Yankee Group: Caught between the devil and the deep blue sea?

news alert

London, UK - 7 April 2005, 14:30 GMT - In what appears to be a growing trend of radicalism within the Open Source community,
the Yankee Group analyst - Laura DiDio - has been criticised and pressurised out-of-office hours and at home for her analysis reports on Open Source and proprietary software. Her most recent report was released on Monday which compared Microsoft Windows Server 2003 favourably to Linux in terms of quality, performance and reliability. She has also been accused of partiality and bias, which she denies. This accords with mi2g's experience with certain fringe elements of the Linux Community recorded in the news alert from 2nd March 2004, which is reproduced below.

mi2g released its deep study in regard to mainstream operating systems on 2nd November last year. The most comprehensive study ever undertaken by the mi2g Intelligence Unit over 12 months had revealed that the world's safest and most secure 24/7 online computing environment - operating system plus applications - was proving to be the Open Source platform of BSD (Berkley Software Distribution) and the Mac OS X based on Darwin. The last twelve months at that stage had witnessed the deadliest annual period in terms of malware - virus, worm and trojan - proliferation targeting Microsoft Windows based machines in which over 200 countries and tens of millions of computers worldwide have been infected month-in month-out.

"The danger of these heavy handed unsophisticated protestations is that perfectly good alternatives to proprietary software from the Open Source environment may pick up a bad reputation as well,"
said DK Matai, Executive Chairman, mi2g.

Re-release: Disturbing the sanctity of the Linux Church

London, UK, 16:30 GMT 2 March 2004 - Any empirical evidence pointing to a high level of online Linux breaches is immediately shot down by religious zealots as if a church had been desecrated. mi2g believes in the Open Source revolution and the safety and security that comes from peer review. However, mi2g maintains that no OS is perfect including Linux. The mi2g Intelligence Unit is made to feel like Martin Luther at the Imperial Diet of Worms in 1521 where he expressed his concerns about Catholicism but not about the Gospel of Christianity.

Martin Luther dealt the symbolic blow that began the Reformation when he nailed his Ninety-Five Theses to the door of the Wittenberg Church. That document contained an attack on papal abuses and the sale of indulgences by church officials. Linux is being adopted today as a secure operating system even by those who do not understand the basics of how to maintain it. This indulgence is encouraged by the myth that Linux is 100% secure. There is no divine right that Linux possesses of being 100% secure. Poor administration and bad configuration can lead to breaches of any Operating System (OS).

There is a widespread reluctance to accept criticism in the Linux community even when it is genuinely in regard to the scarcity of skills available to administer Open Source OS servers or desktops. The critical flaws which were identified in the Linux kernel in late February demonstrate that Linux, like any other OS, is not perfect and is on a long journey to build trust, as is Windows. However, because it is permissible to say that Windows has vulnerabilities and administrators are aware that critical patches are issued from time to time, Windows systems are maintained and kept up-to-date much more than Linux systems. This is the main reason why server breaches of Windows systems have been broadly falling over the last year.

There are shades of grey in regard to the level of vulnerability seen in Linux as in Windows, BSD and other operating systems. The sooner the Linux community accepts this, the faster it will be able to suggest and implement best practices for Linux denominated solutions and allow major project sponsors to budget appropriately for the hidden costs of training and migration.

The mi2g Intelligence Unit has noted a high level of interest from the Linux community, some of it hostile, ever since it published the results of two studies - "The World's safest Operating System" and "February breaks digital risk records worldwide" - on 19th February and 1st March 2004 respectively. Both studies came out in favour of the safety and security of BSD and Mac OS X whilst also showing Windows to be less breached at the server level than Linux.

The management of mi2g has been threatened with damage to reputation and online property unless more is preached in favour of Linux. mi2g would like to record that it carries no bias in favour of BSD or Apple Mac OS X, nor does it maintain any bias against Windows or Linux. Various allegations have been made in a variety of forums that mi2g is somehow biased in favour of proprietary software vendors. This is not true.

For the record, it should be noted that mi2g has been committed to an Open Source architecture - Linux, Apache, MySQL, PHP (LAMP) - for over six years whether it is in regard to the official web site, the Security Intelligence Products and Systems (SIPS) engine or mi2g's Bespoke Security Architecture (BSA). BSA has also integrated components from Windows and BSD alongside Linux. mi2g has implemented bio-diversity within some of the large-scale roll-outs to cut costs and to save time in retraining users.

The mi2g Intelligence Unit research shows that with the correct administration procedures, set up and appropriately configured defences it is possible to protect a Linux, Windows or BSD server from hacker attack. In most cases, the Operating System (OS) does not let the server system down but inappropriate configuration management, incapacity to prepare for the impact of third party application vulnerabilities and the maintenance of default configurations and unnecessary processes is partially responsible for the high level of attacks against a particular OS at server level.

DK Matai, Executive Chairman, went on record to state mi2g's commitment to LAMP architecture in October 2001 at IBM as well as Lloyd's of London through two talks delivered to Chief Executives within banking, insurance and reinsurance:

1. Developing the Linux business case for financial services; and
2. The coming Linux tsunami, an Open Source revolution

Judging by the way in which malware variants are spreading in early 2004, it is likely that proprietary software solutions may succumb to the equivalent of the 1665 Great Plague and then the Great Fire of London in the following year brought about in cyber space by trans-national criminal syndicates perpetrating spam, phishing scams and zombie orchestrated DDoS attacks. Within five days in 1666, the City of London was destroyed by fire. In destroying the closely packed houses - mostly wooden - and other buildings it is also thought likely that the fire finally put an end to the Great Plague that had devastated the city in the previous year, which proliferated as a result of poor hygiene and a low sense of civic responsibility. Today the global epidemics of malware - like The Great Plague - only target computer architecture of one kind and feed off social engineering ruses and poor respect for computer hygiene.

What emerged from The Great Fire of London were new best practices both in terms of building architecture as well as public policy, health and safety. The same may happen within the computing industry. Linux and the Open Source community must not lose the chance to be at the start of the new revolution post a cataclysmic cyber event by refusing to be self-critical at this stage.


is at the leading edge of building secure on-line banking, broking and trading architectures. The principal applications of our technology are:

1. D2-Banking;
2. Digital Risk Management; and
3. Bespoke Security Architecture.

mi2g pioneers enterprise-wide security practices and technology to save time and cut cost. We enhance comparative advantage within financial services and government agencies. Our real time intelligence is deployed worldwide for contingency capability, executive decision making and strategic threat assessment.

mi2g Research Methodology: The Frequently Asked Questions (FAQ) List is available from here in pdf. Please note terms and conditions of use listed on www.mi2g.net

Full details of the March 2005 report are available as of 1st April 2005 and can be ordered from here. (To view contents sample please click here).

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy