Linux Sux Redux: A Rebuttal

SmooC writes "This is SecurityFocus's reaction to Fred Moody's article, claiming that NT is more secure than Linux. Ran on slashdot last wednesday. Ben Greenbaum who manages the Microsoft Focus Area, sees it from a different perspective."

Re:We Should Rejoice In Moody's Article...

[Skald]

The sadest part is that new stories like this don't last in peoples mind longer.

I'm sure somebody here will brood over this, make Fred Moody dart boards, and send the guy hate mail till he dies. Actually, that's one of the things I love about slashdot... there's always some bitter old fellow waiting to remind you of stuff like this. You know the sort of post:

IBM!?! I was working tech support for an accounting company when they took over Electronic Typewriters... bastards changed the mountings on the platen knobs, wouldn't return our letters, and we wound up having to hire a guy to carve new ones! Cost us nearly $15, and then the guy got drafted... I'm telling you, never buy IBM!

Re:Moody's article

[jdoyle99]

As a matter of fact, if you read the footer notes for the article Mr. Moody wrote, you'll see the reasons of his statements.

It matter of factly says that he wrote the book:

"I Sing the Body Electronic: A Year with Microsoft on the Multimedia Frontier".

Now if that doesn't show bias i don't know what could.

--Justin

Re:Feh

[Misch]

Damn. I know journalistic integrity doesn't apply
Did ABCNews mention that Fred Moody was a Microsoft employee at one time? He spent 1-2 years with them as Microsoft developed a childrens multimedia guide, reporting on their processes, and state of the team project, etc.

I'd expect a little more journalistic integrity out of ABCNews...

inflated due to ie inclusion?

[gruntvald]

He now claims the NT number is inflated "because (they) consider it part of the OS"?! Wait a minute, isn't that the whole crux of Microsofts case in the DOJ thing? Have you ever tried to maintain NT boxes WITHOUT installing ie? This ringpiece needs to be blacklisted, he's just trawling for hits.

Re:crap

[ryanr]

I'm working on it.

For the newbie it is

[topdogg]

When i started out, I ran both. My linux box was hacked 3 to 4 times, the NT box wasn't hacked at all.

He should be fired, not banned

[FreeUser]

I sent an email to ABCNEWS asking them to ban him, but I doubt that will happen. I did point out the flaws in his arguements though. I haven't received a respounce as of the writing of this.

I wish you had considered your words more carefully. The word "ban" is loaded (and not what you are really trying to say) and using it effectively pushes everyone's buttons, especially in the media. It smacks of censorship.

What Mr. Moody has done is act in an unprofessional manner (by deliberately spreading misinformation). His lack of 2nd grade mathematical skills has demonstrated his lack of qualification to write about any technical subject. Not that it is necessary, as the arguments he uses and the conclusions he draws do this stunningly well also.

He should be fired for incompetence, or at least reassigned to a job more worthy of his skills, perhaps as a movie critic or janatorial assistant.

One thing is certain, by employing him as a technical writer (or pundit) ABC's reputation with respect to technical matters suffers tremendously.

He shouldn't be banned for writing whatever he wants, however, his employment should reflect the quality of his work, i.e. none.

Re:Moody's article

[styopa]

Moody wrote the ABC article that is the subject of this rebuttal posted today.
Here is the slashdot article [slashdot.org] on Moody's editorial.

Have a look at ABC's `Linux FAQ'

[LizardKing]

You might want to check out ABC New's very own Linux FAQ - some of the innacuracies are quite amusing and suggest a general cluelessness at ABC as a whole. The URL is http://abcnews.go.co m/sections/tech/DailyNews/linux000403.html [go.com].

Some notable cock-ups are:

Linus isn't in charge of Linux any more, but his opinions are taken very seriously by Linux developers

Hmmm, arguably he never was `in charge' of Linux as it's licensed under the GPL. However ABC seem to be implying he's taken a back seat, which will come as a surprise to readers of Kernel Traffic.

The core of Linux is a text-based operating system, like DOS. But several different competing graphical interfaces have sprung up to make it friendlier. They look like a streamlined version of Windows or the Mac, generally with bigger icons and fewer shadows

I can see a DOS / Unix shell comparison being valid given the likely cluelessness of ABC's regular readership, but they clearly haven't got much idea about the X Window system and its relationship to desktop environments, etc.

It may soon become easier to use with a product called Eazel, being developed by several of the original programmers for the Macintosh. They claim that they'll be able to put an easy-to-use face on Linux

Hmmm ... Eazel - that'll be the people making one key application that will be the new file manager shell in Gnome 2.0. Not that Gnome isn't already a viable easy-to-use interface.

Critics of Linux say that the software is a "perpetual beta" - always under development, always mutating, always buggy, and never quite ready for prime time

Critics (like good old Fred Moody) might say that, but most people writing crass editorials aren't experts in any field, let alone Linux. And if it's so buggy, why have I spent the last four years working for big companies where Linux is increasingly the server OS of choice thanks to its stability and flexiblility? My current employer doesn't have anything but Linux on the servers - including file, print and database servers, not just our firewall or web servers.

What applications are available? Lots of server and Internet software, but little else

They might want to check out freshmeat.net - not all that stuff can be vaporware ...

The three biggest Linux companies are Red Hat (partially owned by Intel), Slackware, and VA/Linux

Now I stand to be corrected on this one, but Slackware - a company? And waht about SuSE or the makers of TurboLinux? Do I detect classic signs of Yankocentricism in this great American institution?

Linux is a complex system, and tech support is usually a must

For a newbie, yup. But I've yet to come across a company or cluefull user that needed tech support.


Chris

Re:It's not the number that counts...

[HeUnique]

Windows has update features..

According to Microsoft, this update will let you update drivers, security holes and other updates needed..

I got a windows 2k machine and guess what? from all the fixes that appears on SP1, only 1 appeared here (which wasn't even related to my configuration!)

Give me a break!

bad comparison

[kaisyain]

the "10,000 known, documented bugs" that you talk about are, for the most part, vastly different from the kinds of things listed on bugtraq.

A marginally better comparison would be a list of reported bugs in gnome:

http://bugs.gnome.org/db/ix/full.html

At the very least compare apples to apples.

Rah rah Linux *sigh*

[Fervent]

Is there anything that pulls more on the heartstrings than a bunch of Linux zealots going "Rah rah Linux" in reaction to some idiot's "article"? Let's face it, Moody's a total moron -- why are we even giving it the time of day? Then we post "rebuttals" from people we like more. How childish.

Dear Rob Malda: get a clue. It's supposed to be "News for Nerds. Stuff that matters." not "Dumb articles from supposed Nerds. Stupid advocacy." "Rah rah Linux" -- fuck it. Give me something that actually matters.

Re:article text since SF is /.ed

[fsck]

You can block ads in your browser using software. This type of software exists for both Windows and Linux/X11. Junkbuster is one such example.

Re:Mirror

[Delphis]

Just wanted to say thanks for posting that mirror :) .. SF has been unavailable to me all day :D

--

unfortunately...

