Feeds

MS-funded think tank propagates open-source lies

Catastrophe in the making

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Updated A Washington think tank called the Alexis de Tocqueville Institution has released its anticipated study of the dangers of open-source software. Much to our disappointment, the organization's press release, which last week promised that the study would explain in gory detail how open-source software will foster international terrorism, turns out to have been a tissue of headline-pimping lies.

Indeed, the paper never mentions terrorism at all. Instead, it overflows with the usual half-truth drivel about the economic dangers of the GPL which one can find re-hashed regularly on the Microsoft 'Press Pass' PR site and the editorial pages of ZD-Net News. More than half the paper is an enumeration of the Crimes against Commerce of Richard Stallman.

As for system security, the paper allows that having the source code to a well-secured OS or application is little help to an attacker, just as knowing the layout of Fort Knox isn't going to help you sneak in and empty the joint. But it tries to persuade us that not having the source code means we're all safe from hackers.

"If you open the blueprints for every aspect of it to the world your adversary can reconstruct a test lab in which he can create tools he may need," the paper quotes one consultant as saying. But what's not said is that one can just as easily construct a 'test lab' for a closed-source product and torture it in a thousand ways to find exploitable points of failure. Indeed, this is how the myriad holes in Microsoft's closed-source products have been found.

Additionally, the paper never mentions the vast difference in patch turnaround time between the open source and proprietary software vendors. It never mentions that proprietary vendors can conceal security flaws and leave their customers vulnerable until some bright empiricist finds one of them and blows the whistle. It never mentions that the most significant holes, worms and viruses affect only Microsoft products. If these hypocrites want to focus on economic impact, then let's hear some numbers on the costs associated with security stuff-ups. Linux has a small market share in most areas, but since most of the Web is running Apache, a comparison with IIS over Windows of time spent struggling to sort out security issues, costs from lost data, and so on should tell us a great deal about which is cheaper, and safer, to run.

For some more FUD, the author suggests that if the DoD were to use any GPL'd code in a classified software project, they'd have to publish the source code for all to see. I'm afraid that's wrong. They would only have to make the source available if they were to make the software available. But if it's classified they won't, so the issue is moot. Contrary to the author's nonsense, the GPL doesn't compel anyone to make their creations public. It only forces them to provide sources if they should choose to make them public.

Then of course there's this Internet distribution thing, which puts us all at terrible risk:

"Another security concern is that the primary distribution channel for GPL open source is the Internet. As opposed to proprietary vendors, open source is freely downloaded. However, software in the public domain could contain a critical problem, a backdoor or worse, a dangerous virus."

We're supposed to imagine a government bureau or a Fortune 500 company downloading kernel patches from some Tuxerz-R-Us board and installing them on critical systems. The author makes a similar appeal to improbability when he warns us that open-source systems don't have adequate tech support.

"Open source products are often distributed without manuals, instructions or technical information. While a commercial developer is obligated to produce manuals, diagrams and information detailing the functionality of their products, open source programmers are not. In addition, open source developers cannot be expected to create software manuals with the vigor of private firms that are obligated to produce them."

First off, closed-source products are just as often distributed in precisely this manner. Second, your major government bureaux and corporations are going to go through a major distributor or they're going to hire a qualified staff to build what they need. Either way, technical support will be there. There's no need to lie about this, unless you're getting paid to lie about it.

In our original story we mentioned that the Alexis de Tocqueville Institution takes money from Microsoft, but we couldn't say whether or not the company actually sponsored this report. We still don't know; but if style and FUD are any guide, and we were to venture a guess, we'd say this one's got "Redmond" written all over it. ®

Update

Since we ran this story the .pdf file linked below on the ADTI Web site has been changed. It now leads to a small .pdf file which simply says the paper will be restored by the close of business on 10 June (5:00 pm EST). Perhaps it's being revised. If that's the case, we'll let you know of any significant changes tomorrow.

Related Story

Open source invites terrorism - study

Related Link

Download the paper here

Secure remote control for conventional and virtual desktops

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
Intel's Raspberry Pi rival Galileo can now run Windows
Behold the Internet of Things. Wintel Things
Linux Foundation says many Linux admins and engineers are certifiable
Floats exam program to help IT employers lock up talent
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.