this story surprised me personally, and it will just go, and continue to, show that people really are mindless to the fact that the M$ slaves have more money, more resources and generally, could get away with murder - at least - if it was in a contract
Original Article Source: Inquirer - check it out it’s a good read.
McAfee throws some FUD at the GPL
Comment Hits its own investors’ confidence
By Egan Orion: Saturday, 05 January 2008, 5:15 PM
SATURDAY the sky was a sullen violet overcast at dawn, spitting volleys of rain onto the patio roof. Intermittant wind gusts ruffled the laurel hedge out back and swayed the limbs of the big fir tree in the neighbor’s back yard. A few of the cats ventured out but soon retreated back indoors to get out of the cold winter storm that had swept up the Pacific coast from San Francisco overnight.
In the chill morning dark, quiet except for the sounds of wind and rain outside, it seemed only fitting to happen upon the news of yet more FUD manure thrown at open source software by a vassal of the Volish empire, against its own interests.
* * *
In its annual report, Windows security software vendor McAfee told its investors that open source software licence terms it vaguely characterised as ” ambiguous” might “result in unanticipated obligations regarding our products.”
“To the extent that we use ‘open source’ software, we face risks,” McAfee stated.
McAfee explained: “Use of GPL software could subject certain portions of our proprietary software to the GPL requirements, which may have adverse effects on our sales of the products incorporating any such software.”
That statement says several things. First, it reveals that McAfee does use at least some open source software derived code in its products. Second, it betrays that McAfee has misappropriated that open source software and thus is committing copyright infringement, because it doesn’t distribute that open source software derivative source code. Third, by calling its products that include open source software code “proprietary”, McAfee shows that it really doesn’t want to shoulder its GPL licence obligations, but instead wants to both have its cake and eat it too.
The company might have more honestly admitted that, to the extent it might have been abusing open source software by ignoring its licence requirements, it might have to distribute its modified open source software source code to its customers, or at least make it easily available to any customers who might want to obtain it.
That is all that the GPL requires. It explicitly permits that products that use GPL licenced software may be sold, subject only to the requirement that the source code to components that are GPL licenced must be distributed or made available.
Merely including both proprietary and open source software in the same package or on the same distribution media doesn’t transfer GPL requirements from open source components to proprietary components. McAfee ought to consult with the Free Software Foundation if its management and attorneys are not well versed in the accepted methods for keeping proprietary and open source software separate while still allowing them to work together. The FSF will be glad to help them out.
Even if it were to publish all of the source code for, let’s say, its antivirus product, McAfee would certainly be able to keep its virus signatures database proprietary and confidential. That’s data not code, so it couldn’t be subject to GPL disclosure. McAfee’s antivirus product’s marketability wouldn’t be diminished in the least and end-users would still need update subscriptions even if they had the software free.
After all, the long term end-user value of any antivirus product is in the ongoing malware detection and research performed by the vendor, not in the executable module scanning and signature database matching software machinery by itself.
Of course, McAfee might simply be mortified at the thought of having competent customer programmers viewing its software source code. That might be poorly designed and structured, embarrassingly kludgey, or riddled with clumsy coding, and so on. It might even have glaring design loopholes that could be exploited by malware authors if they became widely known. Then again, one doesn’t really need source code to find design flaws, given some sophisticated debugging tools.
Perhaps McAfee believes in “security by obscurity” and that’s the reason it doesn’t want to reveal its modified open source code. But it, and all of the other Windows security software vendors, should know better. After all, that’s been Microsoft’s approach within Windows itself, and it’s been proven to be totally ineffective. The Windows security software vendors only have demand for their products because the Vole’s whole “security by obscurity” approach has failed and continues to fail.
Besides, properly designed security software can’t be defeated simply by knowing exactly how it works. Well designed security routines have checks that malware code can neither satisfy nor avoid, authorisation tests it can’t pass, and function, memory and file protections it can’t evade to reach sensitive resources, and so on. There’s exemplary open source software that is quite highly secure despite being entirely open for anyone to read. OpenBSD is only one example of several.
However, even if one or more of these is the case, that doesn’t excuse continuing GPL violations. The only possible GPL violation cures are to either distribute the derivative open source code or recode the functions in a clean room environment. That, or completely redesign and rewrite the application… entirely from scratch.