[ebbv]

90% of it is not /good/ pr0n :(
...dave

(moderators : correct: Funny, incorrect: Offtopic)

Re:rebuttal?

[Shadowlion]

using the numbers to say that linux is not less secure than, and therefore more secure than nt.

No, that's not actually what he's saying. He is simply saying, "These numbers don't provide enough foundation for you to conclude that NT is any more secure than Linux is." He isn't implying that Linux is more secure than NT is - he is simply saying that you can't argue NT is more secure than Linux based on the numbers Moody used. That isn't to say you can't make arguments that NT is more secure than Linux, only that misusing a set of BugTraq statistics isn't good proof to back up your claims with.

It's sort of like a court trial - being found "not guilty" is NOT the same as being found "innocent." Being found "not guilty" simply means the evidence didn't meet the burden of proof. Being found "innocent" means you are completely exonerated and that the evidence shows that there is unequivocably no way you could have committed the crime (you were out of the country, in jail, physically incapable of committing the crime, etc.).

Re:Rah rah Linux *sigh*

[Fervent]

And before you could be targetting this as flamebait, think of this -- we could be talking about gene sequencing right now (or PARC's recent contributions to digital paper).

Comment from ABC

[jea6]

Received this from abcnews.com today:

Subject: Re: abcnews.go.com User Feedback (KMM70266C0KM)

Hi Juan,

Thank you for contacting us.

We appreciate your comments and your feedback to improve the quality of
our services. We will forward your e-mail to our Technology Section
Producer for review.

Just to let you know, Fred will be revisiting the subject on August
16th, addressing this and other issues.

Regards,
Alice
ABCNews.com
http://abcnews.go.com/

Re:IE has more bugs

[topdogg]

Hah, Linux has more bugs that all Winxx os's together, Not saying I hate linux, I love linux as much as I love NT. But Myself found more bugs it a lot of packages

Re:Feh

[Enoch Root]

Did you bother to READ my post?

I'm not criticizing the article; I'm criticizing Slashdot for their editorial choices. Would you ever see such an article linked to a debunking of a 'Linux rulz!!' article? As a matter of fact, I bet that if it ever came across Slashdot's editorial 'desk', it was promptly ignored.

Re:Moody's article

[synesthesia]

I agree with jmccay and actually did write a letter 2 days ago. Yesterday I was pleasantly surprised with a response. Who knows if it will ever come to anything, but at least someone read it and took the time to respond to me in person, even if it is a form letter. IMHO the way to get attention is to question the journalistic integrity of not only the writer, but the organization that sponsors the writer. This usually gets someone's attention because there are usually people at news organizations that take their job seriouly. I for one felt insulted by Moody's arrogant disregard for the facts and not his opinion that MS is a better product. Not only does this reflect poorly on Moody, but on ABCNews.com as well.

Response from and letter to ABCNews.com follows:

Hi Michael,

Thank you for contacting us.

We appreciate your comments and your feedback to improve the quality of our services. We will forward your e-mail to our Technology Section Producer for review.

Regards,
Alice
ABCNews.com
http://abcnews.go.com/

Original message follows:
-------------------------

attn: Editorial Review Board, abcnews.com

I recently read Fred Moody's article ("Linux Sux Redux") at your abcnews.com site and was displeased to see that Mr. Moody deliberately misrepresented the numbers he gathered at www.bugtraq.com in order to show that Linux is worse than the competing Windows product. I take no issue with the fact that Mr. Moody believes windows to be a better product than Linux, but for him to blatantly twist the facts (in order to come up with his number of 122 bugs, he had to count the Red Hat distribution bugs TWO times) in order to make his point insults me as a reader and should raise serious questions about his journalistic integrity. abcnews.com's toleration of such a violation of ethics brings into question the integrity and bias of the whole news site. As such, unless a public clarification of his data is issued, I will no longer read any content on your site.

Sincerely,
Michael

Troll Troll more troll...

[rkt]

"As Linux zealots are beginning to find out, it's a lot easier to masquerade as a better
product than it is to go out and be one."

I agree with that statement, and I believe that the Linux community has done an
admirable job in many ways on both counts. In closing, I propose to the security
community and to Mr. Moody that what is true for products is sometimes true for
journalists as well.

Now lets see how moody feels about that satement :)

rkt

Thanks Ben Greenbaum

[Beckman]

Perhaps someone should write Ben Greenbaum to thank him for his article.

It's quite inspiring when civility overcomes what has too often become flame wars between opposing factions.

Would we have reacted similarly has we encountered unjust article smearing microsoft? I'm guessing that most of us would just let it slip under the rug.

Haiku

[comcn]

Eighty-four bugs max.
This also includes RedHat:
Moody cannot count!

Re: WARNING: this looks like an elaborate troll

[Omniscient Ferret]

I couldn't find anything in the kernel traffic archives, but there's an archive of the mailing list - this might be the initial post you're thinking of [indiana.edu]. That was in June; there seem to be followups to that in September. I found those using "zero copy transmit" on this search page [indiana.edu].

ouch

[rvr]

The last paragraph Ben quoted Moody, Moody had said:

"As Linux zealots are beginning to find out, it's a lot easier to masquerade as a better product than it is to go out and be one."

And then Ben said:

I propose to the security community and to Mr. Moody that what is true for products is sometimes true for journalists as well.

Ouch.

ciao,
-rob

Re:Why can I NEVER acccess securityfocus's pages

[ryanr]

The Slashdot traffic sometimes temporarily pushes us past the amount of traffic we can handle and still have a reasonable response time. I'm working on some upgrades to address the issue.

Re:Address?

[synesthesia]

comments@abcnews.go.com worked for me. I got a response in just over 24 hours. Cheers!

Re:This Needs to Be Publicized

[Jon Shaft]

We have to force ABCNews to post some corrections (plus maybe the link to Greenbaum's response), because the article is obviously violating journalistic integrity. In addition, it will be better to have the major news sites like CNet or ZDNN to cover this.

Hah, it soudns good on paper..er a web forum, however try making it a reality. It's scraping that line in between impossible and never happening. The "major" news sites aren't going to care what a bunch of intelligent, insightful consumers. They're only going to care about the big majority of the public, all of which doens't seem to concern Linux much (YET). I'd be great if someone big replied with a counter article to one of those news sites. (Hell, wake Katz up. The rest of the world loves him... and so did Slashdot a year or so ago when he was introduced here... Just read back a long, long time ago when Taco posted Katz's welcome. It's quite funny to compare it to how everyone treats him today). But anyways, I'd love to see ABC rebuttle the article and post changes and additions, but I doubt it's going to happen. ;(

I'd be great of Securityfocus would contact ABC or one of the other news sites and proved he had no integrity, and that he was wrong in using those statistics completely :-)

oh welp. Cheers.

I know...

[jmccay]

Mr. Moody is really on Microsoft's payroll for linux spin control!

