Microsoft prepares security assault on Linux
Posted by malebolgia on 11 November 2003 - 20:42 · 28 comments & 1371 views
About the Author
Full name: Unknown
Forum name:
malebolgia
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name:
malebolgiaContact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(8 replies)
#1 Posted by Q8Warlock on 11 Nov 2003 - 21:17
- They never seem to amaze me, MS always tries to compare others failures to it's own. I'm not saying Linux is like super secure, but to a point Linux has the upper hand in the security match simply because it's not widely used as Windows.
But for Microsoft going on digging all of Linux's security holes, that means one thing Linux is indeed a threat to Windows !! at least on the more professional base users and companies.
-
#1.1 Posted by Knight' on 11 Nov 2003 - 21:25
- What's Windows most well known for... the BSOD of course...
MS are going to have to do allot of PR to make Windows look better than Linux as a server, but IT admins will see right through it anyway... -
#1.2 Posted by Quick Reply on 11 Nov 2003 - 21:28
QUOTE (#1.1) IT admins will see right through it anyway...
you'ld be surprised, some IT admins would still go Microsoft if they tripled their prices for their software-
#1.3 Posted by Jon on 11 Nov 2003 - 21:53
- Agreed.
I love linux as a server, but work with a very large win2k / xp domain. I'd not swap the servers at work for linux in a million years. A win2k network is a clever thing, linux is great for standalone servers, but the level of integration offered by 2k and AD just can't be touched..
But more importantly, most linux admins are 'special'. Win2k can be worked with by most people, so whilst we have some dam fine ppl, we also have a lot of people who liven the place up.
If our network was swapped for linux, I'd bet a LOT of money that friday night drinking wouldn't be as much fun with workmates. It'd be more like friday night everquest. -
#1.4 Posted by SomeDork on 11 Nov 2003 - 23:25
QUOTE (#1.1) What's Windows most well known for... the BSOD of course...
You are so living in the past.
Win2k and 2003 and XP just plain don't have BSODs unless there is a severe hardware level problem, or unsigned driver problem (all of which are not the fault of the OS).-
#1.5 Posted by werejag on 12 Nov 2003 - 04:12
- hardware is not to suport the os but the os is to support the hardware. this simple fact is always been a problem of redmond
why do people always claim it not windows fualt for bsod?
-
#1.6 Posted by Starman on 12 Nov 2003 - 04:48
- Because it's the hardware vendors that write the bad driver support.
You HAVE to write good support code, or any OS will fail.
Mike (driver developer)
-
#1.7 Posted by chris_kabuki on 12 Nov 2003 - 12:13
- #1.6 That's not exactly true - it depends what memory space the code gets executed in, as I'm sure as a driver developer you know. Having said that, yes, in general, bad drivers will crash any OS, on Windows this is a BSOD (and W2K and XP have more than their fair share of BSOD's for those whom have never ever experienced them) and on *nix this is usually in the form of a kernel panic.
But going around saying that it's always bad drivers that crash the OS is a cop out (for any OS). For example, I have an irDA device which BSOD's my XP machine anytime you try and install the driver. Now, bad driver issues aside, there is no way that XP should allow an irDA driver to crash the OS! Certain drivers crashing the OS I can understand as those can't be helped, they are required for one reason or another.... an irDA is NOT a high priority device - there shouldn't be any reason whatsoever for this crashing XP (or ANY OS for that matter). -
#1.8 Posted by ioslipstream on 14 Nov 2003 - 04:59
QUOTE It'd be more like friday night everquest.
When did they port everquest to Linux?
Don't you mean it the other way around? I can point you towards some LUGs that throw some back.
-
(2 replies)
#2 Posted by Sawyer12 on 11 Nov 2003 - 21:26
- No wonder it takes linux to fix bugs, they havent got thousands of devlopers working on it at anyone time. Give linux a break MS.
-
#2.1 Posted by Jon on 11 Nov 2003 - 21:54
- Why should they, do linux diehards give MS a break? No. Its business, you'd do the same.
