Really Desperate Times for Fortify

I had to say something about this, and this, and this. Because it is getting on my bloody nerves!

We have a [ahem] story about how the Tories are unwise to promote Open Source because of, apparently, some inherent security flaws:

But Kirk said Fortify’s own research has shown that OSS exposes users to “significant and unnecessary business risk”. This is because security is often “overlooked,” according to Kirk, which makes users more vulnerable to security breaches.

Glyn Moody explains that this research from Fortify, was actually on just “11 of the most common Java open source packages”. Big deal. The research was from July of last year too and was discussed at that time.

I won’t dwell on the merits, or not, of the research itself. There are many excellent reports in the public domain that quite clearly demonstrate the strengths of the Open Source Software production model. Between proprietary and OSS methods I know which I believe is inherently more secure, and more robust too. Just recall on the last couple of months of Microsoft security holes.

But this whole saga really gets-my-goat because it isn’t news; it is an old story, and not even a good one, wrapped up in the shiny new cellophane of the Conservatives’ recent public commentary. And why? Because I can only believe that companies like Fortify are running shit-scared as they are seeing their profits dwindle to nothing and are being constantly beaten in competitive sales situations by the better, and cheaper, product.

Sowing some FUD and getting some cheap publicity doesn’t fool anyone anymore.

Matt Assay has an unusually succinct post on his blog today that sums it up nicely:

Jeffrey Hammond, principal analyst at Forrester, just Twittered something that is about to hit the traditional software world like a ton of bricks:

Just got off the phone with a client who’s been mandated to use [open-source software] because licensing costs are killing them.

Call it the beginning of the end, if you like, but it’s coming.

Spot on Matt.

ALL Windows versions open to serious attack by “old” bug

The Register has picked up news of yet another Microsoft Windows bug. The really scary thing about this one however is that it was originally recognised, and seemingly fixed, in 1999! According to the article this bug is apparently still real, and affects ALL versions of Windows. Including their very recent, and supposedly re-written from scratch, Vista line.

Microsoft bug squashers are investigating reports of a serious security vulnerability in Windows operating systems that could allow attackers to take control of vast numbers of machines, particularly those located off US shores.

Microsoft appears to have released a patch for the vulnerability in 1999. But the patch only protected domain names ending in .com, so WPAD servers using all other addresses have remained vulnerable.

That’s all right then. Although not if you are on a .co.uk or even perhaps a .gov.uk (oh no… NOT http://www.hmrc.gov.uk/ . Surely they wouldn’t be using Windows would they?) or any of the other TLDs out there that aren’t .com.

It makes me very glad to be Redmond Free

I originally read about this story on Matt Assay’s blog.

Microsoft using FUD to try and sell Vista?

I really can’t believe this story.

In a particularly pointless and shameless security “exercise” by yet another UK Government Quango (seemingly sponsored by Microsoft) they show how easy it is to hack into a PC running Windows XP service pack 1 with no firewall, filtering or other security techniques employed… Big deal…

A Microsoft executive calls the ease with which two British e-crime specialists managed to hack into a Windows XP computer as both “enlightening and frightening.”

Oh good grief…

Nick McGrath, head of platform strategy for Microsoft U.K., was surprised by the incident.

“In the demonstration we saw, it was both enlightening and frightening to witness the seeming ease of the attack on the (Windows) computer,” said McGrath. “But the computer was new, not updated, and not patched.”

McGrath also said that Service Pack 2 for XP had a firewall and that Vista was not as “accessible to the average hacker” due to “operating system components.”

What complete bollocks. I’m sorry but this smacks of using FUD to try and get naive and scared companies to migrate from XP. Why would they want to otherwise?

Just go and get Ubuntu. It works, is very secure and its FREE.

Put your money where your mouth is…

It really does look as though the big “M” has just upset too many people for this thing to be ignored or go away any time soon. All over the Internet there are blogs, news articles, wiki pages and even legal analysis of their patent infringement claims. And guess what? Nobody seems impressed at all.