Re:Bullshit

[0xdeadbeef]

those that use it - and the religious right

That's redundant...

Re:article text since SF is /.ed

[Wah]

please moderate down, it is no longer /.'ed and I'd hate to see the flamebait get more banner ads than the firehose. Thanks

--

WARNING: this looks like an elaborate troll

[LizardKing]

This AC comment looks like a cut & paste from a kernel traffic article where someone was bemoaning the lack of zero copy trnsmit in Linux' TCP/IP stack. The fact it's posted anonymously smells a bit fishy as well, 'cos if I remember rightly the KT article went on to discuss why the complaints were not really valid.

I'll try and find the relevant Kernel Traffic issue when I've got a spare five minutes.

Chris

Absolutely

[Sloppy]

Moody wrote the flamebait:

As Linux zealots are beginning to find out, it's a lot easier to masquerade as a better product than it is to go out and be one.

and now Greenbaum has taken the bait. Here is the (justified) flame:

I propose to the security community and to Mr. Moody that what is true for products is sometimes true for journalists as well.

It's an open and shut case.
---

Re:Some history

[Black Parrot]

> He never substantiated this informant, of course.

I have a secret informant who tells me that Moody's secret informant was a hand named 50ck Pupp37.

--

More secure?

[AbbyNormal]

So is my toaster according to his point of view.
Where can I get what Moody's smoking? Nice name Moody. Does he switch his position to favor Linux security when his Aunt FLOW comes to visit?

You are a unique individual...just like everyone else

NT more secure?

[B00yah]

How can a product so inflexible be more secure...When a security hole is found in NT, it is not an easy task to remedy, while with Linux, it takes little effort...

Figures lie, and liars figure

[Tau Zero]

That number double counts redhat's security errors.

To compound the sin, it counts every distinct security vulnerability in any Linux distribution. A Red Hat user doesn't have to worry about a Debian-only security hole, and Slackware folks needn't concern themselves with problems particular to SuSE, but the author (who obviously flunked statistics) decided that "Linux was less secure". Looks to me like Red Hat has 38, NT has 99, so NT is more than 250% as vulnerable as Red Hat (and, being closed-source, far more difficult to fix).
--

Actually, it points out Moody is wrong

[Croaker]

I suspect you didn't read the article. This response wasn't taking issue with Moody's conclusion. Instead, it demonstrated that Moody made a naive mistake by adding up all of the stats for all of the Linux distributions. Meaning that bugs shared between Debian and Redhat counted twice. The aggregate Linux total (which is what Moody should have used, since it counts Linux bugs once, even if they appear in more than one distro). The Linux aggregate score shows Linux has *less* security bugs than NT.

Re:Who cares?

[java_sucks]

Amen to that my brother. It's all about the clicks baby... it's all about the clicks. Hype, incite, troll and create buzz for the clicks. The Net is now being run by the suits... the mainsream media, who has never really been too concerned with the facts, rather the viewing audience. It's all about the clicks.

I think it's actually a shame that we even have to respond to this, it's almost like trying to reply to a slashdot troll, you are basically doing excatly what he wants...generating even more buzz...buzz buzz..click click....welcome to the Internet year 2000.

Good rebuttal

[epcraig]

Nice, polite commentary on basic bugtraq definitions. One small sideswipe at an author conclusively demonstrating he didn't read his homework assignment at all carefully.

We Should Rejoice In Moody's Article...

[Psarchasm]

Rejoice in the fact that Moody has once again shown himself in the truest light: Bill Gates' lapdog.

This is the first anti-Linux article I've read from him which can be so easily rebutted and turned around to debase Windows using his own argument.

The sadest part is that new stories like this don't last in peoples mind longer. For a brief period anyone that cares will know Moody for what he is: a crappy journalist with low integrity. But four or five articles from now, all will be forgoten and we'll just start it all over again.

Re:For the newbie it is

[Fastolfe]

This has little to do with inherent "bugs" or vulnerabilities in the operating system and everything to do with a lack of knowledge and proper system configuration.

It's also far easier to utilize a newly hacked Linux system for evil than it is to do the same with NT, so Linux tends to be more of a target. And if you stupidly set up an insecure system and advertise its presence to the world, it will be a much more tantalizing target.

comments on ABCnews.com?

[indiigo]

Another nice feature of this site is a complete lack of a forum system to give feedback on articles or discuss with peers... Is this intentional? msnbc.com and cnn.com both have had these features pretty much from their inception. Perchance ABCnews.com should rethink their user participation.

Re:Have a look at ABC's `Linux FAQ'

[Black Parrot]

> the core of Linux is a text-based operating system, like DOS. But several different competing graphical interfaces have sprung up to make it friendlier. They look like a streamlined version of Windows or the Mac, generally with bigger icons and fewer shadows

Oh, this kills me. When I read the first phrase a vision popped into mind of an OS kernel that ran text files rather than machine code:

If the first one is bigger than the second one, skip to page two. Otherwise, continue with the instructions below.

And the bit about the "bigger icons and fewer shadows" ripped my gut. Gee, that's important stuff to know when you first hear about a new operating system!

--

Re:Moody's article

[Black Parrot]

> I think it was a troll, because he didn't even come close to scratching the surface on all the reasons why Linux sucks.

Damb straight. But it sucks less than most of the competition in my price range, so I'm sticking with it for now.

> All the ditributions are too fat or too skinny.

Well, if you think the Papa Bear and Baby Bear distros have it all wrong, you might be able to get rich by starting a Mother Bear distro.

--

About Credibility...

[Wedman]

Who are you going to trust more:
- An ABCNEWS columnist
- The Manager of Microsoft Focus Area for Security Focus?

I don't know, but I'm thinking that them ABCNEWS dudes are pretty savy. Security Focus has nothing on them, man. Especially the ABCNEWS columnists. Whoa, like, dude: The are like, so totally computer smart. I mean, like, who's ever even heard of Security Focus before today?

Dude out, dude, man.

Re:Moody's article

[matman]

on the contrary, a person who is a spokes person for a large news organization is given a huge ammount of trust... most readers will take his conclusions as truth (incorrectly) but the fact is that he's being irrisponcible. He has just the same right to say something false or unfounded as I do, but what I say isnt automatically assumed to be true by most people who read it. The news organization needs to watch for integrety of it's articles, or else they risk turning into the Weekly World News.

Journalism

[kiwaiti]

Unfortunately, most media is much less interactive than e.g. slashdot. Moody can get away with not thoroughly reading the pages he bases his article on because his readers do not see, as they would here, modded-up posts pointing out the sh*t, just a single PgDn away.

Unlike present-day mass media, slashdot discourages the posting of stirred dung (well, mostly).

I sincerely hope this model will be developed into something that can be used by the masses. It would probably not work the same way (imagine all the penis birds...), but were going the right way.

Kiwaiti

Re:Moody's article

[Fishstick]

dunno about guidescope, but IIRC, junkbuster doesn't even forward requests to the adfarms and so denies them the hits.

