Group where do you even here this crap anymore. I guess you could run your business by those few sources, but my hunch is most people don't anymore. Gartner itself has lost a lot of credibility in the last 5 years. Even most of the pro Microsoft rags I read say to take everything MS says with a grain of salt. They've all been burned by MS
    • "Should there be a reason to believe that code that comes from a variety of people around the world would be higher-quality than from people who do it professionally? ..."

      Linux people are geeks, that focus on technology (not even mentionning that they might be professionals themselves). Microsoft people are professionals, driven by marketing.
      Hence, from a technological standpoint, Linux/OSS is more likely to be/become superior than any Microsoft product.
      From a marketing standpoint, Microsoft will always
  • Unfortunately, this sort of thing is geared at the technologically inert investors. If an investor reads an article that says "Microsoft is more secure," how would they know the validity of the claim? I'd wager most don't read Slashdot, nor are concerned with any more objective tech site, and will happily sink their money into whatever marketing tells them. Of course Microsoft is the most secure thing out there if you don't look at or ignore figures presented by those who know better.
  • Please explain to me how this obvious marketing technique (giving reason to why an upgrade to an word processor is needed so often) is "Ironic".

    Pretty please.
  • by 4of12 ( 97621 ) on Wednesday October 22, 2003 @03:59PM (#7284414) Homepage Journal

    unusually ironic twist, Microsoft has started talking smack about their own products,

    When you get into the big leagues, a league of your own, a world of your own, then the only critic you can accept is yourself.

    Because, after all, everyone else is incompetent, a sniping dog of a rival, etc., or they wouldn't be as successful as us!

    A consistent attitude from a company that brings us Innovation through embrace, extend and extinguish.


  • War is Peace
    Freedom Is Slavery
    Ignorance Is Strength
    Windows Is Good

  • I'll bet a few bucks that it does not allow customers to "indemnify" MS in any manner that the agreement could possibly defend against in a court of law, and a few that it couldn't, just for good measure.
    • Microsoft's and its suppliers' entire liability and your exclusive remedy shall be, at Microsoft's option, (a) return of price paid, or (b) repair or replacement of the SOFTWARE PRODUCT or hardware that does not meet Microsoft's Limited Warranty [note - 90 days] and which is returned to Microsoft with a copy of your receipt...
  • by swordgeek ( 112599 ) on Wednesday October 22, 2003 @04:01PM (#7284439) Journal
    "It's too hard to find things in e-mail." translation: "We're going to start the murmurings now for a proprietary database-backed email system, from back end to user interface."

    By making comments like this now, Bill will have leverage against the DoJ when they bring up the spectre of the anti-trust settlement. "It's a necessary feature--we recognised that back in 2003."

  • A brief summary (Score:3, Insightful)

    by banky ( 9941 ) <gregg AT neurobashing DOT com> on Wednesday October 22, 2003 @04:01PM (#7284440) Homepage Journal
    1. Microsoft now has to spend as much of its time competing against itself as it does everyone else. (Quote: "With each version of Office it gets harder for Microsoft to move customers up," said Michael A. Silver, vice president and research director at the research and advisory firm Gartner Inc.)

    DUH. Pretty much everyone admits this. If they never EOL'd anything, people would probably just stay on NT4 with Office 97 (assuming it works for them).

    2. Microsoft thinks it offers more advanced, and usually better products, and offers metrics to prove those points.

    DUH. In other news, Linux organizations (along with "grass-roots" sites like Slashdot) offer counter-points and different metrics of performance, value, and success.

    In 10 words or less, "Microsoft practices marketing, others offer rebuttal."

    How's the new Office if you're a home user with small email volume? Is it a compelling upgrade?
  • Clunky (Score:3, Informative)

    by Anonymous Coward on Wednesday October 22, 2003 @04:01PM (#7284441)

    ...described some features of Word as 'clunky.'"

    I guess that's what happens when you bloat Office up with pinball games [eggheaven2000.com], flight simluators [eggheaven2000.com] and 3D Doom clones [eggheaven2000.com].

