Did Microsoft Pressure Dell to Change Ubuntu Linux Statement?
Jun. 17th, 2010 by The VAR Guy
The VAR Guy saw this coming. On June 10, The VAR Guy was first to report Dell considered Ubuntu Linux safer than Windows. But now, Dell has apparently updated its web site to remove/alter that statement. Linux conspiracy theorists think Microsoft pressured Dell to make the change. Is that really the case?
Frankly, The VAR Guy doesn’t know for sure. Our resident blogger has requests for comment out to Dell, Microsoft and Canonical — promoter of Ubuntu Linux.
Revisionist History?
As you may recall, Dell ships Ubuntu on selected U.S. systems. And about a week ago, Dell’s web site (http://www.dell.com/ubuntu) included a top 10 list educating readers about Ubuntu’s strengths. At the time, #6 on the list read:
“6) Ubuntu is safer than Microsoft® Windows® The vast majority of viruses and spyware written by hackers are not designed to target and attack Linux.”
But now, Dell’s Web site has updated that item to read:
“6) Ubuntu is secure According to industry reports, Ubuntu is unaffected by the vast majority of viruses and spyware.”
No need to panic, folks. The VAR Guy purposely took a screen shot (PDF) of the original Dell Web page for safe keeping — just in case Dell somehow felt inspired to remove the Ubuntu vs. Windows safety reference.
If our resident gets a comment from Dell, Microsoft or Canonical, The VAR Guy will be sure to share it in the comments area.
Sign up for The VAR Guy’s Newsletter; Webcasts and Resource Center; and via RSS; Facebook; Identi.ca; Twitter and VARtweet.
The real issue for me isn’t that they’re changing this statement, but that the original and latter statements are both avoiding the real reason why Linux is safe- it’s not because no one’s targeting it, since plenty of people are and have.
The reason is the underlying security structure, separating user and administrator privileges always- you never run as root.
Also, the fact that we have SELinux to set specific restrictions based on the needs of specific programs (not letting them do things they would never need to do), and PGP keys for including only trusted software.
There are just so many safeguards, and people who package and update their software take security issues very seriously- they don’t just leave things unattended to be exploited in the rare case something could have a chance perceivable to the coder.
The security fixes are for potential flaws, not exploited flaws. This is important to note, that we have developers adding security to an already extremely secure model, thus making the OS more secure than, say, OS X as well based on the virtue of how you install and run software, and where you do that from.
To say, “oh, Linux is less of a target, that’s the reason it hasn’t been cracked,” is merely avoiding the issue of discovering what makes a system secure or insecure.
Your screenshot doesn’t show the relevant information…
D.
Do you think that Dell’s retraction might have something to do with the UnrealIRCd trojan insident?
To even hint that Dell made the decision to change their statement on Ubuntu security without any influence from Microsoft leads me to believe you also think 100,000 node Botnets are acceptable and are created by the Tooth Fairy. It’s long past the time to give Microsoft any breaks in the IT press. All it gets us is more of the same from Microsoft with predictable consequences. At least that’s what it gets the hapless users.
“Did Microsoft Pressure Dell to Change Ubuntu Linux Statement?”
Well, of course they did.. that’s the nature of the beast. Microsoft doesn’t want people to know that Linux is inherently safer than Windows. Microsoft would lose sales if too many people started learning the truth.
Dulwithe@2: Scroll down; the screen shot certainly shows tip 6 and the original Dell statement about Ubuntu being safer than Windows. Thanks for reading The VAR Guy.
-TVG
One can hardly imagine that Dell’s Number One partner is going to take that kind of statement sitting down. Even if they didn’t get a call from Microsoft, let’s not forget Dell’s bread and butter is selling computers with Windows. How much do you want to go around talking trash about Windows?
“Windows is way less secure than Ubuntu. Oh, by the way, wanna buy a Windows PC???”
Next stop for the customer: Apple.com.