Re:Moody's article--Funny

[cronos-cronos]

Moody must have seen that he screwed up. As of today in the middle of the article where the supposed "122 exploits" were mentioned, it is now corrected to 84, and there is this note on the page: . [Please note: Upon further research, I realized that my original numbers were a bit off. The numbers above are new and revised. Fred Moody, 8/4/00.]

Re:Moody's article

[TheReverand]

I wish I could troll like Katz & Co.

Re:SecurityFocus site...

[ryanr]

Yes, we've been experiencing degraded performance today due to the Slashdot traffic. I'm working on some upgrades that should help with that.

Update: Changes on the original Moody Article

[codegen]

It appears that Mr. Moody has become aware of his faux pas. The original article has been updated to use the proper numbers, and a little tidbit has been end of the paragraph:

"[Please note: Upon further research, I realized that my original numbers were a bit off. The numbers above are new and revised. Fred Moody, 8/4/00.]"

Further research?
Oh well...

Windows NT bugs

[Wolfier]

Moody, we are good at mathematics, so you can't cheat us! Let's see - you're not using the same definition of the + operation on all the operating systems!

If the total number of Linux bugs is that of RedHat + "other Linux flavors", then the total number of NT bugs should be the total of:

NT 3.51 gold + Sum(j=1 to 18) NT 3.51 SPj + NT 4.0 gold + Sum(i=1 to 6) NT 4 SPi + Win2000

which rounds down to roughly 100,000...let's put it to bugtraq!

This Needs to Be Publicized

[rusti999]

The bad thing is, even though we /.-ers know that his article is totally baseless, the general public who read the article may not. We have to force ABCNews to post some corrections (plus maybe the link to Greenbaum's response), because the article is obviously violating journalistic integrity. In addition, it will be better to have the major news sites like CNet or ZDNN to cover this. The more publicity we get about this, the better so that more of the general public know that Moody's argument is wrong.

Re:Feh

[Enoch Root]

Not given the fact that it was posted in such a way as to ridicule his opinion, no. I'm not complaining about what gets posted, but about the bias demonstrated in these postings. You'll never see this kind of article:

"Here's an article saying Linux sucks. It may not be cool hearing that, but the numbers pretty much hold up... Oh, and that other article about how sucks big donkey balls was actually bogus. Score one for Microsoft."

Before someone says, 'It's because these articles don't exist', know that I don't subscribe to your narrow-minded view of the world.

Re:More secure?

[kieran]

My toaster is far more secure than Linux. In fact, I'd be happy to have this tested.

Go on, hack my toaster. If anyone can get root on my toaster, I'll give it to them, and buy them a few beers into the bargain.

But I warn you: it's pretty darn secure.

Re:Actually, it points out Moody is wrong

[Masem]

It's well known that two parties can take the same set of statistical data, and derive two vague but conflicting statements from it, depending on the type of spin they want. This is a perfect example: Moody says one thing, Bugtraq says another. Only with full disclosure of the raw data (as done here with Bugtraq) and experience can one make a truly informed decision on the reliability of statistics. (And of course in this case, it's weighted heavily in Bugtraq's favor).

This is similar to the ad going around from MS about W2k increasing sales from a company by 13% or 5% -- because we can't see all the raw data, there might be something they didn't want to include, or the like, and would make these numbers go the opposite way.

While a pain in the butt, peer-review in scientific journals is a very good thing :D

From the original article

[oznet]

If you look this list over, and measure each system's number of vulnerabilities against the number of its customers, Linux is arguably the worst operating-system product in history, and Microsoft's the best.

Not even. If you go by just the figures he quoted, NetBSD is the best not Microsoft.

Retarted writers

Comment I posted to ABC News feedback form.

[BigBlockMopar]

Hey guys and gals, I thought I should share my thoughts after reading Mr. Moody's column on Linux. Go take another look at his column; when you do, take a look around the site, you can send feedback.

Don't know who at ABC, if anyone, will read it, or what the reaction will be. But voice your opinions! Be concise, clean, amusing, factual and well-formatted, otherwise the editor won't even bother reading it.

Without further ado, here's what I sent to ABC:

Mr. Moody clearly owns Microsoft shares. Or he enjoys products that perform only with mediocrity. I wonder if Mr. Moody drives a Hyundai and praises its virtues similarily to those of Windows.

I'm new to Linux, but I'm not new to UNIX or to computers. In fact, I signed up for my first Internet access in 1988, at the tender age of 14. Back then, it wasn't called the Internet, it was called ARPANET. I've seen a lot of changes, since I've been online longer than Yahoo.

Now, while I don't think I'm ready to praise the virtues of Linux as a desktop environment - I still run Windows 95B OSR2 for that - but I'm pleased to say that I've formatted my server's hard drive and have replaced Windows NT 4.0 with RedHat Linux 6.2.

Sure, the learning curve has been steep. Sure, I've had frustrations. And sure, the operating system completely lacks the polish and refinement of Windows NT. This is primarily why I don't feel it's ready for mass desktop deployment. But, on the other hand, in a server-duty machine, it really shines.

Linux is an operating system by computer geeks and for computer geeks. It is therefore full of technical tools and features that would cost thousands of dollars to buy from Microsoft. It's far more configurable than Windows. It's a UNIX derivative, meaning it's closely related to the most core architecture of the Internet. Being a UNIX family member, it's also a multi-user operating system, with all the related user sercurity features and sophistication that are inherent to a multi-user platform. Compare that to Windows, which is merely a multi-tasking operating system.

And, I'm sorry, but by nature of the fact that it's an open-source operating system, every bug gets detailed, documented and fixed. While a Microsoft user might have to manage a complex set of variables in order to find a given "undocumented feature" of Windows, a fresh pair of eyes looking over a chunk of source code can in minutes reveal errors that might never be spotted in Windows.

None of today's software can or will ever be perfect. Implementation of libraries, millions of lines of source code, dozens of different platforms and operating system variables all can contribute to creating weird behavior. If there are 10,000,000 lines of code and they're 99.995% right, there will still be 50,000 bugs.

Better to have those bugs discovered in advance of exploits and/or lost data. Better to have those bugs addressed by thousands of developers working together in a collaborative manner, bringing together the best of talents in a relaxed setting. Better to be able to have the source code and not rely on Microsoft's small (in comparison) team of developers.

I'm sorry that Mr. Moody feels the way that he does. I'm sorry he couldn't research his article more objectively. And I'm sorry that ABC's editorial staff apparently don't live up to the image of impartial professionalism that I had expected.

I would have expected to see an article like that coming from the people at MSNBC, who brought us mainstream tabloid journalism like Dateline NBC; not from the fine news agency that brings me Peter Jennings and Ted Koppel every night.

Re:Moody's article

[agentZ]

Screw journalistic integrity, that's not ABC's business. ABC is in the business of selling advertising. The content they provide on their web site is merely a means to show you ads. (This is also the basis of free television in America...) Why should they care if the article is factual or not? In fact, ABC probably wants to post provoking pieces to show those web banner posting advertisers that it's good way to market things to the technologically inclined... ($REFERRING_PAGE =~ /\.slashdot\.org$/ && $showGeekAd = 1).