  • "it's too hard to find things in e-mail"

    He seems to have lost all the loving emails darling Darl sent him :'(

    My heart cries out for him *sniff*

  • by Coryoth ( 254751 ) on Wednesday October 22, 2003 @04:03PM (#7284460) Homepage Journal
    "Should there be a reason to believe that code that comes from a variety of people around the world would be higher-quality than from people who do it professionally? Why is its pedigree better than code done in a controlled fashion? I don't get that,"

    I can see that: random security modules being submitted by guys at NSA. I mean really, what does the NSA know about computer security? Clearly the MS campus is streets ahead of those unprofessional losers...

    Jedidiah
  • Hmm (Score:3, Insightful)

    by NanoGator ( 522640 ) on Wednesday October 22, 2003 @04:04PM (#7284472) Homepage Journal
    "Steve Ballmer recently told an industry conference that Microsoft software is more secure than Linux"

    Ballmer did make a questionable claim, but the submitter of this story made it more general than it really was.

    "Ballmer also disputed the notion that open-source code is more secure than Windows. "The data doesn't jibe with that. In the first 150 days after the release of Windows 2000, there were 17 critical vulnerabilities. For Windows Server 2003 there were four. For Red Hat (Linux) 6, they were five to ten times higher," he said."


    In other words, he didn't say Microsoft Software (people start imagining IE, Outlook, etc...) in general is more secure than Linux, he said Windows 2000 and 2003 had fewer 'critical vulernabilities' than Redhat 6.

    Now, I'm not defending Ballmer here, but I do wish story submitters would chill on the flame-bait headlines.

    Now, with that aside, here's a few things wrong with that statement:

    - One of those 'critical vulnerabilities' in Windows 2000 facilitated a very wide spread attack, something that hasn't happened with Linux.

    - Redhat is up to what.. 9 now? Redhat 6 is going back at least a couple of years. It's disappointing that he didn't pick a more recent version of Redhat. Something tells me that their numbers for critical issues wasn't so interesting.

    - The number of security issues is not a very good measure of security. Though it sounds great for the PHB's out there, but it is well documented that Microsoft's foundation is, in general not very secure. Those critical vulnerabilities are going to do more damage on a Microsoft Platform than a Linux based one.

    So, to summarize: Ballmer's full of shit and the authors need to be more responsible in their reporting, especially when sites can be Slashdotted.
  • anyone else tired? (Score:3, Interesting)

    by EZmagz ( 538905 ) on Wednesday October 22, 2003 @04:05PM (#7284479) Homepage
    Seriously, is anyone else tired of hearing MS trying to pass the buck when it comes to their products? I've just about stopped listening to all of these self-promoting bullshit campaigns. Honestly, is this getting tiring to anyone else?

    One of the biggest issues is that rarely do these claims stack up comparable products. I was just reading the claim by Balmer saying Win2K is more secure (i.e., less patches) than RedHat 6.2, IIRC. Compare the kinds of vulnerabilities Balmer was referring to: in MS, there were a ton of holes that were rooted into the OS, making the whole system vulnerable (in general). In RH, many of the patches were for apps and tools that aren't installed automatically. Sure, your SSL-secured dildo-plus-IM app might have a hole in it, but it's probably not installed by default. Compare that to everyone's favorite RPC hole, or IE hole, found in EVERY version of Windows 2000.

    Fuck it, not worth my time. I'm not a anti-MS zealot by any means, but it's time to /ignore what some of the annoying corporate PR trolls are screaming. If you want to get my attention, get an independent 3rd party (no, Gartner DOESN'T count) to show me some results and back them up with meaningful data.

  • Talking to Congress (Score:5, Informative)

    by sphealey ( 2855 ) * on Wednesday October 22, 2003 @04:05PM (#7284480)
    A comment on Groklaw (which I cannot find at the moment) made the point that Ballmer is probably talking to Congress: he is angling for a bill outlawing the GPL. Which I agree is a strong possibility.

    sPh

    • Talking to Jack (Score:3, Interesting)

      by twitter ( 104583 )
      While Steve Baller is trying to outlaw the GPL, Bill Gates is doing the same for Competion in general. After that they will work on a bill to outlaw free speech.