In the last day or two several “counter” campaigns have started. Here are my favourites:

On the Digital Tipping Point Wiki, there is a list of over 600 users (and growing by the minute), asking for Microsoft to come on and sue them. (Some very funny comments and clear signs of anger in the community)

Here, http://www.linuxworld.com/columnists/2007/052107henderson.htm, Tim Henderson invites readers to create their own Linux distribution and register it at Distrowatch.com. The premise being that if there are a million distributions Microsoft will have to file a million lawsuits! (I thought this was a clever idea – very much in the spirit of Open Source)

Jonathan Schwartz (President & CEO of Sun Microsystems), on his blog yesterday said:

“… Sun has what I’d argue to be the single most valuable and focused patent portfolio on the web (and yes, we’d use it to defend Red Hat and Ubuntu, both)…”

The saga continues…

Drowning in their own FUD?

What a few days it has been!

The largest software company in world makes a couple of public statements regarding their business and claim unfair competition1 from the Open Source community (which is, for clarifications’ sake, pretty much anyone and everyone; from students to individual hackers to small and very large corporations world-wide).

What their true intention was, no-one seems to be clear, even Microsoft won’t explain. But the resulting comments from the industry have been nothing short of astounding:

  • Novell distances themselves from Microsoft as much as possible,
  • Industry experts say their claims don’t hold water.
  • Sun’s CEO explains to the would-be litigants why they are heading for meltdown,
  • Linus Torvalds tells them to put up or shut-up,
  • The author of a report which Microsoft used to start this whole fiasco says they got it completely wrong and about face!

And the list goes on, and on, and on…

From my own perspective I have found a great deal of humour and common sense in the many hundreds of blogs and news articles that have been posted in the last couple of days. There is a real sense that Open Source is gaining ground exponentially and that Microsoft don’t really have an answer.

The publicity this is generating for the Open Source movement as a whole is fantastic. For Microsoft, it must be a total PR disaster.

Out of all the comments and views expressed on-line, those that have been supportive of Microsoft’s stance have been almost non-existent. They don’t look to have many friends right now…

1.Someone PLEASE explain how a company like Microsoft can argue unfair competition? How many times have they been (and still are being) hauled before the courts? How much have they paid out for their patent infringements on others?

Microsoft making the FLOSS News

What a day today has been for FLOSS news! The ‘net is buzzing with the article published in Fortune Magazine this morning which explains how Microsoft is claiming Linux and other Open Source software products violate no less than 235 of their patents and that they could claim royalties from distributors and users!

The news appears to be that Microsoft are not asking for anyone to cough-up – yet, but that this is a FUD or scaremongering tactic to get the corporate world to sign up to Microsoft’s version of FLOSS (using Novell’s SuSE linux in particular) or go back to good old Redmond code.

I’m not sure if this is going to hold much water to be honest. Reading many of the commentators today, there is a general consensus that this is a kind of “Custer’s Last Stand”…

The feeling is that Microsoft must be hurting and have no real alternative:

  • They are losing customers to Linux, and OpenOffice.org, Mozilla and others and are having a hard time trying to get them back by being nice.
  • They shout and throw their toys out of the pram, cry fowl-play, and by doing so upset lots of their current customers and lose even more to FLOSS.

Either way it is hard place to be right now. There are three main problems with Microsoft’s stance:

Firstly, although the patent infringement claims themselves may be real, it sounds like it will be very hard (if not impossible) to defend most of them (recent court rulings in the US have thrown doubt on the validity of many software patents).

Secondly, Microsoft could end up in a “patent war”… Of the few that may actually stand up to legal scrutiny, what’s to say that IBM, Oracle, SUN, Red Hat et al don’t have software patents themselves which Microsoft may well be infringing? The Open Invention Network (OIN), holds thousands of software patents on behalf of the open source community and believes that it is “highly likely” that Microsoft infringes on some of theirs.

And finally, the Open Source community has repeatedly asked Microsoft to detail which patents are being violated and how, and have said that any claims with substance will be dealt with. And the speed of development in the FLOSS world means many of the “fixes” would surely happen before the ink dried on any legal paperwork.

Although most watchers seem to be in little doubt that, at the end of day, Microsoft won’t end up getting much out of this – It will spread some FUD (Fear, Uncertainty & Doubt) for a while, especially in the larger Enterprises where they could potentially have a lot to lose. Do some digging around on the ‘net and get your counter arguments straight. There are lots of links you can follow (if you’re quick) from our FLOSS News page at the open learning centre.

CNN have reprinted the original article which can be read here: http://money.cnn.com/magazines/fortune/fortune_archive/2007/05/28/100033867/index.htm