If you want to hit ABC where it hurts, you would have to convince the advertisers that you won't buy their products because they advertise on ABC. -- I'm not saying that will be effective, but it would get their attention...

The post has been updated

[GC]

Here is the paragraph with the bug numbers:

BugTraq keeps these statistics on 22 different operating systems, from the mainstream Windows NT to various exotic flavors of Unix. Given that Microsoft's product is the runaway market leader, it is not surprising that it leads in vulnerabilities: In 1999, the year it took over the server market in earnest, Windows NT totaled 99 new vulnerabilities on the BugTraq list. (So far in 2000, the count stands at 37.) This looks like an alarmingly high number in comparison with Solaris' 34 or NetBSD's 10, but it is scarcely more than the 84 racked up by Red Hat and the other Linuxes (their 2000 count stands at 30). And the NT number is inflated by BugTraq's inclusion of IE vulnerabilities, since it considers IE part of the operating system. [Please note: Upon further research, I realized that my original numbers were a bit off. The numbers above are new and revised. Fred Moody, 8/4/00.]

Accident? I think not...

[mav[LAG]]

I was going to post this in reply to the first story but it's just as applicable in the followup. My point is this: Pro-Microsoft pieces in the media do not happen by accident - especially when the author is a well known inspector of Gates' colon. Spin, media relations and public perception are very carefully managed by most companies and Microsoft is no exception.

My guess as to what prompted this knee-jerk reaction: the IDC server software revenue figures. I don't have a URL but in a nutshell, units have soared but revenue is flat - thanks to the frightening growth in Linux servers. Microsoft are not at all happy about this and are desperately looking around for a reason to gain the upper hand in mindshare.

No doubt our Ed got a call and agreed (or decided) the best way to spearhead this quick FUD campaign was to put out the message that Linux is buggy. Anyone considering getting a Linux-based server would then think "uh-oh" and go back to safe, reliable old NT.

Of course, Microsoft have shot themselves in both feet by rushing this one. First, Moody's credibility has been given a serious dent - not the least of which because he can't (or won't) add properly. Secondly, the author - who's neutral - says he's impressed that the Linux community has "done an admirable job" in making a better product. So exactly the reverse effect has been achieved - Moody is seen as a Microsoft zealot and the Linux community is seen as full of reasonable, honest adherents.

Go Fred go! I look forward to your next piece on why Microsoft license agreements are so easy to understand...

the security issue

[GC]

I don't see security as being an operating system issue. It's really more of a human issue.

Most of the exploitable holes could be avoided by careful planning, firewalling etc...

Choice of operating system is but a small factor in assesing the secureness of a system.

article text since SF is /.ed

[Anonymous Coward]

Linux Sux Redux: A Rebuttal
by Ben Greenbaum
Thu Aug 03 2000
This is in response to an article posted at abcnews.com by Fred Moody, available at:
http://abcnews.go.com/sections/tech/FredMoody/mood y.html, in which he claims that
Linux is a far less secure operating system than NT, based on his interpretation of the
Bugtraq vulnerability statistics.

From the very start, I would like to proclaim that I am not a Linux zealot, or for that matter
an ardent defender of any OS. I manage the Microsoft Focus Area here at SecurityFocus. My
personal machines at home run on various flavors of both MS and Unix operating systems.
Different OS'es have different strengths, and I freely and gladly use whatever is best in my
experience for the purpose at hand.

The problem I have with Mr. Moody's article is not the conclusion he comes to, although I do
disagree with it. It is instead a problem with the methods used to reach that conclusion.

The author is writing about the results of the Bugtraq vulnerability statistics page at:
http://www.securityfocus.com/vdb/stats.html

These statistics are meant for general interest purposes. The text on the statistics page
clearly states:

"The statistics should not be taken to imply that some particular operating system or
application is more or less secure than another one."

However, these stats are for public use, to be interpreted as the user sees fit. As with any
statistics, they can fairly easily be twisted and misrepresented to support whatever goals the
author may personally have. This is to be expected to some extent any time statistics,
especially unscientific statistics, are used to prove a controversial or questionable point.

The worst situation by far is when the statistics are not only "massaged" to serve personal or
corporate goals, but interpreted incorrectly in the first place. The Bugtraq stats have been
used and referenced in various articles and endeavors, with varying degrees of accuracy. The
most egregious example of misuse and misinterpretation by far to this point is in the article
referenced above, where Mr. Moody states that Linux is the most insecure OS available. This
is based on a gross misreading of the available data.

To wit: (regarding statistics for 1999)

"122 racked up by Red Hat and the other Linuxes "

Whereas the actual statistics are:
[image table here]

All Linuxes combined: 84
RedHat only: 38

Which, as you can see, add up quite neatly to 122, the number of vulnerabilities claimed by
Mr. Moody for "RedHat and the other Linuxes". So now, we pause for a brief explanation of
the word "Aggregate". First, from the text of the page itself:

"Where we display aggregate number of vulnerabilities (Linux and BSD) the number is the
size of the set that results from the union of all vulnerabilities for the components without
duplication. Vulnerabilities are not counted twice."

The numbers for "Linux (aggr.)" reflect the total number of reported vulnerabilities across all
distributions of Linux; if it's a Linux, it's in there, RedHat included. Also, if the same
vulnerability is present in more than one distribution, it counts once. Therefore, for a
representative number of all known Linux security bugs, one would only look at the Linux
(aggr.) statistic.

Therefore, since 84 (for Linux) is demonstrably less than 99 (for NT) I submit that these
statistics can certainly not be used to prove that Linux has more vulnerabilities than NT.

Mr. Moody ends his article with the sentence:

"As Linux zealots are beginning to find out, it's a lot easier to masquerade as a better product
than it is to go out and be one."

I agree with that statement, and I believe that the Linux community has done an admirable
job in many ways on both counts. In closing, I propose to the security community and to Mr.
Moody that what is true for products is sometimes true for journalists as well.

Ben Greenbaum
Director of Site Content
SecurityFocus
bgreenbaum@securityfocus.com

Some history

[mwillis]

Some posters are not remembering why the phrase "Linux sux" was mentioned. Moody wrote a previous flamebait article [go.com] with this line back in 1998 and got roasted [slashdot.org] on slashdot. Moody had claimed to have a secret informant who had to use Linux but was afraid to speak out the "truth", that "Linux sux". He never substantiated this informant, of course.

Um, yes there was, and yes /. covered it.

[mbourgon]

Mindcraft/Netcraft, the huge thing about SAMBA being better on NT than Linux. Due to the hue-and-cry generated about it (they apparently called the wrong number for Linux tuning advice, so Linux wasn't tuned at all, MS send system engineers, etc, etc), they re-ran the tests, and MS won. And /. posted it.

This will come back and bite us.