      It's really that stupid. You can't kill the GPL without gutting copyright law. The GPL is a license that is much less restrictive than ordinary copyright. Ordinary copyright forbids copy without the permision of the owner. The GPL has conditions of copy so that permision does not have to be asked. The strength of the GPL is based on the stren

      • Re:Talking to Jack (Score:3, Insightful)

        by sphealey ( 2855 ) *

        While Steve Baller is trying to outlaw the GPL, Bill Gates is doing the same for Competion in general. After that they will work on a bill to outlaw free speech.

        RIAA and MPAA are definately working on outlawing various forms of free speech, so that one is covered. And the so-called "penalty" phase of the Microsoft anti-trust trial would seem to indicate that Microsoft has quite a bit of control over what is and is not considered competition at the Federal level. I realize you meant to be sarcastic, but

  • by FunWithHeadlines ( 644929 ) on Wednesday October 22, 2003 @04:05PM (#7284488) Homepage
    Oh boy, this is too easy to dissect such naked, false, and desperate Microsoft FUD:

    "There is no road map for Linux, nobody who has his rear end on the line."

    Quick, alert Linus and the rest of the kernel maintainers and planners. Also, better not spread around the road map for Linux so Ballmer won't look like a fool.

    " We think it's an advantage a commercial company can bring--we provide a road map, indemnify customers."

    ROFL! Indemnify?! Ever read a Microsoft EULA? You're on your own, buddy. How stupid does he think people are? Never mind, don't answer that...

    " They know where to send e-mail. "

    Oh, puleeeze! Ever try to complain to Microsoft about a bug in their software? Now, take that to the next level. Ever try to complain to one of their software developers about a bug in the particular software they wrote? What's that? You have no idea who wrote that piece of software? And you have no way of finding out? So tell me again where the accountability is.

    "None of that is true in the other world. "

    Uh, precisely the opposite of what you said, but thanks for playing anyway. Tell Steve what he's won. Seriously, it really is just the opposite. Linux code comes with people's name on it. You want accountability? Put your name on software used by millions and put it out into the world to be dissected.

    "So far, I think our model works pretty well,"

    (Wiping the tears from my face while I shake with laughter) If the current mess of the state of Windows is his idea of things working "pretty well," oh never mind...This speech sure wasn't directed at the cluefull.

    That means, of course, that most reporters will report it verbatim and at face value. *sigh*

    • Yes, I tried to complain to Microsoft about a bug in their software. As a developer of a web-app we came across a limitation in IE, whereby when writing via javascript to the page body of a newly opened window, if those instructures referenced the loading of an external CSS or JavaScript file, the whole mess would lock up and foobar the browser. But only if ActiveDesktop was on, which at that point was a default setting for new installations (and everyone here knows what that means).

      'Twas my job to isolat
  • If you do a lookup of Linux versus Microsoft, the numbers tend toward what he is saying. Does it count against MS if a third party vendor's product is compromised? No. But it does appear to count against Linux.

    However, the fact that it is a very misleading statement gives Steve his sound bite "Linux less secure." Well, they cannot claim it if it isn't true and if it is true then we can be sure we want MS products right? Yeah!

    Except, this is not what he said. He lead everyone down the path and then
  • things in e-mail'
    Imagine how much spam is in his inbox???
  • Finally... (Score:3, Funny)

    by no reason to be here ( 218628 ) on Wednesday October 22, 2003 @04:08PM (#7284522) Homepage
    in an unusually ironic twist, Microsoft has started talking smack about their own products

    finally microsoft does something innovative.
  • All this article shows is that a thorough analysis is hard, if not impossible. The author goes on with lots of anecdotes and a little searching on CERT. He/she didn't bother to look at Redhat's vulnerability list.

    But even doing that, one get's into endless arguments about vulnerabilities in an OS vs. a distribution, severity of vulnerabilities, and whether they are exploitable at the time of the fix.

    Also, the author rhetorically asks about a period in Linux as bad as last month for vulnerabilities. I do

  • I came across this company [mi2g.com], who claim in their FAQ [mi2g.com]:

    "Which Operating Systems are most vulnerable to digital attacks?"