If McAfee didn’t like the GPL or want to abide by its licence terms, it should have written its own blasted software rather than stealing code from the open source community in violation of the GPL and the US Copyright Act. It’s far too late now.
There’s nothing at all “ambiguous” about the terms of the GPL, either. Contrary to McAfee’s snide, scurrilous suggestion, the GPL is a simple, straightforward software licence with no confusing or onerous terms. Compared to the McAfee EULA — or especially a Microsoft EULA — the GPL is a veritable model of simple software licence clarity.
McAfee also feigned to be “troubled” that the terms of the GPL have never been tested in court, supposedly. Well, that’s simply false. The GPL has been upheld in a German court of law, under the Berne Convention that conformed international copyright protection, to which the US is a signatory since 1988, and which is now under the auspices of the UN World Intellectual Property Organisation (WIPO).
The only reason that the GPL has never been “tested” in a US court of law is that every potential defendant in a copyright infringement lawsuit based upon the GPL has chosen to settle out of court rather than risk losing in court.
The US Copyright Act provides for statutory damages of up to $180,000 for each and every instance of willful copyright infringement.
Before it further disparages the GPL, McAfee should contemplate paying multiple authors of open source software licenced under the GPL $180,000 for each copy of its unlicenced and therefore copyright infringing products it ever shipped. One suspects that not even Microsoft has that much money, and certainly not McAfee.
Also, how can McAfee pretend that the redistribution obligations relating to open source software that are so clearly stated in the GPL were “unanticipated” by it?
That claim is tantamount to the admission that McAfee had previously assumed that it could get away with violating the GPL with impunity. Either that, or it’s an admission by McAfee’s executive management of their utterly gross incompetence at directing and managing a legally responsible software development enterprise.
These few statements in its annual report, taken at face value, can’t be viewed as encouraging for investor confidence in McAfee’s executive management team or future business prospects. Indeed, should McAfee’s stock decline in market value, it’s not unimaginable that these statements could come to be cited as evidence of mismanagement in stockholder lawsuits. Under Sarbanes-Oxley, executives might even be held personally liable for causing the corporation to incur legal liabilities. Having disclosed bad management after the fact might not get them off the hook.
On the other hand, open source software developers whose source code McAfee might have misappropriated aren’t likely to sue the company for damages. That’s not the point of the GPL, which merely requires that those developers who modify and redistribute open source software also return those derivative works into the open source software development community. GPL compliance is the objective, not monetary gain, and fortunately for all, compliance is almost always possible.
But McAfee probably knows all of this. So what was the point of the FUD attack?
One can only speculate, but it’s obvious that all of the Windows security software vendors like McAfee are totally dependent upon Microsoft’s dominant Windows OS marketshare for their very existence. Apple Mac and Linux systems aren’t nearly as vulnerable to malware as Windows, which by its very design practically invites infestations of all sorts, the whole menagerie — viruses, adware, spyware, trojans, worms and bots. Without the Vole’s Windows monopoly to provide their customer base, parasitic Windows security vendors like McAfee could not stay in business long. There’s a powerful motive for McAfee to denigrate open source.
Linux users don’t buy antivirus software because Linux isn’t anywhere nearly as insecure as Windows, by orders of magnitude. It just isn’t needed to run Linux.
Perhaps McAfee is afraid that Linux desktop penetration is heading up, which it is, and wants to do whatever it can to slow its takeup, especially in corporations.
That does seem possible, even plausible, but if that’s the case, McAfee is failing to appreciate the direction from which the worst threat to its future viability is most likely to come. Growing uptake of desktop Linux won’t kill off McAfee’s business.
Long before Linux makes big inroads on the desktop, Microsoft will have escaped from federal antitrust oversight. Then the Vole will bundle security functions into Windows and staff its own malware research lab, putting McAfee out of business.
Or perhaps McAfee will offer software that does something actually productive, instead of living as a mere parasite of the Vole, a remora on the Windows shark.
* * *
It’s later Saturday morning and the wind’s died down. The cats are sauntering out again to patrol the soggy grounds under a bright grey, featureless overcast sky. µ
Original Article Source: http://www.theinquirer.net/gb/inquirer/news/2008/01/05/mcafee-throws-fud-gpl