'That's data not code, so it couldn't be subject to GPL disclosure. McAfee's antivirus product's marketability wouldn't be diminished in the least and end-users would still need update subscriptions even if they had the software free.'

Except that I could modify the source code of the client to pull virus definitions from an alternate location, and make this new version freely available. Then, I could simply pull the virus definitions off the official site, throw them on the alternate locale, and boom... the value of the software and service immediatley becomes $0. 
If I'm McAfee, how am I going to convince people to pay for a subscription for anti-virus updates, when somebody else has modified the program to pull the defs off some P2P site and people can get everything for free?

$180,000 for every instance of violation ?
Multiplied by McAffee's customer base ?
With the face of the CEO at the next shareholder meeting, trying to explain why he thought it was a good thing to try a FUD campaign against GPL when rabid dogs like SCO have gone bankrupt for doing just that ?
Excuse me while I froth at the mouth in anticipation.

As I see it, if you spend the time and effort writing code then you want to be paid for it. If you adopt a 'proprietary' licensing model, then you get paid in cash. If you adopt the GPL, you get paid in code. If someone values your code enough to incorporate it into their own code rather than rewriting that code themselves, then they have to pay you. With the GPL, however, they don't just pay you, they pay everyone. If you don't like the licence, don't use the code. 
But don't expect to use the code and not pay for it.

This article takes a minor, lawyerly, note to stockholders and builds it into an admission of copyright infringement, with no logic whatever.

The author does not have any information to offer about what open-source software McAffee uses, if any, or how it uses it, but assumes that it must be breaking the license rules or it wouldn't bother with the warning.

The point of the warning is that they aren't sure what the rules are, because nobody is. Suppose, for instance, that their Linux products contain a loadable kernel module, say designed to work with the Linux Security Module interface. [NOTE - I have no specific knowledge of whether they use LSM or ship kernel modules, it's just an example.] Some people think that's a derivative work, some people don't. The applicable case law is mixed.

There are real areas of ambiguity in the license and the court cases around the GPL have generally addressed very narrow, specific issues. It's not even clear whether courts will read the license as a contract or a license - recent decisions have gone both ways.

And, finally, the author's suggested rationale for why McAffee would disparage open source makes no sense, either. They're spending significant amounts on building products for Linux systems; why would they then go out of their way to push people away from Linux. Besides which, the statement is in their annual report - it's a message to stockholders, not to customers.

Reading this as FUD, rather than as some lawyer's notion of fiduciary responsibility, is simply unsupported.

"Or perhaps McAfee will offer software that does something actually productive, instead of living as a mere parasite of the Vole"

You should probably add "offering a product that actually works" to the list.

McAfee and Symantec have been putting out junk product for a couple of years now. They are virtually useless against modern malware, particularly in the spyware/adware category.

They are just desperate. 
Since I switched to Linux, I don't need to a fresh install every 2 months. And I used Kaspersky when I was a Win user.

The article seems to jump to conclusions. 

It' snot because some commercial entity is looking into possible problems that might have happened and might lead to problems that they have willingly violated copyright. Nor does it mean that they are playing political games. 

It merely means they are (forced to) disclose knowledge of possible problems under investigation

If they don't want to adhere to the license, they can just simply not use GPL'd code.

The FSF would be very happy to discuss this with them.

@GPL Restrictions:
The GPL may be more restrictive with commercial code but this is the point of it. Dynamic linking also requires that you give offer of the source of the dynamically linked library, for instance, and method to replace it. On the other hand, the GPL is explicit and a lot of these firms have decided that they want to have their cake (By not paying for the code) and eat it, (by not releasing what they should under GPL) effectively breaking copyright.

W.R.T. FFTW, that's up to the people who own the copyright to the project. MySQL also do this. (Ken, take note)

@ Source of Ire...
No, the GPL "has not thrown a wrench into a long standing and perfectly sensible practice of programmers seeking not to reinvent the wheel". 

