The rivalry between Microsoft Windows and Linux comes down to the basic question of whom customers should trust, according to Microsoft CEO Steve Ballmer. Ballmer on Tuesday acknowledged Microsoft turned its focus to matters such as patch management "probably later than we should have," but claimed that Microsoft has made dramatic strides in its Trustworthy Computing efforts, while users can question the quality of Linux security patches. Ballmer made his comments during an executive interview before about 3,000 IT managers at the Gartner Symposium ITxpo.
What sets Windows apart from Linux in terms of development, security and patching, Ballmer said, is that Microsoft has an infrastructure that takes responsibility for Windows. "There's no roadmap for Linux. Nobody is held accountable for security problems with Linux." Noting that Microsoft has professional developers working with a common methodology, he said, "Should there be a reason to believe that code that comes from a variety of people, unknown from around the world, should be somehow of higher quality than that from people who get paid to do it professionally? "There's no reason to believe it would be of higher quality. I'm not necessarily claiming it should be of worse quality, but why should code submitted randomly by some hacker in China and distributed by some open source project, why is that, by definition, better?"
News source: Yahoo News!
What sets Windows apart from Linux in terms of development, security and patching, Ballmer said, is that Microsoft has an infrastructure that takes responsibility for Windows. "There's no roadmap for Linux. Nobody is held accountable for security problems with Linux." Noting that Microsoft has professional developers working with a common methodology, he said, "Should there be a reason to believe that code that comes from a variety of people, unknown from around the world, should be somehow of higher quality than that from people who get paid to do it professionally? "There's no reason to believe it would be of higher quality. I'm not necessarily claiming it should be of worse quality, but why should code submitted randomly by some hacker in China and distributed by some open source project, why is that, by definition, better?"
News source: Yahoo News!
so tell me why you belive i dont like neowin?
Keep at it, man. Eventually you'll be a role model for depressed people everywhere.
Last edited by 216 on 22 Oct 2003 - 00:13
Busted!
its called track record ballmer. when the only times the internet died was becuase of trusted professionally made microsoft software.
ballmer how did the internet became accepted and funded by congress? ill tell you hackers did this, they hacked into it and began exploring. so ballmer budddy get on your knees and thank god that your friendly hacker gave you so much.
That's fairly arrogant. Cisco has had its own share of vulnerabilities. So has Unix, in all flavors. It's called "denial of service", go look it up if you are not sure what it is. No matter what OS you use, DOS attacks are available, no matter how secure the environment is.
As for your other comments... no.
Also, knowledgeable people get to see exactly what is happening with the code they are running, they don't have to trust Mr Gates & his cronies that the code is as good as they say it is. Never take anything at face value, folks, didn't your parents teach you that?
Let me ask the question then -- why, if so many thousands (nay, millions) of Linux people are so in tune with the code, are we still getting standard application patches for Unix products at a rate that far exceeds the amount of Windows patches?
Absolute horsesh*t. Microsoft always listens to what our company has to say about their products, and they act on our feedback a lot.
Maybe it's because you show up to their campus with a gun in your hand and a tinfoil hat on your head.
The roadmap for Linux is on just about every PC in China.
can you explain this? i dont understand
who knows they love throwing terms around
Last edited by 10354 on 22 Oct 2003 - 07:20
I second that. Even our Linux gurus at work (who, I might add, HATE Windows NT/2000 and have an overall distaste for Microsoft) were impressed with the default security of WS2003. Needless to say, I puddin'd in my warez when I heard them say they liked it.
Yeah, they've sure been flat from the opening bell.
Besides, what the **** is that? One day's data is somehow supposed to be significant? Do you know anything about stocks?
but 'yousuc' says that Microsoft isn't accountable for security either because their have themselves covered in their EULA.
Which mind you, is probably the best and most intelligent comment in this whole news post because it's the truth.
