WinInfo Daily UPDATE—brought to you by the Windows & .NET Magazine Network.
THIS ISSUE SPONSORED BY
Microsoft Mobility Tour
SPONSOR: MICROSOFT MOBILITY TOUR
THE MICROSOFT MOBILITY TOUR IS COMING SOON TO A CITY NEAR YOU!
Brought to you by Windows & .NET Magazine, this outstanding seven-city event will help support your growing mobile workforce! Industry guru Paul Thurrott discusses the coolest mobility hardware solutions around, demonstrates how to increase the productivity of your "road warriors" with the unique features of Windows XP and Office XP, and much more. There is no charge for these live events, but space is limited so register today!
November 26, 2002—In this issue:
1. NEWS AND VIEWS
- Most Unsecure OS? Yep, It's Linux.
- Microsoft, DOJ Nominate Technical Committee Members
- Happy 10th Anniversary SQL Server!
- Give Us Your Feedback and Be Entered to Win an Xbox
3. CONTACT US
- See this section for a list of ways to contact us.
1. NEWS AND VIEWS
(contributed by Paul Thurrott, [email protected])
According to a new Aberdeen Group report, open-source solution Linux has surpassed Windows as the most vulnerable OS, contrary to the high-profile press Microsoft's security woes receive. Furthermore, the Aberdeen Group reports that more than 50 percent of all security advisories that CERT issued in the first 10 months of 2002 were for Linux and other open-source software solutions. The report muddles the argument that proprietary software such as Windows is inherently less secure than open solutions. And here's another blow to the status quo: Proprietary UNIX solutions were responsible for just as many security advisories as Linux in the same time period. Could Windows be the most secure mainstream OS available today?
"Open-source software, commonly used in many versions of Linux, UNIX, and network routing equipment, is now the major source of elevated security vulnerabilities for IT buyers," the report reads. "Security advisories for open-source and Linux software accounted for 16 out of the 29 security advisories — about one of every two advisories — published for the first 10 months of 2002. During this same time, vulnerabilities affecting Microsoft products numbered seven, or about one in four of all advisories."
The stunning report makes several claims that seem to fly in the face of widely accepted beliefs. First, the Aberdeen Group says that Windows-based Trojan horse attacks peaked in 2001, when CERT released six such advisories, then bottomed out this year, when CERT didn't issue any alerts. However, Trojan horse-based attacks on Linux, UNIX, and open-source projects jumped from one in 2001 to two in 2002. The Aberdeen Group says this information proves that Linux and UNIX are just as prone to Trojan horse attacks as any other OS, despite press reports to the contrary, and that Mac OS X, which is based on UNIX, is also vulnerable to such attacks. Even more troubling, perhaps, is the use of open-source software in routers, Web servers, firewalls, and other Internet-connected solutions. The Aberdeen Group says that this situation sets up these devices and software products to be "infectious carriers" that intruders can easily usurp.
According to the Aberdeen Group, the open-source community's claim that it can fix security vulnerabilities more quickly than proprietary developers can means little. The group says that the open-source software and hardware solutions need more rigorous security testing before they're released to customers. This statement is particularly problematic because many Linux distributions lack the sophisticated automatic-update technologies modern Windows versions contain.
We can rail against Microsoft and its security policies, but far more people and systems use Microsoft's software than the competition's software. I believe that we'll never know how secure Linux is, compared with Windows, until a comparable number of people and systems use Linux. But despite the fact that Linux isn't as prevalent as Windows, we're still seeing a dramatic increase in Linux security advisories today. I think the conclusion is obvious.
Microsoft and the US Department of Justice (DOJ) and nine settling states--Illinois, Kentucky, Louisiana, Maryland, Michigan, New York, North Carolina, Ohio, and Wisconsin--have made two nominations to the three-person technical committee that will oversee Microsoft's compliance with the final ruling in the company's antitrust case. Microsoft appointed Franklin Fite, a former Microsoft employee who oversaw development of Windows CE. The DOJ and settling states appointed another former Microsoft employee, Harry Saal, who also cofounded Nestar Systems and Network Associates. According to the ruling, if Judge Colleen Kollar-Kotelly approves Fite and Saal, they'll nominate the third member.
Former Microsoft employees can sit on the committee as long as they haven't worked for the company for at least a year; both Fite and Saal left Microsoft in 2000. Also, committee members must have no conflict of interest that would prevent them from performing their duties. Their powers are broad; each member will have access to all of Microsoft's source code and the right to interview any Microsoft employee at any time. Committee members are appointed for 30-month terms, according to the ruling.
Also, Microsoft is forming an internal compliance committee of its own, which will also oversee the company's activities. Microsoft's internal antitrust compliance committee comprises only nonemployee board members, the company says.
(brought to you by Windows & .NET Magazine and its partners)
Microsoft and SQL Server Magazine want to thank you for your support over the past 10 years. To show our appreciation, we're running a 20-week contest that will test your SQL Server knowledge. Answer our quiz, and you'll be entered in a biweekly drawing for cool prizes such as Microsoft Press books and MCDBA exam vouchers, plus a grand prize: a Microsoft Xbox! Enter today at
Tell us how well your enterprise is prepared for when disaster strikes. Complete our brief survey about backup and recovery, and you could win an Xbox. Click here!
3. CONTACT US
Here's how to reach us with your comments and questions:
- ABOUT NEWS AND VIEWS — [email protected]
- ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR WININFO DAILY UPDATE SUBSCRIPTION?
Email Customer Support — [email protected]
- WANT TO SPONSOR WININFO DAILY UPDATE?
This daily email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
Receive the latest information about the Windows and .NET
topics of your choice. Subscribe to our other FREE email newsletters.