    "Based on the information garnered through SIPS in August 2003 for twelve trailing months, Linux is the most breached operating system followed by Microsoft Windows."

    "For the twelve trailing months as of September 2003, 59.2% of all overt digital attacks were on systems running Linux and 20.8% were on systems running Windows."

    They define 'overt digital attacks' as active hacks conducted by

  • We think it's an advantage a commercial company can bring--we provide a road map, indemnify customers. They know where to send e-mail.

    Indemnity, right - nice word. From what, and for who? The EULA on pretty much all software disclaims any responsibility on the part of the vendor for damages suffered as a result of using the software. Plenty of MS customers have suffered damage from MS software and so far as I know Microsoft did nothing to indemnify any of them.

  • not only are there vastly more Microsoft exploits reported, but that the exploits tend to be much more severe, involving remote administrator access."

    And most MS patches require a reboot after patching, making mass patching of production servers an agonizing experinece. Most of the Linux vulns are in programs where you just replace the progam files and maybe stop and restart a service.

  • by HarveyBirdman ( 627248 ) on Wednesday October 22, 2003 @04:15PM (#7284597) Journal
    "Windows is also the most beautiful interface on God's Green Earth, dammit!" shouted a sweaty and flatulent Ballmer at a press conference in an abandoned carnival outside of Twentynine Palms, California. "You should count yourselves blessed to have access to such heart-rending wonderment. I mean, look at those stately gray buttons. Look at them!"

    Ballmer proceeded to point at the thin air next to him for three minutes while muttering what sounded like 'their little pig eyes they bore into my soul like dirty knives' and scanning the audience.

    "What about the security issues?" asked Jayson Blair, cub reporter for D-Cup Magazine.

    "And those button bars with the sometimes incomprehensible tiny icons. Those are works of art!" cried Ballmer. "If you can't understand what one means, you are nothing more than an animal. An animal, I tell you! Do you hear? An animal who sleeps in his own wastes and eats his own children! Die!"

    "Do you have any data to back up your claim of being more secure than Linux?" asked Asian reporter Trish Takinawa of Channel 104 Public Access in Parumph, Nevada.

    "Data!" thundered Ballmer. "We're freaking Microsoft, toots! We don't need any stinking dat-"

    Ha ha! This has gone far enough!" said a swarthy man in ninja clothing from the back of the crowd as he leapt up onto a dusty platform festooned with tattered remnants of long dead happiness.

    "So! Phil Schiller. Head of Marketing at Apple Computer," Ballmer said. "I wondered when we'd meet again."

    "And it is as I said, ha-ha, at a time and place of my design, ha-ha!" heckled Schiller has he drew his adamantine katana from it's sheath. Gold plated depleted uranium throwing stars twinkled and glistened with righteousness in his other hand.

    Strange alien devices began to scuttle threatingly from Ballmer's massive pores. They dripped with sweat. The sweat hit the floor and burned little holes.

    Reporters scattered in a storm of makeup and microphone cable. Somewhere, a bird of prey cried out. A baby cried. Someone broke Godwin's law for the 5000th time that day. An charmed quark spontaneously appeared, but only briefly.

    Schiller's bright eyes started down the angry monkey eyes of his eternal nemesis, and the world held it's breath...

  • unusually ironic twist, Microsoft has started talking smack about their own products,

    Enter Steve Ballmer standing in front of a black background:

    "Windows Server 2003...It's how the last place you'd go for an OS will be come the first."

  • Maybe if they spent as much time fixing their products as they did FUDing opensource there wouldn't be so many "Worms of the Week".

    Christ what kind of messages do they think this sends? The more they talk about linux and opensource the more companies become aware as a viable option and realize that Microsoft is seriously shitting its pants. From a PR standpoint this is a disaster. This isn't 1996 when there was no Google and you couldn't do your own research. Anyone with half a brain and five minutes can e
  • Here are more thoughts [ufies.org] from a friend of mine and security expert.
  • From Groklaw:

    Ballmer said there were 17 critical vulnerabilities in Windows 2000 in the 150-day period and that Red Hat had considerably more. But look at the list: it shows only 16 vulnerabilities for all flavors of Linux for the entire year of 2000. CERT only lists the big ones, but Ballmer did say "critical". It makes you wonder where he got his numbers from or how he defines "critical".