On the other hand i believe MS also has a point in the fact of the matter that These people get PAID to do it so they must do it quick and must do it efficiently, they might not try it in everysingle piece of hardware available to the world BUT it is roll out ASAP and is guaranteed to work, if it doesnt work (like it has happened) MS still fixes it once again. Where as with linux these people are not gettin paid therefore people have to wait till someone decides to fix the problem and maybe have other people around the world help them out, or work individually. This makes the process in patching linux alittle more complicated for the fact of the matter that if someone in china is working on a patch that i need, or someone in russia, or spain, etc. how am i going to know when is going to be done, or where i can find it? google is a source but i dont believe it will find it as quick. So in my opinion i say good going for MS but the points that Ballmer makes are not as specific.
In my IT experience, I have had just the opposite problem. More often than not, I'm waiting on a fix for some problem I'm having with Linux. And Linux fixes are not fix-all, either, so let's not get into a debate about patch perfection.
[Edit: reworded because it sounded like I was making an argument I had no intention on presenting.]
Last edited by 11783 on 21 Oct 2003 - 21:30
Sure, Linux may have a patch out within minutes of a vulnerability. It may also hose your system too, seeing as it could have been written by anyone.
The difference isn't really that great. It takes about 3-4 weeks for both Linux and Microsoft to come out with a quality patch, usually. And both sides will give you patches if requested earlier. If you think that the only way to get patches out of MS is through Windows Update, you're sadly mistaken. I've called them up to report a problem and had a patch written for me specifically within hours. MS has a habit of only releasing publicly the tested patches.
EDIT: When I called I used the support that came with the product, not any premiere support of any kind. Just want to nip that in the bud.
Last edited by 24542 on 21 Oct 2003 - 23:08
"The difference isn't really that great. It takes about 3-4 weeks for both Linux and Microsoft to come out with a quality patch, usually. And both sides will give you patches if requested earlier."
In that case, what you are saying is that "code submitted randomly by some hacker in China" is of no lower quality than "from people who get paid to do it professionally". That's not a very positive sign for those professionals that Microsoft hire - they'd be just as well off having their code written by "hackers in China".
How is that any different on Unix or MS? It isn't, except that the code tree is internal in MS, and the patches are released on request as opposed to constantly available. Coders are human, I don't expect one or the other to be perfect. I'm just saying the key point here is the QA/Testing process, as well as the patch availability.
yet in the last year we have seen expoits and re-exploit of the same exploits. "We rarely succed at something that is our top priority." is a much closer statement for ballmer to say..
Considering they had supposedly set the Redmond code monkeys hard at work, making security their 'number one priority' disasters like Blaster still somehow slipped through the net. And Blaster wasn't just a small exploit. It was pretty gargantuan.
Microsoft has an infrastructure that takes responsibility for Windows. "There's no roadmap for Linux. Nobody is held accountable for security problems with Linux."
And what is that supposed to mean? Microsoft are held accountable for their bugs, but what difference does that make to holding say Sendmail responsible when they have (yet another) big security bug, or when OpenSSH has a new exploit. A security hole is a security hole - who is accountable is regardless.
When exploits are announced for Linux products on the CERT mailing list, Red Hat normally mail me to let me know an update is available a couple of days later. In that respect, I am quite happy with the Linux security patching process.
I'm not really trying to start arguments (despite some people thinking I am a Linux zealot, I really am not.. I use Windows XP on my home desktop every day and would never dream of chopping it in for Linu
As for the implied remard that anyone (hacker, grandma, cat on keyboard) can tinker with the code, on the personal level that make be true, but to submit something into a controlled build, there are controls in place. Maybe opensource to MS really should mean "open mouth, insert foot"
Hey, the average Hacker Grandma or the random cat walking on a keyboard has as much chance of writing good code as Microsoft does!
When only one company write the code and hides the source you got to wait for them to issue a patch a patch for a flaw
so the fact of the matter is there is far fewer ppl that can issue a fix for a windows flaw then a linux flaw and linux didnt have near as many flaws to begin with
and every linux patch ive used has worked. something MS needs to figure out how to do
But history has told us that many people do not patch their systems. The patch for the Slammer worm was available months before it was exploited and the impact was still big because of unpatched systems. If flaws are exposed more easily with an open source system, then we should deter people who don't patch from using it.