Yeah, somehow I don’t think that was fully thought out in regards to full-on company approval. I’m not going to argue the merits security wise of Windows vs. Linux. I just can’t see this as having been something that was driven from above as a good idea for the company as a whole all things considered. Now I’ll get back to getting things done on my XP box. Vulnerable to security issues? Yes, I know. But I got the skills to handle it. Now back to productive work for me…
Here’s a link to the original Dell.com webpage, as cached by Google:
http://tinyurl.com/2fbwzy5
Now I’ll get back to getting things done on my XP box. Vulnerable to security issues? Yes, I know. But I got the skills to handle it. Now back to productive work for me…
Funny, no security stuff on either Windows or Linux, but there is “subtle” innuendo that Windows XP is necessary to be productive. Makes me wonder wat is so inherently productive about this particular program launcher and hardware manager…
Hey it’s another crack in the wall that US OEM’s are waking up to the fact that a small, but definitely increasing fraction of customers, are tired of the pre-installed crapware that happens to include that other OS. The question is how soon the day of when the OEM’s will tell Redmond to “suck it up” is coming….
Could be because the statement was false. There’s no quantitative way to show Ubuntu, or for that matter GNU/Linux, is more secure than Windows. We can only show that Windows has more virus writers gunning for their GUI button clicking droids. Security through obscurity is not secure at all.
A system is only as secure as it’s user is intelligent. Plus didn’t the GUI button clicking Ubuntu droids already get infected from being click happy while installing a screen saver?
http://linux.slashdot.org/story/09/12/09/2215253/Malware-Found-Hidden-In-Screensaver-On-Gnome-Look
To blindly assert that Linux is _safe_ is foolish. Take a gander at the extreme number of CVEs created for programs shipped with most GNU/Linux distributions.
Sorry Bob, you get an E for effort, but you clearly don’t get it. Like all windows fan boys, you claim that the only reason windows has more security problems than linux is that all the malware writers target windows, while nobody targets linux.
If I may inject a bit of reality here, the fact is malware writers do target linux, but linux is a much tougher nut to crack than microsoft windows. microsoft is the low hanging fruit here.
Yes, let’s do look at the CVEs – almost all of them quite boring and theoretical (e.g. potential information leak via race condition in creation of /tmp files, etc) and almost none of them having any exploits in the wild. On the other hand, the frightening ease with which microsoft windows is daily compromised in drive-by attacks should serve as a wake-up call.
I’ve been a unix admin since the early 90s. Should I avoid ubuntu because it “just works” and is easy to use? Sorry, ubuntu is my full time desktop OS, and increasingly, I’m using it in the server room as well.
“I’ve been a unix admin since the early 90s.”
I seriously doubt that, or else you would understand the gravity of the CVEs. The potential is here now.
I’ve held and updated an RHCE since 1999, various LPI certs, I have root on 427 world wide machines, and my only home OS is Slackware – does that make me special too? (Ask the VAR to check my agent string
)
The fact of the matter is that Linux is not safer than any other OS. Because of the user element. How do suppose most Windows machines become infected? By installing something from the Microsoft update channel? Or by a user blindly clicking on something and installing it? This is able to happen from users not understanding security and running the system with admin privileges.
Take a second and look at the default security for your famed Ubuntu. Not how easy it is to change to a more proper secure method, but the default manner in which to gain root access a user needs to simply give their own password. This privilege escalation is then in effect for ~5 minutes. Now, take a look at the number of people that install packages outside of the official Ubuntu repos. Playing devils’ advocate, it’s a recipe for disaster. Compounded by the false sense of security people have from others proclaiming “Linux is safer” “Linux doesn’t have malware” “Dude you’re using Linux, it can’t get infected”.
Give it time. As Linux desktops become more widely used, we’ll see more and more of the screen saver incident popping up. Only it has the potential to be worse. People like to turn a blind eye, and for some odd reason believe it is impossible. I can’t fathom why someone would believe just because they clicked a big install button and typed a user name and password, they are somehow instantly a computer wiz.
`Desktop` Linux makes a grave mistake of blurring the line between Administrator and User. History has already shown the havoc that is caused when Users attempt to administrate their own systems.
Not Bob, you claim
“The fact of the matter is that Linux is not safer than any other OS. Because of the user element.”
To take a car analogy, it is like saying that a Volvo is not safer than a Traban because a bad driver, at night on snow is more likely to crash than a Traban driven by a professional driver on a sunny day on a race track.
The point is that _all_ other things begin equal, Linux IS safer than Windows.
This is true no matter who is the user.
the originally claimed statement is:
(1) Which ever U in USER, Linux(U) is safer than Windows(U).
you turned that into a straw man in the form of
(2) for every (U,V) in USERS^2, Linux(U) is safer than Windows(V)
then you state the obvious: that is that (2) is FALSE and conclude that (1) is FALSE. aka a Non Sequitur.
