Re: Good reading

From: Daniel (nospam_at_nowhere)
Date: 01/04/05 

Date: Wed, 5 Jan 2005 07:41:57 +1100

It could be something to do with a level of intelligence,
I have used Windows since 95 and NEVER had a problem with virus, trojan or
spyware.

Daniel
<anonymous@discussions.linuxworld.com> wrote in message
news:017e01c4e6c2$40981890$3501280a@phx.gbl...
> http://www.linuxworld.com/story/47536.htm
>
> Linux Opinion: An Open Letter to a Digital World
> "The Windows platform is not just insecure - it's patently,
> blatantly, and unashamedly insecure by design"
> December 18, 2004
> Summary
> As a Linux desktop user himself, system administrator Chris
> Spencer did not relish having to clean up his wife's
> infected Windows PC after it had become compromised. By the
> time he'd solved the immediate problem, Spencer had become
> so fed up with spyware, trojans, viruses, and spam, that he
> decided it was time to write a letter to the world. It's a
> simple message: it's time to switch from Windows to Linux.
> "The letter serves as a guide," Spencer explains, "taking
> you through some of the history of Microsoft right up to
> this present day."
>
> To Anyone Who Will Listen,
> Recently I was reading an article from Wired magazine
> talking about the Windows spyware problem [1]. It was
> unbelievable to me that people would choose to use programs
> that they know make all their personal information
> available to companies. It turns out that 80% of Windows
> users suffer from spyware [2]. I read many articles like
> these but always thought that these people have problems
> just because they aren't careful. Maybe they don't run
> anti-virus, they don't use a firewall, or they browse seedy
> sites and download applications for seedy activities. It
> turns out though that is not the case.
>
> My wife discovered that her computer had been infected by
> spyware and trojans despite the anti-virus, regular Windows
> updates, having the good sense not to open attachments,
> using a firewall, and avoiding any type of seedy activities
> online. As best we can tell someone exploited IE
> transparently while she searched for medical information to
> help our nephew.
>
> The clean up from these types of infections is great fun. I
> spent not less than 5 hours running about every spyware
> prevention program known to man. Each one searching for
> those pesky files and registry settings. The worst thing of
> all was that, once I cleared them off the disk, simply
> starting Internet Explorer would reinfect the whole system.
> Seriously, it was great fun and I did, eventually, have the
> satisfaction of beating the problem. That's right - a
> system administrator for 10 years with a degree in computer
> science and a RHCE CAN clean up a single spyware infection
> in 5 hours.
>
> I hope you see what I am really saying here. How on this
> earth are people that aren't trained in Information
> Technology going to do it? As a Linux desktop user, I had
> never been exposed to this type of problem. Having now
> battled with spyware, I am finally motivated to speak up
> and say something to the world. I want to get a single
> message across:
>
> It's time for anyone running a Windows PC to switch to Linux.
>
> You see, the Windows platform is not just insecure - it's
> patently, blatantly, and unashamedly insecure by design and
> for all the lip service to security it's really not going
> to get better, ever. To make matters worse, it's more
> expensive and gives you fewer necessary applications right
> out of the box than Linux. Everyone, even Microsoft, knows
> this - they are just too afraid to say it. The tide is
> coming in. Nothing on this planet can stop it.
>
> Whew. I said it. I am so happy to get that off my chest,
> however, for me to stop here would be unfair. I haven't
> really proved it to you. So if you will entertain me a bit
> longer here is the rest of the story.
>
> Microsoft started conducting a "Get the Facts" [3]
> marketing campaign against Linux. This signaled that they
> have correctly assessed that their competition is Linux and
> that they need to fight it with all they have. It even made
> it into their 10K filing. [4] It's really an interesting
> read to note that Microsoft sees Linux as a major threat
> It's a big enough threat to their monopoly that they say:
>
> "The Linux open source operating system, which is also
> derived from Unix and is available without payment under a
> General Public License, has gained increasing acceptance as
> its feature set increasingly resembles the distinct and
> innovative features of Windows and as competitive pressures
> on personal computer OEMs to reduce costs continue to
> increase."
> If Microsoft thinks this then that alone is more than
> enough reason to give a fair look at Linux. Of course it's
> just as likely that they are preparing the lawsuits to
> attack Linux because it is a real competitor. I am not sure
> which distinct and innovative features they are
> referencing. Perhaps it was the whole GUI concept that
> Apple sued them for stealing from them. Perhaps it was the
> Microsoft Office-like functionality that Open Office has
> that Microsoft took from Word Perfect. It's hard to tell
> and it gets me off topic to delve into it.
>
> Alright, let's talk about the "Get the Facts" marketing
> campaign. What happened is that Microsoft and vendors that
> make money on Microsoft products have all come together to
> tell us that we us why we should use their products. As a
> consumer and something of a student of history, I always
> question people that are highly motivated to protect their
> jobs and money. Did big tobacco say their products were
> safe long after they knew it wasn't true? Might Microsoft
> be inclined to say that their products provide better total
> cost of ownership (TCO) and security than another product
> despite knowing it wasn't true?