    My guess is that "critical" for Windows is anything that allows a remote root via core windows stuff. "Critical" f
  • "The Microsoft chief executive also contrasted the quality of software that's produced by commercial makers to that of software that's developed under the open-source model. 'Should there be a reason to believe that code that comes from a variety of people around the world would be higher-quality than from people who do it professionally? Why is its pedigree better than code done in a controlled fashion? I don't get that,' he said.

    "'There is no road map for Linux, nobody who has his rear end on the line.

  • Jesus Christ (Score:2, Insightful)

    by ryantate ( 97606 )
    You know what other game is being raised? Slashdot's masturbatory anti-Microsoft jihad posts. Just yesterday morning [slashdot.org] Slashdot had four Microsoft-borg-logoed stories, with only one other post breaking them up, all posted in the span of three and a half hours. I am glad to see the bashing has not let up today.

    These threads invariably involve, at the top mod levels, derogatory comments about the quality of Microsoft code and products, conspiracy theories about the true motives behind Microsofts intentions (al
  • Nothing but the damn liar. That's what Ballmer is. However, there's not much left for them but lies. They know they're in trouble and they know exactly how many bilions of dollars are they going to be short in revenues over the next 2-5 years.
  • It's not ironic (Score:3, Insightful)

    by tmark ( 230091 ) on Wednesday October 22, 2003 @04:36PM (#7284776)
    in an unusually ironic twist, Microsoft has started talking smack about their own products, instead of those of their competitors.

    It's not ironic, because Microsoft stands to suffer nothing by pointing out problems with Outlook. And that is because 1) it is still probably the most widely used email program, 2) there are no real significant challenges or competitors to Outlook (or Excel, or Word) out there, and 3) the problems BG is pointing out are relatively trivial and plague every other email program anyways. So MS can make these kinds of knocks on their products as much as they want...they just can't knock Windows.

    And, as someone else has already pointed out, it always helps to sell new product. Doesn't almost every new feature set in any product imply there was something wrong with the previous versions ?
  • by Geek of Tech ( 678002 ) on Wednesday October 22, 2003 @05:18PM (#7285166) Homepage Journal
    > "'There is no road map for Linux, nobody who has his rear end on the line. We think it's an advantage a commercial company can bring--we provide a road map, indemnify customers. They know where to send e-mail.

    Besides, even if they don't know where to send the email, I'm sure SoBig does.

  • by bergeron76 ( 176351 ) * on Wednesday October 22, 2003 @07:49PM (#7286377) Homepage
    Obviously, when you're a monopoly and you want people to believe in your company you're going to say, "We know all of our shortcomings and our only goal is fixing them".

    However, if you're the _underdog_, you're NOT going to put the focus on your flaws. But, if you're the only bully on the block and everyone hates you for it, you're going to play the symphathy role: "My parents beat me into beating you".

    Yeah right.

    Fool me once, shame on you. Fool me twice, shame on me.

  • by Ridgelift ( 228977 ) on Wednesday October 22, 2003 @09:29PM (#7287107)
    "With each version of Office it gets harder for Microsoft to move customers up," said Michael A. Silver, vice president and research director at the research and advisory firm Gartner Inc.

    Therein lies the devil, ladies and gentlemen. Microsoft had the victory, but has no other business model than to sell Windows and Office (all other products fail to generate enough revenue to sustain the company). They have failed to move people over to a continuing license model, and with Linux slowly moving across the landscape like a juggernaut, Linux and products like Open Office will be "good enough" for Joe User and Ma & Pa Small Business. If Microsoft cannot come up with other solid revenues other than Windows and Office, they will lose.

    Torvalds was right: "We want to take over the world but we don't have to do it by tomorrow - its OK to do it by next week, or even next month" [cw.com.hk]

A Fortran compiler is the hobgoblin of little minis.

Working...