TALKING POINT ALERT: “The fact of the matter is that Linux is not safer than any other OS. Because of the user element.”
This is the new talking point from Microsoft “apologists”. It’s a variation of “more people using X operating system, more security holes.” Here’s a brief list of software attributes that *don’t* come into play in their cranial-challenged logic: Architecture, compilers, coding skills, design, working environment and philosophy. Poor security is supposed to be something like an all pervading ether. The Great Equalizer. So there you have it all you developers. Don’t even waste your time with trying to code-in good security. Microsoft has experience with that. It’s a waste of time according to them.
Or so Microsoft would have us believe.
the cost of making windows safe is never brought up. I’m not talking about the dollars spent on virus scanners. I’m talking about the lost cpu cycles of endlessly scanning those files over and over for the life of the machine. The cpu cycles lost while it looks at the file you touch as you try and get your work done. Wasted time, wasted energy. Windows is a waste. *nix is safe and green.
Here in lies the problem. When hardware manufacturers depend on ONE software company to drive nearly all their sales, they have to submit to any pressure, whether actual or perceived as to not upset that so-called “partner”. So that statement had to be changed, be damned if it were true.
And this is why having a monopoly is so horribly bad for this or any industry.
I would like to see the day where I can walk into a retail computer shop and have an actual choice of operating systems.
>Do you think that Dell’s retraction might have something to do with the UnrealIRCd trojan insident?
The UnRealIRCd trojan affected only Gentoo Linux and Arch Linux. UnRealIRCd is not available from Ubuntu/Debian repositories.
Dell’s Linux machines run Ubuntu Linux, so the UnRealIRCd trojan had nothing at all to do with Dell.
From the wording change, it looks like Microsoft has perhaps threatened legal action over slander/libel in the reference to Microsoft Windows in the statement, because effectively only that has been removed.
Yes, we all know that if Microsoft was taken to court it can easily be proven to any knowledgeable court by reference to available facts and statistics that Dell’s original statement was indeed 100% truthful, but nobody wants to waste time and money on a lawsuit unnecessarily. I don’t think Dell can be blamed for making the minor change it did.
We hear it all the time, Windows has the most security breaches because it’s a biggest target. This is typical of the simplistic reasoning of Windows users. This mindset is probably one of the biggest contributors to Windows security problems.
It’s true that Windows is the biggest target. Presumably it also has by far the most developers. One of the best ways for a Windows developer to become a hero among his peers would be defeat Linux security. The fact that none have been successful makes Linux at least appear to be a very tough nut to crack.
One reason I love Linux is because you can catch your trojans. Just look at how few have apparently snuck by. It’s much easier to judge source code than it is to judge binaries.
This one that snuck by would have failed if various groups had been more careful about using checksums more carefully or if signatures had been employed.
And the mistake would have likely been erased at the next upgrade cycle (the mirrors were bad but not the main code repository). The hijackers would have to keep repeating their feat repeatedly and always hoping no one would realize the switch which could have been caught by anyone at any time through proper hash comparisons.
That software is not used nearly as frequently as much other (desktop) FOSS because it’s server software, it’s uncommon server software for many servers, and there are various FOSS competitors to it.
Not-Bob, can you give me an idea of who you know that downloads a bunch from unknown repositories? The regular repositories are safer and already have so much.
Linux distros can improve their security setups (eg, using jail cells more frequently), but as things are, it’s not very likely malware would spread too far (and the trojan didn’t in this case). There are too many people that use different distros, many of which use different software components, or similar components that are patched differently, compiled a little differently, installed and used a little differently (eg, different security framework).
Let’s see how those that were affected improve on their processes. They seem to have taken this seriously and will revert to an older safer practice (with some modifications).
And let’s not forget that Microsoft gains from malware that infects older systems forcing upgrades. They gain financially, so in the backs of their mind, they know some amount of malware is good for their stock holdings. You won’t see that with most Linux distros, certainly not to the same degree because of how little even commercial entities make per distro copy itself. Also, as a developer, you don’t have the same fire underneath you to code really well if the public won’t know you messed up personally (both because the code is closed and because you melt behind a corporation). Um, and also, when you make sales easily because of monopoly levers, you also don’t feel the same fire to produce your best work. And did I say that there is an industry already developed to clean after Microsoft’s soiled clothing? .. But honestly, I really suspect Microsoft has their own set of back doors and recognized weaknesses which they know helps their business in various ways.
