[ISN] Linux report stirs hornets nest

InfoSec News isn at c4i.org
Fri Apr 15 06:01:06 EDT 2005

Forwarded from: Jeff Berner <JBerner at infinitycomp.com>
Cc: jericho at attrition.org

Wow, you certainly have a lot to say but it does seem from the
perspective of someone that doesn't care one way or the other about MS
Vs. Linux that you do indeed feel like a rock was thrown through the
stained glass window of the Linux temple.

I have completed reading your synopsis and would like to point out
that while the Yankee Group does indeed show up in a search of
Microsoft most of the articles you linked to were nothing more than
quotes from them. As an 'analyst' their job is to take money and
research something and give feedback. Do you ever read an article from
a paid analyst that ever contradicts the purpose of the sponsor?  
With exception to the tobacco industry (lately), not very often.  
Reports that come back not favoring the view of the sponsor usually
reach the circular file pretty quickly.

Was their methodology flawed, perhaps, but until the report was
released and their methods of collecting data fully divulged the
speculation from Groklaw is just that, speculation.

Nothing in your rebuttal supports that MS and Yankee Group are 'good
friends'.  You sound as biased as your purport the article to be.  I
suppose that if this report was released from Gartner you would have
reacted the same way.  Again a few quotes doesn't make them vested
business partners.

Anything that in anyway hints of a flaw, perceived or real, in the
Linux world seems to always result in a BS email response from a
feverishly angry computer person that wants to continue to preach that
Linux is god.  MS releases lots of propaganda too but at least it they
refrain from directly bashing

You brought up some good points about how the actual report is missing
but the link you sent was for software assurance, nothing to do with
MS vs. Linux.  Your reporting in this case is as bad as theirs.  If
you want to rebuke an analyst, become one and do you own independent
research and get it published.  I have listened to you for years via
various mail lists and usually enjoy what you have to say and find it
informative but your response to that article was hideous.

Grow up and get over the Linux is superior to MS or MS is superior to
Linux argument.  We all live in a world where the media is bent or
broken and al information we receive is suspect.  Somehow I have a
feeling if this were hotrod magazine you would be complaining about
someone else telling you your engine is too small.  Your response is
as full of FUD as Yankee's.

-----Original Message-----
From: isn-bounces at attrition.org [mailto:isn-bounces at attrition.org] On
Behalf Of InfoSec News
Sent: Wednesday, April 13, 2005 6:16 AM
To: isn at attrition.org
Subject: Re: [ISN] Linux report stirs hornets nest 

Forwarded from: security curmudgeon <jericho at attrition.org>
Cc: guymatthews at transom-media.co.uk, mike.magee at theinquirer.net,
consultingservices at yankeegroup.com

: http://www.theinquirer.net/?article=22460
: By Guy Matthews
: Yankee Group software analyst Laura DiDio put out a report last week 
: daring to suggest, based on extensive research, that Microsoft Windows

: Server 2003 may be as good as, if not in some respects better than, 
: Linux in terms of quality, performance and reliability.

Based on extensive research? Or based on extensive questionnaires? Big
difference. Read on for a bit more truth than this crappy opinion
piece gives us...

: A virtual techie "fatwa" seems to have been the result. Her views have

: been repeatedly savaged by Linux apologists, accusing her of bias in 
: favour of Microsoft. DiDio has hit back denying any such leanings, but

: the self-appointed Ayatollahs of open source have paid no heed.

Amusing that you call these linux apologists fun names like
"self-appointed Ayatollahs of open source" while she calls them "nut
jobs" and "extremist fringe of linux loonies".

Is there a chance.. just a remote, outside *chance*, that there could
be some bias in this survey? That these linux "nuts" have a reason to
be angry? Does the fact that Microsoft has funded such studies over
the last half decade give them reason to question her motives? Of
course there is.

: DiDio says the Yankee Group end user study her analysis was based on
: strictly independent, and not something she has any personal influence

: over.

Unfortunately, if you go to the Yankee Group site [1] you see her
picture on the left (but not on the list of analysts), you find a PDF
mentioning the upcoming study on TCO [2], but no clear links to to the
survey results that I can see. Are they hiding it? No.. read on.

: This is not the first evidence suggesting a strong streak of 
: unreasonable insanity in the Linux community. Last year security
: analyst firm Mi2g claimed Linux was getting hacked more frequently than
: Windows, the resulting brouhaha leading it to declare on its web site that 
: "any empirical evidence pointing to a high level of online Linux 
: breaches is immediately shot down by religious zealots as if a church 
: had been desecrated".

mi2g has a history of releasing material that has little factual
basis, no clear methodology, and a tendancy to cater to news that gets
them attention, regardless of what it is. Very bad example to cite
backing your claims here. Please don't forget that only 6 years ago,
they ran 'portal' web sites dedicated to used cars as their only
business, then overnight became "security experts". You did know
that.. right Mr. Matthews?


Anyway, back to Didio's survey. A quick search finds all kinds of
wonderful commentary on it, but not the actual survey (wonder why..).  
Turns out they are issuing press releases for this survey but not
releasing the results until June 2005 [8]. So it's basically "believe
what we say, even though we won't disclose our testing methodology",
then let time pass, then quietly release the actual survey after the
hype has died down and people begin questioning it? Oh wait, search
Microsoft and you find it.. now why would they have a copy so far in
advance and make it available on their site [9]?

Moving on, check a GrokLaw article [3] that comments on it. Now we see
that this survey [4] is a bunch of questions that was sent to W2Knews
readers [5] including "C-level" executives, who are likely not the
most unbiased people to ask about Windows vs Linux. Next, the article
mentions that DiDio did her "independant" research with Sunbelt
Software [6] who is also known for their spamming [7]. Reading their
'about' page finds they are Windows consultants:

  The company was founded in 1994 and offers product solutions that
  enable companies to protect and secure their infrastructure from
  costly inefficiencies including spam, Windows system downtime and 
  network security vulnerabilities.

Again, this is not the most unbiased group to 'research' Windows vs
Linux TCO issues.

Next, search Microsoft's site and you will find that not only has the
Yankee Group been good pals with Microsoft [10], DiDio herself has
done other studies that favored Microsoft (in their eyes) [11]. In
fact, Microsoft has previously funded Yankee Group to carry out
surveys [12] which undermines any claims from DiDio that she or Yankee
Group are unbiased and "independant".

[1] http://www.yankeegroup.com/
[2] http://www.yankeegroup.com/public/research/surveys.jsp
[3] http://www.groklaw.net/article.php?story=20040324085956154
[4] http://www.sunbelt-software.com/surveys/040213_Linux.htm
[5] http://www.w2knews.com/index.cfm?id=463
[6] http://www.sunbelt-software.com/index.cfm
[7] http://www.spamhaus.org/sbl/sbl.lasso?query=SBL3704
[8] http://www.yankeegroup.com/public/products/survey/brochures/2005NorthAme

[9] http://download.microsoft.com/download/e/e/e/eee3b9eb-0dbe-4729-95e2-829

[10] http://www.microsoft.com/presspass/press/2000/Jun00/OSSpr.asp
[11] http://www.microsoft.com/windowsserversystem/facts/indemnification/indemwp.mspx
[12] http://www.microsoft.com/presspass/features/2004/oct04/10-05SBServer.asp

More information about the ISN mailing list