[Mark F. Komarinski]

Anyone remember the "report" from 5 years ago that said 90% of the Internet was pr0n? Time did a big 'ol article on it, the report wound up on the Senate floor, etc.

Too bad the data used for the report was completely wrong.

Too bad that report is still probably being used to decry the evils of the Internet.

No matter how many rebuttals there are, it won't stop the fact that Moody's article is out there. We must demand a correction from Moody or abcnews.com that also gets linked to the original article. Otherwise, 3 years from now, this will come back and bite us again.

Well then, who *does* have journalistic integrity?

[Anonymous Coward]

Tell us, oh holy one, whom may we trust for a fair and impartial review of Linux? webmasters (most of whom run apache on *nix)? Academia (still mostly *nix and where *nix started)? Or the PC market (where average joe's hardware was incapable of running *nix for the longest time, during which "something else" had to be created and continues to dominate only out of tradition and for backwards compatibility.)?

Tell us, oh omnipotent one, who or what is the One True Source of unbiased OS reviews?

I'm waiting....

Still waiting...

Re:Blacklist journalists with hidden agenda

[arivanov]

There is no such thing as a journalist without hidden agenda. They have their salaries, stock options, friends and relatives. They are people too. And their employers have owners and shareholders.

Journalism when taken on a very large average can be considered to reflect community views which are also biased of course. And it reflects them mostly because if it does not noone will read it or listen to it or view it. But there is no such thing as unbiased mass media.

And to conclude IMHO, you are an idiotic fanatic. Grow up.

Somewhat OT, Somewhat Not.

[haystor]

Instead of a rebuttal, which I don't think Moody's article really deserves since it would be considered flamebait to anyone that can add, I propose something different. When something that bad comes up, everyone on /. should follow the banner adds from the page Moody's article is on, find customer service on that site, and tell them exactly why you visited the site. Explain that their advertisement was on page spewing FUD, and that they have consequently been affected by this. Explain that their banner ad went to waste because you have no intention of spending your money with sombody that supports those idiotic views. Also explain that you don't care that they don't have editorial control over the content, they do have control over which editor's sites they spend ad money on.

Mirror

[Bensari]

Here is a mirror that will undoubtedly go down fast. Enjoy it while it is up ;0).

Greenbaum article [198.86.162.43]

http://198.86.162.43/greenbaum.html
Which way now? Down.

Re:More secure?

[Tower]

That's why your toaster should be 'firewalled'...
--

Re:The post has been updated

[GC]

oops... accidentaly hit submit instead of preview.

Oh well more scope for moderation :-)

The article now becomes pretty lame - Still stating that Linux Sucks because it has less bugs than NT is not a good argument.

Moody's article

[cje]

Does anybody believe that Moody's "article" was intended to do anything other than generate page hits, rile up Linux users, and get them to send scathing flames that can later be used to show the "immaturity of the community?" Personally, I would have rather seen Slashdot ignore this story altogether. Anybody who knows anything about Moody's past associations and opinions knows that he has a clear agenda, and that agenda does not particularly care for the success of Linux.

IMHO, while it's good to write a rebuttal to an obvious nonsense article, it's also probably giving Moody's troll a bit more attention than it deserves.

Re:Feh

[(void*)]

Did you bother to READ before posting?

The guy clearly states that he does not care about the conclusion of Moody's report ("Linux Sux"). In fact, all he did was to criticize the statistical method of taking numbers which clearly overlap and add them together to produce a highly inflated number. That isd all he said. I think that is an extremely fair comment. You don't have to be a journalist with integrity to appreciate that.

How we feel about the conclusion that "Linux Sucks" does not matter at all!

a duck is made of wood

[osjedi]

Fred Moody logic:

Witches burn
Wood also burns
Witches must be made of wood
Wood floats
Ducks float
Ducks must be made of wood
If a person weighs the same as a duck they are a witch.

If you want to compare bugs between os's then tally the total number of apps/utils provided with each and then compare the bugs as a ratio of bugs to apps/utils. Most Linux distro's come with thousands of apps/utils. How many apps/utils come with NT?

Cease and desist

[kelzer]

If the first one is bigger than the second one, skip to page two. Otherwise, continue with the instructions below.

Dear Mr. Parrot, I am writing to inform you that you are in violation of my client's copyright, and have published trade secrets of their proprietary product, "CobolOS 2000".

Please be advised that my client is prepared to take any legal action necessary to prevent this from occurring again.

Sue D'Helloutayou
Senior Partner
Dewey, Cheatham, and Howe, P.A.

Re:Moody's article

[Fishstick]

Yep, they're fully aware of us now, they've figured out how to push our buttons, and the herd reacts exactly as anticipated, playing right into their hands.

It is a sad fact of life. "A person is smart, people are dumb, panicy animals... and YOU KNOW IT!"

Individual /. readers/posters might understand this BS that is being pulled, and be able to refrain from giving them the hits and flames they are trolling for. Unfortunately, the diverse mob on /. simply can't resist unleashing the 'Dreaded Slashdot Effect [TM]' on sites that are calculatedly pushing our collective buttons.

Taco knows full well how this kind of article works /. into a lather, can't figure out if he sincerely wanted to avoid posting it, or is too tempted to flex the slashdot-effect once in a while for some reason or another.

"I avoided posting this because it really is pretty lame, but its getting submitted a lot. "

"Stories like this just make me roll my eyes: the thing will get tons of traffic from you guys and his editor will say "Good Job Fred" because they got to sell lots of banner ads on it. *sigh* "

Yeah, but /. makes its living off the same business-model, so posting this kind of story certainly contributes to revenue from banner hits and has to be hard to resist.

Plus, I personally don't want /. to back off from posting these stories. Yeah, there is a lot of immature flaming and the site gets a bunch-o-hits, but there always seems to be a calm, rational, factual debunking that emerges the next day. Sheltering the /. readership from crap that might make us flip-out doesn't seem to me to be the right way to handle this.

I'd rather see situations like this play out and maybe some of the flamers will get it. No, we won't ever get everyone to control their urge to send profane e-mail to the authors of these articles, but even if only a few learn from the example set by others in showing restraint and dignity in the face of one of these, I think it is worth it.

Who cares?

[pb]

Fred Moody is to Jesse Berst as a court jester is to a soulless accountant.

That is to say, exactly why do we care, again?

However, it is funny that Moody can't even get his statistics right. ...so it doesn't even matter that his argument was flawed.

I guess he was just being Moody about it...
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].

IE has more bugs

[mgkimsal2]

The stats page Moody pulled his numbers from ALSO shows *IE* (one package!) having more reported bugs than all of RedHat 5.2. If he actually believes these numbers are accurate, why support a company that makes ONE PRODUCT with more reported bugs than an entire OS?

Re:Moody's article

[jmccay]

I will reply even though this is really flaimbait.