-
#2.2 Posted by SomeDork on 11 Nov 2003 - 23:02
- Sawyer, you are saying the polar opposite of what the Linux community themselves proclaim. It goes something like this:
"Linux is open source, and because of that, millions of people are reviewing the code on a constant basis. Any one of them can check in code or offer changes independently, mere minutes or hours after the vulnerability is found."
In fact, a quote from the article, from a spokeswoman at Redhat: "Our problems are located and fixed more proactively. Because the source code is open, we [the Redhat personnel and the general open source community] find there is a patch before there is even a problem."
It goes along the same lines as the argument about not only security patches, but overall bug fixes. It was disproven earlier this year (rather easily) that there's no fundamental difference between open source and closed source projects. Therefore the Linux community as a whole is trying to undermine Microsoft by claiming they are more secure...
...Not necessarily true either
Last edited by 24542 on 11 Nov 2003 - 23:09
-
#3 Posted by Quick Reply on 11 Nov 2003 - 21:26
- the IT industry's like that.... so fickle
-
(5 replies)
#4 Posted by chris_kabuki on 11 Nov 2003 - 23:17
QUOTE Microsoft has hired several analysts... and is expected to announce that Windows compares favorably
Why bother with the review? They've already told us what the result is going to be! Anyone expecting those paid analysts to come back with any result other than "Microsoft compares favourably and in some areas exceeds" is kidding themselves!
QUOTE By turning attention away from its own software bugs
Dammit... what do we do? oooh everyone look over there.... they've got bugs too *phew* That'll stop everyone from commenting on our bugs!-
#4.1 Posted by JaggedFlame on 12 Nov 2003 - 00:20
QUOTE Why bother with the review? They've already told us what the result is going to be! Anyone expecting those paid analysts to come back with any result other than "Microsoft compares favourably and in some areas exceeds" is kidding themselves!
Really, so it can't just be like, publish the results if they're favorable, and disregard them if they aren't?
Funny, that's exactly how it is. No one's lying to you.-
#4.2 Posted by dp123 on 12 Nov 2003 - 01:00
- Oh, Jagged, that's precious! Chris said exactly what you said: "They've already told us what the result is going to be!" -- they'll publish the results if they're favorable.
"Anyone expecting those paid analysts to come back with any result other than "Microsoft compares favourably and in some areas exceeds" is kidding themselves!" -- they'll disregard them if they aren't and we'll never see them.
Either way the same thing is said, and it is unfavorable.
You repeat the fact as if it's some magical wonderland that should make us happy.
By the way, you think burying the results if they aren't favorable or modifying and tweeking the criteria until they are favorable isn't lying? -
#4.3 Posted by roadwarrior on 12 Nov 2003 - 01:49
- Does anyone else remember the other recent attempt by Microsoft to discredit Linux? The one where they proclaimed that Windows development cost less than Linux development. As I recall, several reporters had to eat their words over that one. How about having a totally unbiased, independent report on the subject? Probably will never happen, but we can always hope.
-
#4.4 Posted by werejag on 12 Nov 2003 - 04:15
- if it is unbais someone will point to the other camp and claim this too was riged.
-
#4.5 Posted by JaggedFlame on 12 Nov 2003 - 07:10
QUOTE You repeat the fact as if it's some magical wonderland that should make us happy.
If you'd get off the drugs for a sec, you might notice that he said "Why bother with the review?" This insinuates that the review is not necessary for the results are about to be published.
Which means that they'd just be pulling the "results" out of their asses. On the contrary, the studies ARE actually performed. Just that the unfavorable ones are given less attention.
QUOTE By the way, you think burying the results if they aren't favorable or modifying and tweeking the criteria until they are favorable isn't lying?
Uh, it isn't lying, because they're not modifying the truth. They're just not exposing the entire truth to you. Do I think this is any better? Not necessarily.
See, despite whatever I say, you're in this constant stupid-ass mindset that whatever Microsoft does is favorable in my view.
