[UCI-Linux] Paulo Ferreira: Funny article

Steve Tsai stevet@uci.edu
Thu, 13 Nov 2003 13:19:46 -0800

On Thu 13 Nov 2003, Jeff Stern wrote:
> On Wed, 12 Nov 2003, Dan STROMBERG wrote:
> > Kind of feels like April 1st.
> hah, hope so. it is rather ludicrous. besides, the only people a pr
> campaign influences are the uninformed and uncritical (though this
> sometimes unfortunately includes non-technical managers).

You sure about that?  Look at how much SCO's stock price has exploded
since their PR FUD campaign.  Plus everyone enjoys hearing stuff they
like, even the technical minded.  Just like how Linux users enjoy hearing
about how good their software, Microsoft users enjoy hearing about how
good their software is.  Both camps have zealots.

>                                                            and anyone
> who's had experience over the last few years with both rhl and windows
> knows the differences in response to security first-hand.

Microsoft's response time to security fixes is actually quite good.  The
problem is users of their software.  Of course one could argue that the
flaws shouldn't be there in the first place, Microsoft doesn't reveal all
flaws, yada yada yada...

> > I suppose they'll compare against somebody's hobby distribution - one
> > whose supporter is loosing interest in the project.
> you may be right, especially if redhat 6 may be considered a hobby
> distribution these days :) ..  check this out:
> > And at the end of October, Ballmer gave the audience at Gartner's autumn
> > symposium a taster of what was to come when he attacked Linux's assumed
> > security superiority. "In the first 150 days after the release of 
> > Windows 2000," he said, "there were 17 critical vulnerabilities. For 
> > Windows Server 2003, there were four. For Red Hat Linux 6, they were 
> > five to ten times higher."
> a) he's using rhl ***6*** to compare to their latest products? geez, 
> what a compliment!  (when did rhl 6 come out?)

It's actually a pretty fair comparison since it came out at around the
same time as w2k.  Plus MS is still supports w2k; rh no longer supports 6.
So point for MS there.

> b) for the windows products he has exact numbers of vulnerabilities. for
> rhl6, only a range, or estimate. why?

Yea, five and ten are pretty different numbers.  My guess Ballmer
anticipated the argument that certain software that comes with RH
shouldn't be counted since there's no equivalent that came with w2k (eg.
postgresql exploit shouldn't be count against rh since w2k doesn't come
with ms sql).  But who knows.  It's MS funded research, all bets are off.

- Steve Tsai