Actually, I had a complaint with a previous article of Mr. Moody's I don't usual read his anymore because I have found him to be more wrong than correct. Freedom of speech is one thing, but I think the media has a responcibility to get the facts right and not worry about the picture they want to paint for you to see. I have talk with a person in the indestry, and this person agrees that the media doesn't always care if the facts are straight--as long as it paints the picture you want to see.

This really isn't a free speech issue. It's a reliablity issue. Mr. Moody is not reliable for honest factual reporting. Even though he does editorials mainly, he should pay more atention to the details and facts before he writes (or types) his words of poor wisdom.

Re:Moody's article

[Segfault 11]

I think it was a troll, because he didn't even come close to scratching the surface on all the reasons why Linux sucks.

It's virtually impossible to stay up to date with the latest software. When you try compiling application X, it's missing library Y. When you download library Y, you can't compile it because library Z is out of date. Packaging tries to keep things up to date, but the only one that works is Debian, but doing so won't get you anywhere near the cutting edge of technology. Therefore, you have to get out of packaging and have to start breaking the packaging system, etc.

man pages suck ass. There isn't any useful, demonstative information given about commandline tools like cut, grep, and its cousins.

(and from here on out, I'll be complaining about distros, mostly Slackware vs. Red Hat)

All the ditributions are too fat or too skinny. I like Slackware, because it's minimalist, but it would be really nice if I could easily configure it with the Red Hat GNOME desktop.

Who in their right mind would come up with a scheme to start and stop services based on the asciibetical order of filenames? I hate SysV init. BSD init makes more sense, but its configuration ends up being redundant and messy looking. Why not register each daemon in their own file with the instructions to start/stop them, and then have a flat file for each runlevel indicating which daemons should be started and stopped?

Filesystem standards are terrible. I'm aware of LinuxBase (among others), and their rationale is good, but I don't see why there should be a standard on what those directories should be. In Linux, the kernel resides in /boot (according to the standards), but in OS X, I believe it's in /System. If common environment variables were used instead of explicit paths, software would be easier to install the way you want it Symlinks are not the answer for everything...

Anyway, that's my little rant about Linux. I use it, and I'd like to get more out of it beacuse of all the cool free stuff I can hack on, but getting half of it the way I want is a major PITA.

BTW, I have already gotten these responses: RTFM and STFU. I've heard them before, OK?

Mattheww Troll 7:15-16

[Troll Messiah]

Watch out for false prophets. They come to you in the media's clothing, but inwardly they are ferocious trolls. By their OS you will recognize them.

Re:Blacklist journalists with hidden agenda

[streetlawyer]

Yeah, at least that would mean no more articles by Eric Raymond .... oh, you mean a "hidden agenda" that you don't already agree with. Yeh, let's silence all dissenting opinion, that way we need never learn anything that disconcerts us.

Not all they want however

[Felinoid]

They are looking for banner clicks...

Most news websites pull traffic to get visits. Visits turn into banner clicks.
So what to do? Well don't click on the banner ads.
It's a little hard to stop the angry mob from visiting but it's a good idea to tell them not to click on the banners.

What you mean they'll lissen? No not really... they won't click on banners anyway.. but Moody et all will look at the pees and then check banner stats.. and sure enough... the additional traffic generated NO additional banner clicks.
They may even see a significant number of them didn't even load the banners at all (Banner filters are your friend)... and some didn't load ANY GRAPHICS WHAT SO EVER!!! (All hail Lynx)...
Just bandwith and load... increasing costs without generating additional revenue....

Re:NT more secure?

[GlassUser]

That depends entirely on your level of skill. As an admin/programmer, you and I may see no difficulty in patching the kernel or a library, but your average desktop user will be totally overwhelmed. Eventually, it comes down to the fact that 95% of the desktop users in the world will NEVER hack (or even follow step-by step directions to patch) their kernel, but they'd be happy to install a single-run service pack. End result, their Linux never gets patched, but NT will, while it may take a few months, be patched.

Re:Kill the Niggaz

[mangu]

Great Link!!! I read it avidly, page by page! Some excerpts:

"Many have said, that the government or the state, is theft. This is true. Even the best of states are a protection racket. These rackets are far more dishonest than unlicensed organized crime (the mafia, etc.). "

"The international style state is inefficient, to the maximum."

"However, a war against the Super State must be fought to the finish. Your ammunition is readily available. Cut economic support for the Beast. In short, starve the bureaucrats out. "

"The greatest help for the White race today, would be state and national legislators, that run on a platform of no new taxes, coupled with no new laws. To enact new laws, guarantees more taxes. Do you see how simple it would be?"

"Logic: Any program or method that circumvents taxes is a White revolutionary act."

"All tax avoidance, in any way, helps to bleed and weaken the Beast. Your sweat and hard earned wages are the source of power that is used against you. In short, the old adage applies. \"The power to tax is the power to destroy.\"" [Heinlein!!! "The Moon Is A Harsh Mistress"!!!]

"The underground economy is a fabulous mechanism, and well-suited to White survival."

"Remember that the underground economy is seditious to our enemies, but a great weapon for White racial advancement. Again, bleed the Beast. Spread these ideas among even your non-racial contacts, since all tax avoidance and underground economic activity, directly helps our cause. It is easy and it is fun! Use your imagination, and start your war today."

Security Focus is one of the better...

[Mark A. Rhowe]

...resources online. For example: FOCUS on Linux: Intrusion Detection on Linux [securityfocus.com] is equivalent to the Koran [umich.edu] for system security administrators.

Re:A better solution

[slickwillie]

Since the BSD license is even more open than GPL (i.e. "here's the code, do what you want with it, and now you don't even have to publish any credits"), why not just dump the whole Linux source tree and replace it with FreeBSD? Just get the Linux compatibility stuff working better and no one will ever know.

Flamebait

[mwalker]

can we just mod moody's article as flamebait? his only evidence is that bugtraq lists more linux bugs than NT bugs. of course it does... that's because the linux community uses bugtraq and open review to fix bugs, and microsoft's "bugtraq" is a closed system that happens behind closed doors in redmond.

windows 2000 gold was shipped with over 10,000 known, documented bugs. and no, they're not listed at bugtraq.

i could go on and on (index the # of windows bugs in the knowledge base, closed source bugs vs open source bugs) but i've already given this flamebait more attention that it deserves.

whatever you do, when you read this article, don't click through the banner ads. then he's won.

Impossible

[xant]

I couldn't look at Katz's last article, because I now filter him out of the homepage entirely. User Preferences, check the box next to Jon Troll^H^H^H^H^HKatz's name, click save.

The only double standard here is from you.

[buckrogers]

According to you MS advocates can outright lie, because, hypothetically, if any of the open source leaders were to lie too then we would defend them.

This is not true for several reasons.

Open source leaders are too busy programming and leading the open source movement to actually even care that much about Microsoft. Do you really think that Linux or Alan even think about Microsoft that much?

But I bet you Billy G. was groups comprised of dozens of people that are devoted to monitoring Linux and producing weekly summaries and reports for Microsofts top executives. Linux is cutting into Microsofts server revenue, so it is getting a lot of attention from Redmond.

