Microsoft Corp. is preparing a major PR assault over Windows' perceived security failings in which it will criticize Linux
for taking too long to fix bugs, we have learned.
In a sign that the inroads made by the Open Source community are starting to rattle the software giant, Microsoft has hired
several analysts to review how fast holes are patched in the open source software and is expected to announce that Windows
compares favorably.
The strategy, called "Days of Risk," measures the number of days it takes programmers to release a public patch after a vulnerability
is revealed. While high-profile holes in Linux and associated software tend to be swiftly dealt with, less prominent problems
-- which could be just as potentially damaging -- can take weeks or even months to appear.
Microsoft's aim is to undermine critics and place a question mark over Linux's security by revealing that, on average, Windows
poses less of a security risk. By turning attention away from its own software bugs while at the same time launching several
security initiatives, it hopes to be able to tackle one of main worries business has with its proprietary operating system.
Windows security is a club constantly used by Linux advocates to beat Microsoft over the head -- made all the more relevant
following the extremely damaging Blast worm and SoBig virus that spread rapidly thanks to vulnerabilities in Microsoft's software.
Microsoft Chief Executive Officer Steve Ballmer is known to have made security a top priority. Last week, the company announced
a $5 million reward program aimed at bringing virus writers to justice. Although it is unlikely to reap any tangible results,
the message was clear: Microsoft is taking security seriously.
And at the end of October, Ballmer gave the audience at Gartner's autumn symposium a taster of what was to come when he attacked
Linux's assumed security superiority. "In the first 150 days after the release of Windows 2000," he said, "there were 17 critical
vulnerabilities. For Windows Server 2003, there were four. For Red Hat Linux 6, they were five to ten times higher."
He also questioned the notion that the open source's community approach to fixing problems was superior to Microsoft's. "Why
should code submitted randomly by some hacker in China and distributed by some open source project, why is that, by definition,
better?"
A spokeswoman for Red Hat was undaunted by the prospect of a full frontal security assault by Microsoft however. "We just
don't have viruses," she told us. "Our problems are located and fixed more proactively. Because the source code is open, we
find there is a patch before there is even a problem."
She also denied there was an issue of professionalism: "We have dozens of Fortune 500 customers we have to report to. We would
never let a bug go unfixed."
However, Microsoft is thought to have pulled out all the stops to prove its security case. That means it should have something
more tangible than the questionable reports it has sponsored in the past in an attempt to show Windows has a comparable or
lower total cost of ownership than Linux.
"There is always some assertion by Microsoft," the spokeswoman told us. "And its example is always on a very small part of
Linux. But when you look at Linux as a whole, it is very reliable and our customers considerable it superior."
Microsoft failed to respond to our questions, although its law and corporate affairs spokeswoman told us that she didn't think
the company intended to launch a security attack on Linux and that it would be "odd" if the company used strong comparative
information to state its case. It would be more odd if it didn't.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