If Microsoft really had a hand in this, it’s far more likely they would have asked to have the entire line removed. As it is, it was only changed to remove the OS reference. Probably because it is in poor taste for a 3rd party to advertise one product by trashing another. The original was written by some overzealous troll and was later corrected. Naturally Linux fans suspect foul play.
Also hats off to Jose, who’s argument for why malware wouldn’t spread is not far from the same one used to say Linux is poor platform for commercial software. Too fragmented, too many distros, too many differences. A support nightmare in the making. Any solid, rational argument you could make against Linux, these guys will twist and spin into a positive when it suites their viewpoint.
ok, linux is safe because don’t have many people using and the virus and another malwares isn’t for linux, but i listen that same words on last 13/14 years, today linux is growing and used by many people over the world, so, linux still safe and stable like always was. where are the virus and spywares?
The only thing on windows is better than linux is just get pretexts and policy to own poor security and quality, but i hope microsoft learn something about linux users, whe don’t care about your opinion by a good OS and how make.
Windows coders let linux in peace and try make a OS based on security and not on marketing
I think that it was changed by a supervisor or someone in upper management of the PR department.
Two others summed it up perfectly.
1. Dell’s PR department probably looked at it and said “Hey, we sell both Windows and Linux computers, and you’re telling our customers that one of our products isn’t safe. What the H*** are you thinking?”
2. If it was Microsoft, the entire line would have disappeared. As it stands right now, the argument can be made that Ubuntu is more secure than Windows, and it can also be made that Ubuntu is more secure than OS X (at least if you take the current Dell site at face value and don’t research it further).
So, the new version could be a win-win for Linux. Since it’s not just saying “We’re safer than Windows”, it’s also implying that “we’re safer than Mac too.”
Unfortunately, there are Windows apps that I need to run, otherwise I might use Ubuntu; it’s a solid OS, but doesn’t have the app base. I’m not going to use WINE, either. The facts of the matter is that an OS choice is made typically by the apps the owner needs to use.Furthermore, those who run Linux have a much higher knowledge of what computers do and how to protect one’s computer than your typical Windows or Mac user. The experience factor does come into play when you’re talking about security. How many average users are going to think about something as basic as a complex password, or not running as administrator? I’ll agree that *nix distros, BDS, Unix, etc., is more secure than Windows, but how much of that is due to user experience and following even the most basic of security procedures, procedures that the average Windows or Mac user may not know? Until that question can be quantified, we’ll have to wonder exactly how much that question factors into the “superiority” of Linux.
If Microsoft is guilty of coercing Dell to change the security statement on it’s web page, sure that must be illegal if the statement was true? For some reason it’s illegal for Intel to pay distributors to favour it’s CPUs. But it’s perfectly fine for Microsoft to seemingly do the same be it through it’s “marketing Dollars” campaign or by selling Windows at a loss.
If, by some contention, it’s the user that makes a system secure, then it time to educate the user.
My belief is that Microsoft had something to do with the wording change. Why else would Dell go back and change it? Then I have to ask all parties involved, what is wrong with acknowledging the truth? Why do we keep having to try and cover up the fact that Linux is safer than Windows? It’s been proven over and over again, and acknowledged by everybody except Microsoft itself.
“If it was Microsoft, the entire line would have disappeared.”
That’s like saying “RHEL servers are still in Dell’s product line, so probably it wasn’t Microsoft”.
Microsoft probably asked whole page to be removed along with all traces of Linux, Ubuntu and Red Hat, and maybe grudgingly said that Novell can be used instead. But Dell has only removed trademarked words (Microsoft Windows) so now Microsoft can’t sue. That doesn’t mean that Microsoft didn’t threatened.
Oh, I’m pretty sure Dell got threatened over it. Not that they’re fully marching to Microsoft’s drum anymore. Can’t say more than they’re none too happy about their treatment at MS’ hands or the direction they’re going.
Hey guys, you can put the conspiracy theories to rest. This is probably a simple case of unauthorised use of the Microsoft® and Windows® registered trademarks.
Notice the “®” suffix to the company and product name. Whether we like it or not, the company has right to stop others from using its registered marks, especially when they are used in less than flattering contexts.
Every operating system that is not widely used is safe, regardless of actual security.
Has any Haiku user been affected by malware like… ever? Guess we should all be running Haiku then, the most secure OS ever created