Wednesday, December 27, 2006

Chewing out Dailytech responders, one idiot at a time.

yes, Trigger Tyme and Paintball has been pushed back. I've gotten some emails that... um. Well. Lets just say that I'm not wanting to get in the middle of whatever tiff is going on between Trigger Tyme and an apparent competitor.

Anyways, the subject of today's post is yet another person repeating an oft-disproved lie about Microsoft products. So, here we go. This is the original post I made on Dailytech, in response to Vista Activation getting cracked again.

I found this line to be, well, hilarious:
Despite Microsoft’s best efforts to shut down this latest exploit, it does leave us wondering jus how secure this new operating system if it can be poked at and prodded this early after release.
Many of the security features were already being cracked a year ago or more on the beta's that were going out. Over the past 6 months as the final release firmed up, the known exploits didn't stop. We knew literal months ago that Vista was no more secure than a properly configured and hardware firewalled protected Windows XP or Linux OS.

The end fact is, it's still going to take work to protect any computer system, any OS. Vista has changed nothing in a System's Administrator job, end of story. We don't have to wonder. We know that inherently, any Microsoft product will be less secure out of the box than it's competitor. We know that people will still be earning paychecks fixing that.

Someone came along shortly after that and ran this comment:

Only less secure because the "competitors" have 3% market share, therefore nobody gives a (manure) about cracking them.
Oh... yeah. The old Market Share equals more attacks argument. Lets go ahead and eliminate this bunch of marketing mud right now.

Slight problem with that Sharky.

Mind telling me what Web-server powers the majority of Web-sites in use today? And what Operating system is the basis for the most servers in use today?

I'll answer for you: Apache and Linux.

Despite having a majority in server usage for games, banking, shopping, web-pages, ftp, or anything else where a server is used, you don't hear about major Zero-Day or Near-Zero-Day exploits for Linux or Apache.

The line that Microsoft products are less secure because they have a majority in the consumer market is inherently based on several false assumptions.

The first assumption is that Microsoft products are easier to crack. This is based on the sheer number of exploits that make appearances in the wild. However, there is very little code documentation available for Microsoft software. With Linux and Apache there is ample documentation available, and even beginners in coding can grasp the way the programs actually work. The fact is, it is easier to modify a program that is fully documented rather than one that is not. If malicious crackers wanted to make SoBig and IloveYou look like childs play, they would have attacked Linux and Apache servers.

The second assumption is that all of the computers sold by Microsoft-Licensed OEMS remain with a Microsoft OS. This is partially based in the so quoted "Microsoft Tax." Nearly every complete computer system sold on the market ships with a Microsoft OS. However, even a casual browsing of Distrowatch, or casual browsing of the forums for Ubuntu, Mepis, PClinuxOS, and other versions of Linux show something startling. There aren't just hundreds of posts from people reporting they've "switched", there are several hundred thousand posts. The problem, if you want to call it that, is that there is no reliable metric for determining what Operating System somebody is running on their computer. So, while it's safe to say that Microsoft probably has greater than 50% market share, assigning any percentage above that to Microsoft ignores ample evidence to the contrary.

The third assumption is that all cracks are equal. Now, I have not personally done this, but I do know people have taken the time to dig down through Symnatec's reports on Windows and Linux vulnerabilities and existing exploits for those vulnerabilities. Now, we've all heard the marketing from Microsoft that it is more secure than Linux, and we've all heard from Linux developers that Microsoft isn't telling the whole story. Symnatec bears that out. We've all heard about the penetration rates for Windows virus's. Hundreds of computers are affected each month by a new vulnerability. Spyware and Adware code is on a rampage. However, when looking at Open-Source OS's like Linux, and Applications like Apache, over 70% of the reported viral exploits available only have been found in Symnatec's testing labs, with a penetration of 2 computers.

So, not all cracks are equal. Not all exploits are going to do the same damage, or initialize in the same manner. There are several people who do care about cracking Linux and Apache. They just have paying Jobs from the likes of IBM, Novell, RedHat, and Ubuntu.

Now, please stop the F.U.D. that Microsoft products are less secure because of Market Share. Confirmed majority marketshare is only true in one particular market, and does not apply or indicate the industry as a whole.

Something else popped into my mind while I was posting this into Blogger.

Vista isn't even out yet for the average user. I can't go down to Best Buy and get a copy of Vista off the shelf right now. Most manufacturers are not even selling HomePC's with Vista right now, almost all holiday models are all Windows Xp.

So, right now, Vista doesn't even have .01% of the home market, and it's server penetration rate is far less. There is also a known issue with SQL Server 2005 Express, which does not run on Vista.

So, right now, Vista has the overall penetration of say, BeOS, RISC-OS, or maybe Amiga. This brings the market-share ratio F.U.D. into perspective. Vista does not even have the market share of BeOS, and it already has more major published vulnerabilities and exploits than either 3 of it's market-share peers.
Post a Comment