Usually if you wait long enough, some other person will cash in and start selling patches or fixes. Not that I would recommend it or justify the responsibilities of the software vendor. In a sense, antivirus vendors and firewall vendors are in that business to make up for the poor security architectures of the OS. Also remember the numerous ads that advertise software to block those annoying Messenger popups on Windows XP just because Windows XP leaves a port open to the Internet. Microsoft may see that as a feature but I see it as a flaw.
This somewhat addresses the importance of "accountability" that Ballmer is talking about. Who is held accountable for developing the fixes on a linux system and making sure it works? If anyone and everyone is capable of developing a fix because it is open source, does that mean that everyone can be held accountable?
so your in favor of us sueing microsoft and making microsoft accountable for slamer and new expliots.
and about slammer the patch wasnt out for a months but a single month to 2 weeks which i was amazed it came out that quick.
Yes. And I'd be the first to sign up.
MS revels in mediocrity it seems.
DRM can suck it - no way I'm having that on my machine. Oh and managed code isn't necessary for security.
NGSCB and DRM will exist on every platform eventually. Get over it... seriously. You don't even know if I like or dislike DRM or NGSCB ... heck, I'm reserving my opinion. But all I know is this -- the people who adamantly opposed "windows product activation" were pirates, used to pirating Windows. Too freaking bad. This just ends up sounding like more stone throwing at the "shiny new thing". If you want free, take free, I don't care if Linux is your gig. But DRM and NGSCB is good for the industry. Frankly, when it all boils down to it, everyone wants to make a buck. You can't work around that fact, even when dealing with Linux.
Rant on and flame away...
"But all I know is this -- the people who adamantly opposed "windows product activation" were pirates, used to pirating Windows. Too freaking bad."
What a load of c**p! Honestly, if that's what you "know" then you know nothing. Pirates were no more nor no less opposed to WPA than anyone else! In fact they enjoyed finding ways around it, there were new and more advanced cracks available as time went by up to the point where the key generator was released which all but removed the need for the previous cracks. The pirates you speak of couln't care less about WPA as they are all using corporate keys that were leaked onto the net or that they generated themselves with the keygen.
Just because someone is opposed to DRM or even the idea of DRM doesn't make them a pirate or untrustworthy... it just means that they have reservations about it's use and control! You may think these reservations are unwarranted and that's fine, that's your view on it, but it doesn't mean that other aren't allowed to be opposed to DRM.
Gee, look where we are now. Piracy has nothing to do with it -- but basically the people who really opposed the technology were the ones unable to either buy the product, unwilling to buy the product, or unwilling/unable to get a hack. Show me one other good reason. At all.
DRM/NGSCB starts to sound really similar. I didn't mean to imply that any general dislike of DRM/NGSCB are basically pirates, it is the general "I won't buy product X because it incorporates technology Y" without a real knowledge of the technology or what it may or may not provide. And remember that when debating the subject, the biggest underlying fear presented by the arguers is that some people may actually (gasp) have to pay money for services that are provided with NGSCB technologies and vendors. Aka pirates.
Or they'll find a hack of course (if possible).
But the key points are that the technology is coming on all vendors OSs, and it's not nearly as bad as the anti-hype is making it out to be.
"Is it crap?"
What you said about pirates being the ones who were adamantly opposed to WPA is indeed crap.
"Finding ways around it doesn't negate it's usefulness -- if that were true why even complain in the first place?"
I wasn't talking about the usefulness of WPA, I was just referring to that one statement that you made. Do I personally think the WPS is useful? No I do not, everyone I knew that pirated Windows before is still pirating it just as easily. Those "casual copiers" that WPA is supposed to stop are using the same corporate keys as anyone else. But it wasn't just pirates that complained about WPA, and in the end they knew that it would be cracked/by-passed (which it was)!
The same complaints are being made about Norton's activation in their range of 2004 products - because people genuinely do not like activation - and it's not the pirates that are complaining as they have downloaded the key generator a long time ago to bypass the activation. (Just incase you think it's some anti-Microsoft movement that's causing all these complaints!)
How do you know? You're just assuming. I know at least five people who went back to 98 because XP was too much of a pain to pirate.