How Stupidity Propagates (A Case Study)
On a VRML mailing list, someone who will remain blameless posted a link to this article in the Globe and Mail
After reading it, throwing up, and rinsing my mouth out, I wrote this reply to the author:
A reference to your article was posted to a mailing list I am on. I would like to share my thoughts about your article. The study you are quoting results from seems unnaturally biased in favor of Microsoft, rather than a fair accounting of research and results.
Who got paid, and how much?
My problems with the article come from simple questions:
Does a virus count as a "digital attack"?
If not, then the whole result is junk because I believe it should. If so, Microsoft's statistics in that category ALONE would dwarf all other results as to put them down into the statistical noise. A single Windows virus can infect millions of machines in a day. To me, that represents millions of successful digital attacks, especially as the zombie Winboxes begin spewing their infection to others.
I can personally verify THOUSANDS of them from the packet rejections logged by my home firewalls in a single month.
Also, these results are reported to DShield.org and an be correlated with others to generate patterns of attack, all verifiable. How did mi2g (and yourself) miss something so obvious?
There seem to be so many exclusionary keywords such as "successful", "verifiable", and "overt" in your article that the results reek of massaging to produce results with an agenda. The numbers reported in paragraph two just scream of "don't count this, or this, or this," until someone said "Ok, the Linux numbers are about 3:1 the Windows numbers, that looks right. PRINT THAT BAD BOY"
The real clue is in the numbers of attacks mi2g is reporting. That number is far less than a single virus or trojan run, that its obvious they have a narrow definition of successful attack.
Myself, I consider every malicious webpage able to exploit an IE hole, virus email able to hijack and exchange server, or other exploit code that hijacks a machine out from under the legitimate users "a successful attack".
By going with a definition of "successful attack" that isn't so crafted, calculated, or blatantly exclusionary, *everyone* who has any security exposure at all agrees that Microsoft products are the most exploitable and that using them is the least desirable, from a security standpoint.
Of course, as I type some M$ bigot bending his managers ear pointing to this article and the "study" (more accurately characterized as a SWAG) behind it and using it as justification to purchase MORE problematic M$ code. Sad.
After reading it, throwing up, and rinsing my mouth out, I wrote this reply to the author:
A reference to your article was posted to a mailing list I am on. I would like to share my thoughts about your article. The study you are quoting results from seems unnaturally biased in favor of Microsoft, rather than a fair accounting of research and results.
Who got paid, and how much?
My problems with the article come from simple questions:
Does a virus count as a "digital attack"?
If not, then the whole result is junk because I believe it should. If so, Microsoft's statistics in that category ALONE would dwarf all other results as to put them down into the statistical noise. A single Windows virus can infect millions of machines in a day. To me, that represents millions of successful digital attacks, especially as the zombie Winboxes begin spewing their infection to others.
I can personally verify THOUSANDS of them from the packet rejections logged by my home firewalls in a single month.
Also, these results are reported to DShield.org and an be correlated with others to generate patterns of attack, all verifiable. How did mi2g (and yourself) miss something so obvious?
There seem to be so many exclusionary keywords such as "successful", "verifiable", and "overt" in your article that the results reek of massaging to produce results with an agenda. The numbers reported in paragraph two just scream of "don't count this, or this, or this," until someone said "Ok, the Linux numbers are about 3:1 the Windows numbers, that looks right. PRINT THAT BAD BOY"
The real clue is in the numbers of attacks mi2g is reporting. That number is far less than a single virus or trojan run, that its obvious they have a narrow definition of successful attack.
Myself, I consider every malicious webpage able to exploit an IE hole, virus email able to hijack and exchange server, or other exploit code that hijacks a machine out from under the legitimate users "a successful attack".
By going with a definition of "successful attack" that isn't so crafted, calculated, or blatantly exclusionary, *everyone* who has any security exposure at all agrees that Microsoft products are the most exploitable and that using them is the least desirable, from a security standpoint.
Of course, as I type some M$ bigot bending his managers ear pointing to this article and the "study" (more accurately characterized as a SWAG) behind it and using it as justification to purchase MORE problematic M$ code. Sad.
