[LINK] OSS means slower patches
lannet at lannet.com.au
Wed Sep 21 07:35:59 EST 2005
rchirgwin at ozemail.com.au wrote:
> Howard Lowndes wrote:
>> An interesting report, with an Australian twist. Strange that there
>> is no reference to it on either symantec.com.au or symantec.com
> The report isn't on Symantec.com, just the press release. Symantec
> conducted the report itself.
> ...comprehensively spun and added to for the local press.
Absolutely right. Nowhere in the report is the spin that was published
locally. Firefox doesn't even get a mention in the report, but does get
mentioned in the local spin.
This little snippet caught my eye:
"Symantec's antivirus solutions - More than 120 million client, server,
and gateway systems that have deployed Symantec's antivirus products
provide reports on malicious code as well as spyware and adware."
Does this mean that your Norton Antivirus phones home? Looks very much
like it to me given the numbers.
>> If we knew where to find it we might be able to see how they derive
>> their statements, and perhaps who funded it; my personal experience
>> with Firefox does not support their claim, in fact, quite the contrary.
>> "Symantec had not published previously statistics on the average time
>> required to produce patches, but Mr Sykes said data showed the lag had
>> previously been about 30 days."
>> ...so how do they now that the lag has incresed if they haven't
>> published figures.
>> "An average of 10 new vulnerabilities per day were discovered during
>> the first half of 2005, Mr Sykes said. In practice, large companies
>> with around 10,000 employees were now looking at 50 days between
>> vulnerability and the installation of patches across systems, he said."
>> ...an unsubtle implication by association that these all relate to FOSS.
>> "Mr Sykes said the increasing popularity of open source software, such
>> as the Mozilla Foundation's Firefox browser, could be part of the
>> reason for the increase in the gap between vulnerability and patch,
>> with the open source development model itself part of the problem. "It
>> is relying on the goodwill and best efforts of many people, and that
>> doesn't have the same commercial imperative," he said. "I'm sure that
>> is part of what is causing the blow-out in the patch window.""
>> ...that sounds very much like M$ inspired FUD.
>> "The Mozilla family of browsers had the highest number of
>> vulnerabilities during the first six months of 2005, with 25," the
>> Symantec report says. "Eighteen of these, or 72 per cent, were rated
>> as high severity. Microsoft Internet Explorer had 13 vendor confirmed
>> vulnerabilities, of which eight, or 62 per cent, were considered high
>> ...how about they get the facts from the Firefox site
>> "People don't attack browsers and systems per se, they attack the
>> people that use them," he said. "As soon as large banks started using
>> Linux, Linux vulnerabilities started to get exploited."
>> ...it's strange that this has not appeared on the radar on any of the
>> Linux specialist sites.
> Link mailing list
> Link at mailman.anu.edu.au
LANNet Computing Associates - Your Linux people <http://lannet.com.au>
When you just want a system that works, you choose Linux;
When you want a system that just works, you choose Microsoft.
Flatter government, not fatter government;
Get rid of the Australian states.
More information about the Link