Of course it's shady. What do you expect me to do about it?
-
#5 Posted by jgoewert on 12 Nov 2003 - 02:08
- Anyone else feel like MS is getting it's PR techniques from a teenager?
Teen: "But MOOooooo-m.... Billy has a bone pierced through his nose, I want one too."
I have predicted the report:
MS.. I mean WE have concluded that Linux requires 100,000 more manhours to fix a security breach than Microsoft.*
In the small print if it's even posted will be:
*1 Million Linux developers * 6 minutes = 100,000 hours (Including installation of patch time by each user on every system in the world, redundant development, etc...) compared to the 1 minute it takes an MS employee to type in the fix and does not include the 8 hours of meetings about the fix, the 72 hours of PR spin monkeys, or anything else
-
(4 replies)
#6 Posted by Starman on 12 Nov 2003 - 04:50
- Quite frankly, I'd trust MS to get things done than a bunch of basement-dwelling dweebs.
Believe me, we've asked MS to do things for us and they delivered on it. Who do you poke if there's a bug in Linux? A Sourceforge "forum" that gets read 3x/day?
Mike
-
#6.1 Posted by chris_kabuki on 12 Nov 2003 - 12:18
- #6 Slightly off topic here.... what do you code drivers for? I'm curious to know what area you develop for where you go around calling other developers "basement-dwelling dweebs".
-
#6.2 Posted by JaggedFlame on 12 Nov 2003 - 14:08
- I wasn't aware you had to stop making jokes once you became a developer.
-
#6.3 Posted by roadwarrior on 12 Nov 2003 - 16:53
- No one said that, but professional ethics would seem to keep most developers from calling other developers names. Seems like a good case of the pot calling the kettle black.
-
#6.4 Posted by JaggedFlame on 12 Nov 2003 - 21:48
- This isn't a professional environment, so I really can't see how you can insinuate anything about his job.
-
(1 reply)
#7 Posted by Grappa on 12 Nov 2003 - 16:30
- Does anyone else find it interesting that this comes less than 2 weeks after "someone" tried to introduce a vulnerability into the Linux kernel? quelle coincidence...
G
-
#8 Posted by aristotle-dude on 12 Nov 2003 - 19:36
- Linux could very well handle a large domain/multi-domain network if someone came out with a good server focused distro with decent management tools. Look at Mac OS X Panther Server. They leverage a bunch of open source projects and slap on a nice gui mangement console to give you an open source based alternative to Windows Server which rivals 2003 in features and ease of management as a file server/domain controller/wins server. Ofcourse Panther server also make for a great unix file server too.
The problem with linux is there is nobody doing a good job at integrating all of these projects into a complete package to create an easy to use windows server replacement.
Microsoft's aim is to undermine critics and place a question mark over Linux's security by revealing that, on average, Windows poses less of a security risk. By turning attention away from its own software bugs while at the same time launching several security initiatives, it hopes to be able to tackle one of main worries business has with its proprietary operating system. Windows security is a club constantly used by Linux advocates to beat Microsoft over the head -- made all the more relevant following the extremely damaging Blast worm and SoBig virus that spread rapidly thanks to vulnerabilities in Microsoft's software.
Excel 97 Security Patch: KB830356
Excel 97 Security Patch: KB830356 offers the highest levels of stability and security available for Microsoft Excel 97. Under certain scenarios it is possible for an Excel file to be modified in such a way that macro consisting of Excel 4.0 Macro Language (XLM) commands could run with no warning issued. This update resolves that vulnerability so that the appropriate macro blocking or warnings are triggered.
Word 97 Security Patch: KB830354
Word 97 Security Patch: KB830354 offers the highest levels of stability and security available for Microsoft Word 97. This update addresses a flaw when opening a document containing certain data values (the names of macros in the document) in Microsoft Word. This flaw could allow arbitrary code to run when Word tries to open a document contain maliciously crafted values. This update resolves this vulnerability so that files containing these values are handled appropriately.