How about proprietary libraries? How many of them do you get to borrow and stick in your final code without paying for them? It's no different. The effective payment is release of the relevant pieces of code in the proper manner...

You have the terms and conditions of use, it's your own fault if you don't read and follow them.

"Apple Mac and Linux systems aren't nearly as vulnerable to malware as Windows, which by its very design practically invites infestations of all sorts, the whole menagerie -- viruses, adware, spyware, trojans, worms and bots. Without the Vole's Windows monopoly to provide their customer base, parasitic Windows security vendors like McAfee could not stay in business long. There's a powerful motive for McAfee to denigrate open source."

Crack. Crack. rattle. you sounds like a very old 12" record. let´s login as root, in *nix, like you appearently still do in windows(admin account). Wake up call: ever since NT 3.51 (ooh like since 15 years or so) there is security in windows. If you choose to not use it than that´s your problem. not M$´s.

"Linux users don't buy antivirus software because Linux isn't anywhere nearly as insecure as Windows, by orders of magnitude. It just isn't needed to run Linux."

Yawn. 1 word (ok it´s 2) : "market penetration" if *nix was a big target like Windows, they would. It still ain´t.
that´s the real reason. you know it. I know it, and everyone else (when they are really honest) knows it to.


It is of course wrong to use GPL licensed software for closed source. But it is makes perfect sense for a company not to release all its products under GPL, they wouldn't make profit. They have most likely spent millions a lot on development. Remember that people who work on open source usually work on commercial software as well to get their bills paid.

"The GPL appears to have thrown a wrench into a long standing and perfectly sensible practice of programmers seeking not to re-invent the wheel."

I think you're trying to utter a statement that sounds like an indictment of the GPL while hoping to deflect argument by insuring that you don't make any sense.

The practice of programmers seeking to re-use code is indeed long standing and perfectly sensible, but the GPL in no way interferes with it. Of course, the GPL has indeed thrown a wrench into some long standing practices, but code re-use is not found among them.

What the GPL and its ilk have done is to make some additional code available for re-use, at a novel and unique cost that some potential re-users can bear and others consider uneconomical. You fail to describe why this should be a problem for anybody.

"...the skeptic in me has to wonder if every line of GPL -covered code is itself completely original work."

This is another statement that sounds like damnation but is crafted to be empty of any testable substance. I might with equal justification wonder if you strip to your bra and panties at the keyboard.

All GPL-covered code is claimed to be copyrighted by its submitter, and all GPL-covered code is publicly available for inspection. No person of any sense would expect to find stolen code in such an environment. Indeed, no one ever has.

It may be the skeptic in you that compels you to such wonder, but it can only be the liar in you that inspires you to give it voice.

The first two statements of your post being utter tripe, I have concluded that the remainder is not worth reading.

-Wang-Lo.

The GPL appears to have thrown a wrench into a long standing and perfectly sensible practice of programmers seeking not to re-invent the wheel. While I do not begrudge the GPL or the programmers who assume it, the skeptic in me has to wonder if every line of GPL -covered code is itself completely original work. Could the FUD attack be based on this thought?

There is no excuse for anybody - particularly a large company with huge resources such as McAfee - to use GPL projects as their code libraries. But what if any of that GPL code is based on unprotected work?

Meanwhile, McAfee is not reliant on Microsoft's dominance at all. Like any other threat management software and/or appliance vendor, McAfee is reliant solely on the well-deserved fears of a populace that is perpetually barraged with exploit attempts of every imaginable kind. And since the advent of SOX policies, not only is threat management important for home users, it is crucial for businesses.

It only takes subscriptions to a few emailed security advisories such as US-CERT's Cyber Security Alerts, SecurityFocus' Bugtraq or HNS' newsletter to discover the fallacious nature of statements like "Apple Mac and Linux systems aren't nearly as vulnerable to malware as Windows". In fact TheInq's recently announced favorite Linux flavor - Ubuntu - is ridiculously over-represented in those bulletins, more so than any other flavor of Linux and more than any other OS altogether. I understand you have a trademark anti-Microsoft image to maintain, but please try not to promote that image at the expense of reality.

