[ISN] Mi2g defends its Linux claims

InfoSec News isn at c4i.org
Wed Nov 17 03:45:54 EST 2004 

http://www.theinquirer.net/?article=19665

By Nick Farrell
15 November 2004

UK SECURITY outfit Mi2g has gone on the defensive after its report 
which claimed that Linux was the most manually breached operating 
system for computers has been panned by open sourcers worldwide.

Open sourcers from as far away as the Antipodes waded into the company 
after it claimed that 65 per cent of the security breaches occurred on 
permanently connected Linux systems and 25 percent on Windows systems.

They hissed and snarled and accused Mi2G of being in league with the 
devil, well at least his Volish servants. 

Aussie Cybersource company CEO Con Zymaris said the report lacked any 
raw data, references to sources and had a broken methodology. 

He told the INQ: "In pulling apart the limited amount of information 
that is given by Mi2g it seems that the company did not include 
automated penetration attacks in its study." Mi2g also failed to 
factor in viruses and malware, something that open source expert Bruce 
Perens told Linux Pipeline, here that it was "pretty ludicrous" when 
even its own study said that the financial impact of viruses on 
Windows is tremendously greater than the penetration on Linux.

However, on the company website here, an Mi2G spokesperson defended 
the report insisting that manual hacker breaches were more common in 
Linux.

He said that good administration is central to working with Linux and 
these were lacking in the global market. 

"Manual breaches can be much more complex and sophisticated than 
automated ones proliferated through malware."

The company is mightily miffed at what it calls clandestinely attacks 
funded, aided or abetted by vendors or special interest groups.

Previously the company stirred up a hornets' net when it came out in 
favour of Apple and BSD, because the entrenched supporters of Linux 
and Windows felt that mi2g was guilty of 'computing blasphemy'. 

Mi2G also felt the need today to remind people that it is a Linux 
supporter. The mi2g Security Intelligence Products and Systems (SIPS) 
Engine runs on Linux, Apache, MySQL and PHP (LAMP) architecture. For 
the record, the company also has no business relationship with 
Microsoft or Apple either.

More information about the ISN mailing list