Yankee Group: Caught between the devil and the deep
London, UK - 7 April 2005, 14:30 GMT - In what appears
to be a growing trend of radicalism within the Open Source community,
the Yankee Group analyst - Laura DiDio - has been criticised and pressurised
out-of-office hours and at home for her analysis reports on Open Source and
proprietary software. Her most recent report was released on Monday which
compared Microsoft Windows Server 2003 favourably to Linux in terms of quality,
performance and reliability. She has also been accused of partiality and bias,
which she denies. This accords with mi2g's experience with certain
fringe elements of the Linux Community recorded in the news alert from 2nd
March 2004, which is reproduced below.
mi2g released its deep study in regard to mainstream operating systems
on 2nd November last year. The most comprehensive study ever undertaken by
the mi2g Intelligence Unit over 12 months had revealed that the world's
safest and most secure 24/7 online computing environment - operating system
plus applications - was proving to be the Open Source platform of BSD (Berkley
Software Distribution) and the Mac OS X based on Darwin. The last twelve months
at that stage had witnessed the deadliest annual period in terms of malware
- virus, worm and trojan - proliferation targeting Microsoft Windows based
machines in which over 200 countries and tens of millions of computers worldwide
have been infected month-in month-out.
"The danger of these heavy handed unsophisticated protestations is that
perfectly good alternatives to proprietary software from the Open Source environment
may pick up a bad reputation as well," said DK Matai,
Executive Chairman, mi2g.
Re-release: Disturbing the sanctity of
the Linux Church
London, UK, 16:30 GMT 2 March 2004 - Any empirical evidence
pointing to a high level of online Linux breaches is immediately shot down
by religious zealots as if a church had been desecrated. mi2g believes
in the Open Source revolution and the safety and security that comes from
peer review. However, mi2g maintains that no OS is perfect including
Linux. The mi2g Intelligence Unit is made to feel like Martin Luther
at the Imperial Diet of Worms in 1521 where he expressed his concerns about
Catholicism but not about the Gospel of Christianity.
Martin Luther dealt the symbolic blow that began the Reformation when he nailed
his Ninety-Five Theses to the door of the Wittenberg Church. That document
contained an attack on papal abuses and the sale of indulgences by church
officials. Linux is being adopted today as a secure operating system even
by those who do not understand the basics of how to maintain it. This indulgence
is encouraged by the myth that Linux is 100% secure. There is no divine right
that Linux possesses of being 100% secure. Poor administration and bad configuration
can lead to breaches of any Operating System (OS).
There is a widespread reluctance to accept criticism in the Linux community
even when it is genuinely in regard to the scarcity of skills available to
administer Open Source OS servers or desktops. The critical flaws which were
identified in the Linux kernel in late February demonstrate that Linux, like
any other OS, is not perfect and is on a long journey to build trust, as is
Windows. However, because it is permissible to say that Windows has vulnerabilities
and administrators are aware that critical patches are issued from time to
time, Windows systems are maintained and kept up-to-date much more than Linux
systems. This is the main reason why server breaches of Windows systems have
been broadly falling over the last year.
There are shades of grey in regard to the level of vulnerability seen in Linux
as in Windows, BSD and other operating systems. The sooner the Linux community
accepts this, the faster it will be able to suggest and implement best practices
for Linux denominated solutions and allow major project sponsors to budget
appropriately for the hidden costs of training and migration.
The mi2g Intelligence Unit has noted a high level of interest from
the Linux community, some of it hostile, ever since it published the results
of two studies - "The World's safest Operating System" and "February
breaks digital risk records worldwide" - on 19th February and 1st March
2004 respectively. Both studies came out in favour of the safety and security
of BSD and Mac OS X whilst also showing Windows to be less breached at the
server level than Linux.
The management of mi2g has been threatened with damage to reputation
and online property unless more is preached in favour of Linux. mi2g
would like to record that it carries no bias in favour of BSD or Apple Mac
OS X, nor does it maintain any bias against Windows or Linux. Various allegations
have been made in a variety of forums that mi2g is somehow biased in
favour of proprietary software vendors. This is not true.
For the record, it should be noted that mi2g has been committed to
an Open Source architecture - Linux, Apache, MySQL, PHP (LAMP) - for over
six years whether it is in regard to the official web site, the Security Intelligence
Products and Systems (SIPS) engine or mi2g's Bespoke Security Architecture
(BSA). BSA has also integrated components from Windows and BSD alongside Linux.
mi2g has implemented bio-diversity within some of the large-scale roll-outs
to cut costs and to save time in retraining users.
The mi2g Intelligence Unit research shows that with the correct administration
procedures, set up and appropriately configured defences it is possible to
protect a Linux, Windows or BSD server from hacker attack. In most cases,
the Operating System (OS) does not let the server system down but inappropriate
configuration management, incapacity to prepare for the impact of third party
application vulnerabilities and the maintenance of default configurations
and unnecessary processes is partially responsible for the high level of attacks
against a particular OS at server level.
DK Matai, Executive Chairman, went on record to state mi2g's commitment
to LAMP architecture in October 2001 at IBM as well as Lloyd's of London through
two talks delivered to Chief Executives within banking, insurance and reinsurance:
1. Developing the Linux business case for financial services; and
2. The coming Linux tsunami, an Open Source revolution
Judging by the way in which malware variants are spreading in early 2004,
it is likely that proprietary software solutions may succumb to the equivalent
of the 1665 Great Plague and then the Great Fire of London in the following
year brought about in cyber space by trans-national criminal syndicates perpetrating
spam, phishing scams and zombie orchestrated DDoS attacks. Within five days
in 1666, the City of London was destroyed by fire. In destroying the closely
packed houses - mostly wooden - and other buildings it is also thought likely
that the fire finally put an end to the Great Plague that had devastated the
city in the previous year, which proliferated as a result of poor hygiene
and a low sense of civic responsibility. Today the global epidemics of malware
- like The Great Plague - only target computer architecture of one kind and
feed off social engineering ruses and poor respect for computer hygiene.
What emerged from The Great Fire of London were new best practices both in
terms of building architecture as well as public policy, health and safety.
The same may happen within the computing industry. Linux and the Open Source
community must not lose the chance to be at the start of the new revolution
post a cataclysmic cyber event by refusing to be self-critical at this stage.
mi2g is at the leading edge of building secure on-line banking, broking
and trading architectures. The principal applications of our technology are:
2. Digital Risk Management; and
3. Bespoke Security Architecture.
mi2g pioneers enterprise-wide security practices and technology to
save time and cut cost. We enhance comparative advantage within financial
services and government agencies. Our real time intelligence is deployed worldwide
for contingency capability, executive decision making and strategic threat
mi2g Research Methodology: The Frequently Asked Questions (FAQ) List
is available from here in pdf. Please
note terms and conditions of use listed on
Full details of the March 2005 report are available as of 1st April 2005
and can be ordered from here.
(To view contents sample please click here).