>
> It turns out they have done something strikingly similar
> before. [5] When IBM OS/2 had just taken off and become
> "the best selling retail software product in America" then
> "sources close to Microsoft" leaked word to a columnist for
> the UK edition of PC Magazine, who dutifully reported both
> the rumor and source." - Computerworld, March 20, 1995,
> page 118. From there it was all downhill for IBM. Despite
> everything indicating that OS/2 was doing great the press
> just kept printing the Microsoft party line. In the almost
> 10 years since that happened, have things changed? Are they
> kindler, gentler, and friendlier to work with or do they
> still spin, bully, and use talking heads?
>
> Carrying on in their history we see that, empowered by
> their victory over IBM, just 4 years ago Microsoft was
> ordered to be split in two by Judge Thomas Penfield Jackson
> because they were convicted of abusing their monopoly
> market position. Then 3 years ago Judge Colleen
> Kollar-Kotelly reversed the decision to split them and a
> much lighter penalty was imposed. Unhappy with the results
> the EU took up the case and just this year Microsoft was
> convicted in the EU. Since then Microsoft has paid billions
> of dollars to the companies that were aligned against them.
> One by one settling the differences. Most of the companies
> had little choice but to accept the money they were
> offered. Because they have been so badly beat. Now they
> stand with billions of dollars in the bank and a patent
> portfolio that is rapidly expanding.
>
> I don't know about you but when a convicted monopolist that
> has been shown to use those monopoly powers against their
> competitors says that Linux is a competitor but that it's
> not as secure or cost-effective, well then I take note.
> Because I know there is a good chance that a half truth was
> spoken.
>
> Maybe Linux is shoddy code just hacked together by a
> college student. However, according to the four-year
> analysis by five Stanford researchers [6] Linux contains
> only "0.17 bugs per 1,000 lines of code" and most all of
> those bugs have been fixed. Given that an earlier study
> from Reasoning, Inc [7] had already shown that the Linux
> TCP/IP stack had a 0.013 per 1000 lines of code defect rate
> back in 2001, it is hardly astonishing that the entire
> Kernel is also relatively low in defects compared to your
> average commercial software application To put that in
> perspective the average code seems to have anywhere from 2
> to 30 bugs per 1000 lines of code. That makes the Linux
> kernel between 11 times and 176 times better than your
> average product. So it's certainly not shoddy software by
> any stretch of the imagination.
>
> Considering that many Linux distributions are free, it is
> hard to believe that it would be more expensive than
> Microsoft where a simple upgrade costs $100 and their
> Office application costs hundreds more. Call me crazy but I
> am having a hard time finding any truth in the "facts" as
> reported by Microsoft. However, Microsoft studies the TCO
> to show that other factors make Linux more expensive. Yet,
> the studies that I have read seem to make crazy assumptions
> like saying it takes more money to train users to push a
> button on Linux than it does to push a button on Windows.
> They also tend to ignore the costs associated with viruses,
> spyware, and trojans that prompted me to write this.
> Perhaps most unfortunately for Microsoft they also ignore
> that wildly varying labor costs directly affect TCO. [8]
> That means it wouldn't just be a poor decision it would be
> a completely moronic decision for a government to use the
> Windows platform in the third world if it wasn't absolutely
> necessary. To be honest, for a long time I have wanted to
> see a case study that took these types of issues into
> account. I was, for this reason greatly disappointed, when
> I heard about a study from Cybersource [9] that ignored
> these things but still found Linux, even Red Hat Enterprise
> Linux, to be at least 19% less expensive. So much for
> Windows being better value, they can't even win when the
> whole thing is tipped in their favor.
>
> Maybe I missed something? Maybe Microsoft just happens to
> be truly better at security than Linux? For this I had to
> get dirty and dig. On the surface it did seem like Windows
> had fewer security issues. Looking at Seconia, a security
> research company, I discovered Windows 2000 Server has had
> only 76 Advisories in all of 2003 and 2004. [10] Red Hat
> Enterprise Linux 3 on the other hand has 101 Advisories
> [11] and it wasn't launched until November and looking at
> Red Hat Enterprise Linux 2.1 I found a whopping 145
> vulnerabilities. [12] That looks pretty bad, right?
>
> I am sure that is what Microsoft would like us to think. If
> we would just ignore the elephants in the closet then we
> would come to their happy conclusion. I'm not going to do
> that though.
>
> Microsoft Windows is but one component in a much larger
> Windows platform. What good is the operating system without
> remembering productivity software, anti-virus software,
> instant messengers, media players, software to burn CD and
> DVDs, and the list goes on and on? These are all things
> that Red Hat and every other Linux distribution includes as
> part of the package. Usually they go so far as to include
> multiple applications for each function. It would be,
> therefore, completely unfair if we didn't compare a
> comparably equipped Windows platform to a comparable Linux
> platform. How do you add it up though? Whose products do
> you pick and whose products do you ignore? It's a horrible
> can of worms. I tried to do it. To build the comprehensive
> list so that we could compare a Microsoft Windows that's
> fully equipped like a Linux distribution and I was able to
> exceed the number of advisories. I just felt dirty doing it
> and in the process of doing it. Besides, I came to the
> realization that the bug count isn't what really mattered.
