Shades of "Get the Facts"

Story: "Linux more secure than Windows", Microsoft vulnerability report suggestsTotal Replies: 3
Author Content
schestowitz

Aug 21, 2007
1:54 PM EDT
Typical Get the Facts-like Big Lie.

http://www.daniweb.com/blogs/entry1599.html

Also consider the hidden things they patch silently and group, e.g.

Microsoft reacts to kernel hacks, defends Vista

,----[ Quote ] | Microsoft wasn't much help in figuring out exactly what was beefed up by the | PatchGuard update; the accompanying information was extremely vague. The | MSRC's release manager, Simon Conant, was just as tight-lipped in a posting | to the center's blog. "The update adds additional checks to Kernel Patch | Protection for increased reliability, performance, and security," Conant | said. `----

http://www.infoworld.com/article/07/08/15/Microsoft-reacts-t...

Skeletons in Microsoft’s Patch Day closet

,----[ Quote ] | This is the first time I’ve seen Microsoft prominently admit to silently | fixing vulnerabilities in its bulletins — a controversial practice that | effectively reduces the number of publicly documented bug fixes (for those | keeping count) and affects patch management/deployment decisions. `----

http://blogs.zdnet.com/security/?p=316

Beware of undisclosed Microsoft patches

,----[ Quote ] | Forget for a moment whether Microsoft is throwing off patch counts | that Microsoft brass use to compare its security record with those | of its competitors. What do you think of Redmond’s silent patching | practice? `----

http://blogs.zdnet.com/microsoft/?p=527

Microsoft explains this Jeff Jones-type stratgegy here:

http://antitrust.slated.org/www.iowaconsumercase.org/011607/...

“There’s an interesting article in the April 2007 issue of Harper’s magazine about panels, audits, and experts. It is called CTRL-ALT-DECEIT and is from evidence in Comes v. Microsoft, a class action suit in Iowa. Here’s a paragraph from a document admitted into evidence, called “Generalized Evangelism Timeline,” about guerrilla or evangelical marketing:

Working behind the scenes to orchestrate “independent” praise of our technology is a key evangelism function. “Independent” analysts’ reports should be issued, praising your technology and damning the competitors (or ignoring them). “Independent consultants should write articles, give conference presentations, moderate stacked panels on our behalf, and set themselves up as experts in the new technology, available for just $200/hour. “Independent” academic sources should be cultivated and quoted (and granted research money).

They advise cultivating “experts” early and recommending that they not publish anything pro-Microsoft, so that they can be viewed as “independent” later on, when they’re needed. This type of evangelical or guerilla marketing is apparently quite common in the high-tech fields, and seems to be used liberally by open source developers.

The document admitted into evidence also says, “The key to stacking a panel is being able to choose the moderator,” and explains how to find “pliable” moderators–those who will sell out.

It is all a big money game. Most activists in any field know of countless “hearings,” in which hundreds of citizens would testify before a panel, only to be ignored in favor of two or three industry “experts.” When a panel is chosen, the outcome seems to be a foregone conclusion. As with elections, they don’t leave anything to chance.” (a post from a Mark E. Smith about exhibit PX03096 “Evangelism is War” from Comes v. Microsoft).

More on the issues to consider:

Microsoft is Counting Bugs Again

,----[ Quote ] | Sorry, but Microsoft's self-evaluating security counting isn't really a | good accounting. | | [...] | | The point: Don't count on security flaw counting. The real flaw is | the counting. `----

http://www.microsoft-watch.com/content/security/microsoft_is...

Independent, non-Microsoft studies:

How secure are Linux, Window and Mac OS?

http://www.masuran.org/node/29

2006 Operating System Vulnerability Summary

http://www.omninerd.com/2007/03/26/articles/74

Linux vs. Windows: Which is Most Secure?

http://www.esecurityplanet.com/views/article.php/3665801

Linux Security: A Big Edge Over Windows

http://www.linuxinsider.com/rsstory/54742.html

The problems with Vista laid bare - What might have been

http://www.theinquirer.net/default.aspx?article=38419

Why Windows is less secure than Linux

http://blogs.zdnet.com/threatchaos/?p=311

Linux more secure than Windows, national survey shows

http://www.xomba.com/linux_more_secure_than_windows_national...

Microsoft Windows: Insecure by Design

http://www.washingtonpost.com/ac2/wp-dyn/A34978-2003Aug23?la...

If Only We Knew Then What We Know Now About Windows XP

http://www.washingtonpost.com/wp-dyn/content/article/2006/09...

Why Windows is a security nightmare.

http://www.smh.com.au/articles/2004/05/21/1085120110704.html

The Structural Failures of Windows

http://www.theinquirer.net/default.aspx?article=15305

More than half of Microsoft Vista needs re-writing

http://www.theinquirer.net/default.aspx?article=30516
phsolide

Aug 21, 2007
2:23 PM EDT
Do you get the feeling that if something like Groklaw had existed in 1997, that the public sentiment about that MSFT anti-trust trial would have been substantially different?

I mean, in 2003, the "press" painted a generally favorable chance of SCO's chances in its original lawsuit against IBM.

In 1997/98, the "press" merely reprinted Wag-Edd propaganda about "innovation". The findings of fact got totally ignored.
schestowitz

Aug 21, 2007
2:51 PM EDT
I never trust the press. It has sources of revenue, thus it has an agenda. A mixture of (sort of) peer-reviewing blogs make a sensible source of information.
Aladdin_Sane

Aug 24, 2007
10:53 AM EDT
This is really good stuff, I mean helpful at exposing MS dirty tricks.

I guess more research in to the Comes evidence is in order.

A corroborating link to the 3096 PDF quoted is at http://edge-op.org/iowa/www.iowaconsumercase.org/011607/3000...

Here's some more from pages 53-54 of that document:

"MSDN and Platform marketing are the regular forces, exchanging blows with the enemy mano a mano. Evangelism should avoid formal, frontal assaults, instead focusing its efforts of hit-an-run [sic] tactics."

"Competitors will make surprise announcements, lie through their teeth, and generally try to screw you just as hard as you are trying to screw them."

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!