[Am-info] The "Get the facts" campaign

[Gene Gaines]

Is it true that Microsoft senior employees increasingly are
beginning to report cases of diseases, such as jungle rot
and trench-mouth that World War I and II soldiers contracted
when working for long periods in diseased, slimy trenches?

See below.

Gene Gaines

=================Original message text===============

On Wed, 14 Jul 2004 13:10:14 -0400
"Brian P. Skahan" <bskahan@etria.com> wrote:

> http://www.microsoft.com/mscorp/facts/default.asp
> 
> So, I need to pick this apart for a potential client, I know some
> things(like the Samba performance tests) have been debunked.  Anyone
> on this list able to find counter examples for any others?
> 
> -Brian

(With some apologies, this started out as a few links and kind of took
over - even tried posting with wrong From: so am reposting..)

ESR has some interesting bits about the roadshow Microsoft is
using to promote its latest marketing attempt in his Halloween
collection: http://www.opensource.org/halloween/halloween11.php

A report by someone that attended Microsoft's show (nothing like getting
it first hand) and his impressions.  My favorite quote:

"My absolute favourite part of the talk was when Barley started to extol
the virtues of Windows because everything in it was made by one
manufacturer. A fair point which would have been well taken had he not
gone on to draw an idiotic analogy. He asked us to imagine an aeroplane
where different components were made by different companies. Apparently
he's never heard of Airbus." [Or Boeing, for those of us on the other
side of the puddle..]

http://www.hlynes.com/getthefacts.shtml


Some general credibility issues to bring up.  It's generally known that
when Microsoft pays for a study - this goes for *any* company, not just
MS - they get what they want. I'd imagine they pay for more studies
than are ever published, but the'undesirable' ones are quietly buried. 
To quote Ballmer from a recent memo:

"We are effectively using independent studies by Forrester Research, the
Yankee Group, IDC, Giga, BearingPoint and many others to change
perceptions of the advantages of Windows over Linux when it comes to
total cost of ownership, functionality and productivity
advantages, support and security. We need to do work like this in every
business to get customers to recognize our work and appreciate it
fully."

http://www.eweek.com/article2/0,1759,1621493,00.asp?kc=EWRSS03119TX1K0000594

Interesting choice of words - says both that the studies are simply
tools to be used, as well as a tacit acknowledgement that general
impressions are already that Linux is cheaper and more secure. 
Otherwise he wouldn't have to point out "to change perceptions".

Personally - and this is just opinion - I'd trust VeriTest about as
far as I'd care to spit a rat. My only personal dealings with them were
several years ago, having spent a day or so at their offices while
trying to acquire one of the'coveted' logos for a former employer.  The
testers were generally willing to overlook glaring omissions in the
'checklist' that was required for the logo - I wasn't exactly impressed
with their strictness nor integrity.

>From Microsoft's "Get the Facts" site:

===================================================
Windows Users Have Fewer Vulnerabilities

"Is Linux More Secure Than Windows?"
...
After collecting a year's worth of vulnerability data, Forrester
analyzed Windows and four key Linux distributors on key metrics of
responsiveness to vulnerabilities, severity of vulnerabilities, and
thoroughness in fixing them.
====================================================

There were a number of responses from Linux vendors to this report,
roundly denouncing it for its slanted perceptions.  A number of factors
were lumped together to seriously damage the value of the data:
 - All vulnerabilities were lumped together for measuring timeliness, so
very low-priority vulnerabilities that were put on the back burner to
allow higher priority items to be address quickly pulled down the
"averages".
 - Linux distros package vast amounts of application software, and often
release updates and patches to things that are far beyond the scope of
Microsoft Windows - including any number of the 'vulnerabilities' in the
Linux category that are due to specific applications severely skews the
data.

To highlight how the differences in classification were - among
other factors - pivotal in making the results that Microsoft likes:

"Using Microsoft's own definition of a critical flaw as a bug which
could allow a worm to propagate without user interaction, only 13 Red
Hat vulnerabilities were critical during the one-year time period, and
they took an average of just over a day to fix, Cox said. "If you add
denial of service attacks and privilege escalations, there were 47
issues in total, which took seven days on average to fix," he added."
 (http://www.linuxworld.com.au/index.php/id;554502920;fp;2;fpid;1)

So it is, in the end, all in how you massage the numbers to get what you
want.

http://informationweek.serverpipeline.com/trends/trends_archive/18901395
http://techworld.com/opsys/news/index.cfm?NewsID=1362
http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,92350,00.html

More recent lessons:
For some serious reality checks that aren't going to appear on
Microsoft's page, consider the recent firestorm around IE.  After
malware authors started quietly exploiting a hole to install their
software without authorization on people's PCs after they viewed a
simple HTML page, a storm started that so far has CERT recommending that
people use other browsers.  Microsoft's "quick response" to this has
been to partially disable one of the vectors used by the exploit, or to
tell users to disable scripting features that will essentially
lobotomize large numbers of popular sites.  Despite the response times
they proclaim, it remains to be seen how they're going to address this
issue in the IE deployments outside of XP.

http://www.eetimes.com/sys/news/showArticle.jhtml?articleID=22103358
http://news.bbc.co.uk/1/hi/technology/3840101.stm
http://news.designtechnica.com/article4642.html
http://www.washingtonpost.com/wp-dyn/articles/A6746-2004Jun25.html

In stark contrast to this, the Windows version of Mozilla exposed a
Windows OS "quirk" - one that may be shared with IE - in its handling of
URLs that begin with"shell://". The vulnerability was noted in a bug
report, and before it was widely announced a fix had already been
created, allowing for near-simultaneous release of both an announcement
of the problem as well as the fix.

http://software.newsforge.com/article.pl?sid=04/07/08/2327246&mode=nested&tid=78&tid=82
http://www.eweek.com/article2/0,1759,1621463,00.asp

To take the offensive from the offensive:
 - I'd like to see Microsoft compare their "pay us for updates you may
or may not get" (a.k.a. Software Assurance) programs against the pricing
of any Linux vendor.
http://www.eweek.com/article2/0,1759,1617081,00.asp
http://www.eweek.com/article2/0,1759,1615539,00.asp

 - When was the last time you put a CD into your
computer to listen to it and it automatically installed disabling
software?
http://www.cs.princeton.edu/~jhalderm/cd3/

 - Microsoft is on a campaign to convince users that what they
have isn't really "good enough" - that they should shell out more money
for yet-another-version of (for example) a word processor which despite
several releases and a *lot* of money for licensing each, doesn't do
anything new that a user would actually need.  What has been added to
the state of the art of word processing software in the last half
decade?
_______________________________________________
ma-linux mailing list
ma-linux@tux.org
http://www.tux.org/mailman/listinfo/ma-linux

==============End of original message text===========


-- 
Gene 
gene.gaines@gainesgroup.com