Fred Moody and BugTraq: Is Someone Lying About Linux?
www.angelfire.com web2news.pl
ABC News columnist Fred Moody has consistently praised Microsoft and dumped on their critics for years.
This is not in itself a bad thing. But in the process,
he has continually exhibited an utter disregard for facts, logic and basic fairness.
I have no idea as to his underlying motives, but there's no denying his intent.
He is a pro-Microsoft chauvinist, pure and simple.
To him, praising Microsoft is an end unto itself,
and the traditional values of responsible journalism simply don't enter into it.
I suppose he has as much a right to his opinion as I have to mine.
But when he starts misrepresenting the facts , I say he's gone too far.
Here's where he crosses the line:
[ http://abcnews.go.com/sections/tech/FredMoody/moody.html ] Linux Sux Redux The Open-Source Platform Is Open to a Slew of Vulnerabilities
"But now comes news from BugTraq that gives the lie to the widely
held belief that Linux is any less vulnerable than its competitors.
Linux's known weaknesses turn out to be proliferating faster than its
market share. BugTraq publishes "Vulnerability Database Statistics"
(a list of bugs, essentially, that are discovered each year in various
software products) that demonstrate rather dramatically how
determined Linux is to join the Big Leagues - if not necessarily in
market share, then in what might be called "vulnerability share."
BugTraq keeps these statistics on 22 different operating systems,
from the mainstream Windows NT to various exotic flavors of Unix.
Given that Microsoft's product is the runaway market leader, it is not
surprising that it leads in vulnerabilities: In 1999, the year it took over
the server market in earnest, Windows NT totaled 99 new
vulnerabilities on the BugTraq list. (So far in 2000, the count at 37 .)
This looks like an alarmingly high number in comparison with
Solaris' 34 or NetBSD's 10, but it is significantly less than the 122
racked up by Red Hat and the other Linuxes (their 2000 count stands
at 47 )."
Mr. Moody thoughtfully omits to provide any link to this purported study, or even to BugTraq itself.
So I did some digging:
Bugtraq lives at [ http://www.securityfocus.com/ ] http://www.securityfocus.com/ .
There are vulnerability reports listed for [ http://www.securityfocus.com/focus/common/vdb.html?vendor=Microsoft ] Microsoft
and for [ http://www.securityfocus.com/focus/common/vdb.html?vendor=Linux ] Linux ,
On August 2, 2000, I counted incidences on these pages for the year 2000.
I came up with [ http://www.angelfire.com/nj2/edcurry/moodybugtraq.htmlmoodybugtraq2.html#Linux ] 93 for Linux and
[ http://www.angelfire.com/nj2/edcurry/moodybugtraq.htmlmoodybugtraq2.html#Microsoft ] 240 for Microsoft .
But what about that report?
I was able to find a report that might be the one that Fred Moody was referring to.
It's [ http://www.securityfocus.com/vdb/stats.html ] right here .
But this report gives somewhat different numbers from Fred's article.
Actually, the numbers in the report don't match the lists I referenced previously.
Must be a different criterion or something. The report seems to deal with OS vulnerabilities,
plus vulnerabilities in apps that ship with the OS,
whereas the lists cover all vulnerabilities, be they in the OS or an application.
Given that Microsoft frequently shifts the blame for failures onto applications,
this distinction is suspect.
Anyway, here are the relevant excerpts:
Number of OS Vulnerabilities by Year
OS 1997 1998 1999 2000
Debian 2 2 29 5
Linux (aggr.) 10 23 84 30
RedHat 5 10 38 17
SuSE 0 0 21 5
Windows 3.1x/95/98 1 1 46 13
Windows NT 4 6 99 37
Oh, I get it now.
He's adding the figures for Red Hat to the figures for Linux aggregate to come up with the 47.
This is completely bogus of course. But that's never stopped him before.
A more valid figure for Linux would be 30 , since this represents, in the report's words,
"the size of the set that results from the union of all vulnerabilities for the components without duplication."
That would serve the purpose of fairness. But it would not serve the purpose of Fred Moody.
Sloppiness? Wishful thinking? Lack of reading comprehension?
Journalistic incompetence? Deliberate intent to deceive? Who knows? The bottom line is,
this guy is crowing over numbers that don't stand up under even the slighest scrutiny.
Fred Moody has some explaining to do.
Full text at: http://www.angelfire.com/nj2/edcurry/moodybugtraq.html
Posted with: http://www.deja.com/getdoc.xp?AN=596972256&fmt=text
http: www angelfire com nj2 edcurry moodybugtraq html web2news.pl
Chris Ahlstrom
How do you get an e-mail to this guy?
Chris
--
[X] Check here to always trust content from Chris
[ ] Check here to always trust e-mail sent using Microsoft software
tiddles possum
Damn straight!!!
^ ^
@ @
o
tiddles
knuckles
See below:
"This looks like an alarmingly high number in comparison with Solaris' 34 or
NetBSD's 10, but it is scarcely more than the 84 racked up by Red Hat and
the other Linuxes (their 2000 count stands at 30). And the NT number is
inflated by BugTraq's inclusion of IE vulnerabilities, since it considers IE
part of the operating system. [Please note: Upon further research, I
realized that my original numbers were a bit off. The numbers above are new
and revised. Fred Moody, 8/4/00."
Interesting....
"tiddles possum" <tid...@lisp.com.au> wrote in message
news:398A0B09...@lisp.com.au...