I worry even more when I see statements like "Linux users don't buy antivirus software because [...] (it) just isn't needed to run Linux."

This is dangerous thinking. Not tremendously dangerous right now in the grand scheme of things, although you might come across lots of Solaris admins and DNS folks that belong to the "once burned twice shy" club and may feel differently. With a strong firewall and prompt attention to security alerts you can probably avoid most of the threats out there, but heaven help you when some zero-day threat does find its way to you, or vice-versa.

Two thoughts to leave you with. First, the platform itself has a shrinking target profile as hackers have been giving increasing attention to applications, shared code and plug-ins. Second, the hacker motive model is increasingly profit -based, which means that the relative sanctity of OS-X and Linux is an increasingly precarious position as the popularity of these platforms make them worth the investment in hackers' attention.

As long as bored socially inept twits can derive deviant pleasure from hacking, and as long as capitalist thieves can profit from hacking in nearly perfect safety and anonymity, every owner of every computer unless perhaps they're running something completely off the radar (OS/2 anybody?), must be vigilant. Just because Jobs' mob made your 'puter or your OS is being tended to 24x7 by pimply socialist wannabees is no reason to think your resources are impenetrable.

Safe computing,
-Brad

McAfee does have Linux products. One well known hosting firm has the following options for linux systems.

McAfee LinuxShield Anti-Virus
McAfee Total Protection - Linux

I don't know about the other products, but I am all too familiar with their Network IPS product - IntruShield. It uses a number of open-source tools, TomCat, MySQL, etc., etc., so it's interesting to see that they would say this.

Ken

There is another problem for all the anti-virus companies. Many people are discovering that by keeping up to date with patches and NOT visiting risky web sites they just don't need virus checking software at all. If there is a major move towards web services such as provided by Google, where the hosting company protects the users, the demand for anti-virus protection will drop even lower.


Then there is always the possibility that Microsoft will write an operating system that leaks more than a sieve.

Wow! Nice article man! It almost made me cry there! Wow, yea, I agree totally, these big corporations re just evil. It takes too much effort to be creative, too much money to spend which would lower the profit, so why not take what's already done and proven solid - open source. Why not, after all, who cares about all the geeks sweating over their keyboards and offering the fruits of their effort to the world to benefit. 
It's expensive to be M$, or any big corporation. All those private jets and waste on luxury, leave very little left to invest in actual coding effort. So why not take what you need from where it's free, get the job done. Who's gonna ever know? Not like anybody will have access to the source code to reveal the profanity. In the end you can smile from above the silly crowd and call yourself innovative. Innovative. Hmm, somehow these words immediately make me think of the worse, a guy with dorky glasses, semi mature voice, half of a man, but what a tyrant. "I love this company!"

The GPL is slightly more restrictive with commercial code than your article makes out. Compiling in a GPL licensed static library certainly violates the GPL unless you release all of your source code, and it is generally thought that this also applies to dynamic linking.

Take the GPL licensed FFTW for example ( www.fftw.org ). They also offer non-free licenses and state in their FAQ that:

The non-free licenses are for companies that wish to use FFTW in their products but are unwilling to release their software under the GPL (which would require them to release source code and allow free redistribution). Such users can purchase an unlimited-use license from MIT. Contact us for more details.

We could instead have released FFTW under the LGPL, or even disallowed non-Free usage. Suffice it to say, however, that MIT owns the copyright to FFTW and they only let us GPL it because we convinced them that it would neither affect their licensing revenue nor irritate existing licensees.

----

Clearly the GPL has been chosen over the LGPL as it does force complete source code disclosure whereas the LGPL with dynamically linked libraries certainly does not.