Originally Published: Wednesday, 26 April 2000 Author: Matt Michie
Published to: featured_articles/Featured Articles Page: 1/1 - [Printable]

Designed for Uncertainty

It wasn't long ago that Linux was the industry underdog. Linux pundits were rallying daily against the fear, uncertainty and doubt (FUD) put out by the computer press and Microsoft. Now with the taste of success still sweet on their lips, the Linux press is turning the tables on Microsoft.

   Page 1 of 1  

It wasn't long ago that Linux was the industry underdog. Linux pundits were rallying daily against the fear, uncertainty and doubt (FUD) put out by the computer press and Microsoft. Now with the taste of success still sweet on their lips, the Linux press is turning the tables on Microsoft.

Reports began to appear April 14th of a apparently deliberate back-door in a piece of Microsoft web software called FrontPage. The reports specified that the back-door password was "Netscape engineers are weenies!". Open source advocates fell all over themselves with glee. This was finally the big black eye they were waiting to give Microsoft! Conclusive evidence that security through obscurity does not work, and that open source software was superior.

Eric Raymond wrote an article where he stated, "It's pretty clear. Anybody who trusts their security to closed-source software is begging to have a back door slipped on to their system -- with or without the knowledge of the people who shipped the code and theoretically stand behind it. ... Apache has never had an exploit like this, and never will. Nor will Linux...".

Of course the next day, after some background and fact checking, it was revealed that the Microsoft back-door wasn't as bad as was originally reported. Further, ten days later a security firm found a what could be considered a back door in Red Hat Linux. Ironically, the bug was in a piece of web software. The security advisory states, "The GUI portion of Piranha may allow any remote attacker to execute commands on the server. This may lead to remote compromise of the server, as well as exposure or defacement of the website."

Wait a minute. Doesn't Red Hat "theoretically" stand behind the code they ship? How could this back door have been inserted into Open Source code? Didn't Mr. Raymond say that this couldn't happen to Linux? What do all the pundits who were railing against Microsoft's security holes have to say about this? Is there a double standard when it comes to reporting Microsoft? In this situation, the Linux press, such as Slashdot, are looking more like a sick imitation of what ZDNet used to be. Why is it "evil" when Microsoft FUDs Linux, but "advocacy" when Linux sites FUD Microsoft?

Is it too much to expect unbiased reporting in the media?

Matt Michie is a Computer Science student living in New Mexico. He maintains a small web page at http://web.nmsu.edu/~mmichie.





   Page 1 of 1