If our open source leaders ever did spout insane statistics like Mr. Moody then I would be the first to point out the inacurracies. These people are our leaders because they are smart, good with others, and don't lie. If they weren't they wouldn't have very many followers, now would they?

Since the basic primise of your argument is wrong, which you freely admit yourself, then the rest of your arguments are wrong as well.

Free speech doesn't mean that you are free to lie. And editors that allow their writers to continue lying, when the customer is compaining about those lies, don't remain editors for very long.

Clarification?

[Amokscience]

One small point I wanted to have clarified. As I understand it the only bugs that are (and should) be reported are bugs in server system software or security software, not every 'bug'. If it was every bug the database for all OSes would be gargantuan.

Re:Moody's article

[TheReverand]

So you don't think the same thing is going through Rob & Co.'s collective minds when they post this stuff? DId you see how many replies that article had? It's all about reload and page views my friend. If you think these articles are posted for anything other than generating hits then you are sorely mistaken. Take a look at Katz's last article. He insulted practically everyone who reads slashdot!

Re:Moody's article

[spitzak]

I also believe that Moody is trolling for page hits. There are legitimate complaints about Linux, such as you have listed

But easily-refuted or flat-out wrong information like Moody is apparently presenting produces a far more visceral and active response.

And why not fix init. There is no reason for the mortal user to rearrange the order of the things that are started. There should be a gui with an array of checkboxes, each column is a run level, each row is a service. And put a comment in the .rc files that this GUI can display so the user knows what they are turning on/off! And also put the turning on/off of net services in that same panel (the etc/inetd file I think it is called?) because most people think those are the same thing! Advanced users can control the start/stop order by renaming the .rc files, there is no reason to do everything in the GUI.

Before anybody complains, I am thinking of writing this myself...

Re:Moody's article

[Ether Trogg]

Great idea, but unfortunately, the journalistic community defends its own as vigorously as we defend members of the Linux world.

Indeed, if Linus or Alan were to have written that article, and replaced every negative reference to Linux with Windows 2000, chances are we all would be praising the article for its "...accuracy and unbiased analysis of Windows 2000 in comparison with Linux...". Granted, Linus and Alan *wouldn't* write an article of that nature, but we're speaking hypothetically here.

If we make demands of ABC to ban Fred Moody (who is, obviously, not a true journalist, but an editorialist), they'll ignore us, or at best, defend Fred Moody's article as an exercise in free speech.

Uh, oh! Did I say "free speech?" Another point of irony: /. rants constantly about free speech, yet when someone with access to a large-access forum makes a statement we /.ers don't like, we immediately start demanding that he be banned, not be allowed to make his statements, he needs to be shut up, he has no right to say what he wants to say.

So, does free speech only apply to the things that we on /. like? Are we, in fact, espousing a double-standard? "Say what we like, and it's free speech. Say what we hate, and we'll ban you." Hypocracy isn't limited only to Fred Moody, it would appear.

Remember, chums, the journalists are going to defend Fredo, because he's one of their own. Let them. We need to start practicing what we preach. If we're going to be a forum advocating free speech, then we need to advocate that freedom for everyone, including Fred Moody.

I'd have to agree

[vaevictus]

"As Linux zealots are beginning to find out, it's a lot easier to masquerade as a better product than it is to go out and be one." (last line of moody's article)

Isn't this the whole damn reason everyone stopped using windows in the first place? Because their marketing is better than their product. I think Moody got it right, even though he thought he was saying the opposite.

Re:SecurityFocus site...

[Anonymous Coward]

Well, you asked for it. Here is the full text of the article. Can you say copyright violation?

Linux Sux Redux: A Rebuttal
by Ben Greenbaum
Thu Aug 03 2000
This is in response to an article posted at abcnews.com by
Fred Moody, available at:
http://abcnews.go.com/sections/tech/FredMoody/mood y.html,
in which he claims that Linux is a far less secure operating
system than NT, based on his interpretation of the Bugtraq
vulnerability statistics.

From the very start, I would like to proclaim that I am not a Linux
zealot, or for that matter an ardent defender of any OS. I manage
the Microsoft Focus Area here at SecurityFocus. My personal
machines at home run on various flavors of both MS and Unix
operating systems. Different OS'es have different strengths, and I
freely and gladly use whatever is best in my experience for the
purpose at hand.

The problem I have with Mr. Moody's article is not the conclusion
he comes to, although I do disagree with it. It is instead a problem
with the methods used to reach that conclusion.

The author is writing about the results of the Bugtraq vulnerability
statistics page at:
http://www.securityfocus.com/vdb/stats.html

These statistics are meant for general interest purposes. The text
on the statistics page clearly states:

"The statistics should not be taken to imply that some particular
operating system or application is more or less secure than
another one."

However, these stats are for public use, to be interpreted as the
user sees fit. As with any statistics, they can fairly easily be
twisted and misrepresented to support whatever goals the author
may personally have. This is to be expected to some extent any
time statistics, especially unscientific statistics, are used to prove
a controversial or questionable point.

The worst situation by far is when the statistics are not only
"massaged" to serve personal or corporate goals, but interpreted
incorrectly in the first place. The Bugtraq stats have been used
and referenced in various articles and endeavors, with varying
degrees of accuracy. The most egregious example of misuse and
misinterpretation by far to this point is in the article referenced
above, where Mr. Moody states that Linux is the most insecure
OS available. This is based on a gross misreading of the available
data.

To wit: (regarding statistics for 1999)

"122 racked up by Red Hat and the other Linuxes "

Whereas the actual statistics are:

All Linuxes combined: 84
RedHat only: 38

Which, as you can see, add up quite neatly to 122, the number of
vulnerabilities claimed by Mr. Moody for "RedHat and the other
Linuxes". So now, we pause for a brief explanation of the word
"Aggregate". First, from the text of the page itself:

"Where we display aggregate number of vulnerabilities (Linux and
BSD) the number is the size of the set that results from the union
of all vulnerabilities for the components without duplication.
Vulnerabilities are not counted twice."

The numbers for "Linux (aggr.)" reflect the total number of
reported vulnerabilities across all distributions of Linux; if it's a
Linux, it's in there, RedHat included. Also, if the same
vulnerability is present in more than one distribution, it counts
once. Therefore, for a representative number of all known Linux
security bugs, one would only look at the Linux (aggr.) statistic.

Therefore, since 84 (for Linux) is demonstrably less than 99 (for
NT) I submit that these statistics can certainly not be used to
prove that Linux has more vulnerabilities than NT.

Mr. Moody ends his article with the sentence:

"As Linux zealots are beginning to find out, it's a lot easier to
masquerade as a better product than it is to go out and be one."

I agree with that statement, and I believe that the Linux
community has done an admirable job in many ways on both
counts. In closing, I propose to the security community and to Mr.
Moody that what is true for products is sometimes true for
journalists as well.

Ben Greenbaum
Director of Site Content
SecurityFocus
bgreenbaum@securityfocus.com