>
>
> What really matters is that the bugs are getting fixed so
> you aren't online without protection and that the updates
> were easy to track and install. Both of which Microsoft is
> in serious trouble with.
>
> With Linux all of the updates for all of the different
> types of applications come through a single path and in an
> automated way. It is a process very much like the Windows
> Update service. The key here is that one update service
> covers all of the products. On the Windows platform you can
> get the Windows updates this way but what about all of the
> third party applications we needed to have the same
> functionality as Linux? Each of those need to be searched
> for or are hidden inside the application themselves.
>
> In my research I found one particularly nasty Microsoft bug
> that really emphasizes this point. I am talking about the
> GDI+ buffer overflow with JPEG processing [13]. They put
> out a security bulletin and they released a patch for each
> of their affected products but they never identified who
> put the SDK library in their products and each of those
> products linked to it individually. Not only did this mean
> users had to be experts that researched the update on their
> own, but they also had to manually install it in each
> location. You have to admit, that sure isn't as nice as the
> centralized updating that Linux has. It seems more like a
> tidal wave to me.
>
> Then there are the issues related to actually fixing the
> bugs that are known. Again, Secunia makes it really easy to
> see. Of the 76 advisories Microsoft 2000 Sever still had a
> whopping 20% outstanding and one of them was rated "Highly
> Critical". Red Hat Enterprise Linux had fewer than 1%
> outstanding and it was rated only "Moderately Critical". So
> much for fewer security updates meaning you are more secure
> and let's not even talk about the Internet Explorer Web
> browser. Because it is so insecure that the United States
> government, through the Computer Emergency Readiness Team,
> had to issue a warning to use any browser besides IE. [14]
> Yet, to use Windows Update you have to use IE. It's just
> not fair.
>
> Then there is the issue of design. Linux was designed to be
> in a hostile Internet centric world. As people were
> programming it they knew this and it no doubt played a role
> in the designs of their products. With Linux you will find
> that firewalls are enabled by default, users rarely login
> as administrators, server applications run as users that
> have limited rights, etc. In Windows these obvious things
> were an afterthought. Finally put into Windows XP with the
> creation of SP2, well mostly. I think it's because of the
> mindset that Windows is for end users on either private
> networks or no network at all that Microsoft has been hit
> so hard by security issues. It's of course equally possible
> that the issue is entirely different. Maybe they don't fix
> the security holes because it's considered a feature. I
> know they said as much about the Windows Messenger Service
> [15] even though it was being actively used to send banner
> advertisements to desktops around the world.
>
> Perhaps Microsoft is finding that the standard software
> wisdom about bugs [16] being less expensive to fix before a
> product ships is true because after several years of having
> security as the number one focus they are as plagued or
> more plagued by security issues than ever before. Maybe
> pouring money on the problem won't fix it? I mean come on
> Even before Windows XP [17] - we knew these things but it
> still shipped with the stupid default settings and we STILL
> have 20% of their advisories unfixed. How can anyone feel
> safe running on a Microsoft platform?
>
> Linux provides a better paradigm. It costs less, it is more
> secure, and perhaps most importantly of all it isn't
> controlled by a single vendor. While Red Hat is the largest
> distributer of Linux and does provide a comprehensive
> support system and legal protections for their customers,
> they aren't alone. Major companies like IBM, HP, and Novell
> are all deeply involved with Linux but none of them are in
> control of it.
>
> Because of Linux, the future of computing is commodity. By
> the year 2000, Linux already represented billions of
> dollars worth of development effort [18] and it's owned
> collectively by each one of us. The savings will follow and
> you can count on getting what you pay for or there will be
> someone else that is there for you on the terms that you
> want. The tide has turned and Microsoft is going to get
> wet. From my perspective they already are all washed up.
>
> It's all an issue of attitude. Linux follows the share and
> share alike [19] mindset where as Microsoft seems to have
> the greedy mindset of it's all mine and I want to get paid
> for it now [20]. Well Bill, Steve, and talking parrots,
> that's not very nice. As I have shown there are good
> reasons for using Linux as the better alternative to
> Windows. Give my friends at Red Hat a call. I am sure they
> could comp. you a copy. Anyway.....
>
> Like I said: It's time for anyone running a Windows PC to
> switch to Linux.
>
> I really appreciate you taking the time to read my letter
> and I hope that it gets you motivated to make the switch
> or, if you already have, that it just makes you feel all
> warm and fuzzy inside.
>
>
>
>
> Sincerely,
>
>
> Chris Spencer
> chris at digitalfreedoms dot org
>
>