When it comes to IT security, Linux generally scores outstanding marks. There is, however, one notable exception to this rule: A threat that Linux, and many other open-source apps, just can't seem to shake.Strangely enough, it's the only IT security threat that only hurts users when they take it seriously.

According to Eric Raymond, the acronym FUD (Fear, Uncertainty, and Doubt) first came into widespread use in the 1970s, when supercomputing pioneer Gene Amdahl left IBM to found his own company. Amdahl used the term to describe one of the methods IBM employed to scare customers away from its competitors' IT products -- although in concept, FUD is one of the oldest, and unfortunately one of the most effective, marketing tactics ever devised.

Obviously, any marketing tool based upon lies, slander, and rumor-mongering has some serious ethical issues. Just as obviously, that fact doesn't bother the companies that use it or the people they employ to perfect it. And while companies that play the FUD game sometimes come out winners, the same can't be said of customers who fall victim to the tactic.

When it comes to Linux, Microsoft is the undisputed king of the FUD dungheap: The company's now-infamous "Get The Facts" campaign may be the single biggest disinformation campaign ever concocted by an IT company, although SCO's failed effort to sue Linux out of existence certainly rivals it.

Yet while SCO's get-Linux FUD campaign backfired so badly that it destroyed the company (thanks, ironically, to SCO's brain-dead attempt to shake down IBM with a phony intellectual-property lawsuit), Microsoft can't seem to kick the FUD habit. That's especially true among the company's business customers, since Linux poses a far greater threat to Windows as a server platform and even as a business desktop option, than it does as a consumer operating system.

FUD is only dangerous to businesses when they buy into a company's marketing claims without asking questions -- and demanding substantive answers -- or doing independent research. This sounds like an obvious problem with an equally obvious answer. Yet if that is true, then why do so many IT vendors continue to shovel FUD with such reckless abandon?

In fact, the best FUD is subtle and insidious; it claims to represent common sense and sound judgment, which makes it inherently dangerous when some companies buy into it and others do not.

The Internet is an ideal environment for burying hapless victims in mountains of FUD. Online information sources, however, are also the most important weapons for companies that choose to fight back. I am especially fond of two Web sites -- one with a long and honorable history, the other more recent but equally informative -- that IT decision-makers can turn to when they need to convince their bosses, and their peers, to see anti-Linux and anti-Open Source FUD for what it really is:

Why Open Source Software/ Free Software? Look At The Numbers! A few years ago, during an email exchange with computer security expert David A. Wheeler, I kidded him about the title of his site: As catchy names go, this one could use a little work.

Look past the unwieldy name, however, and it's hard for me to overstate just how much respect I have for David A. Wheeler's comparative study of open-source and proprietary software -- including, of course, Linux and Windows. From the very beginning, more than five years ago, Wheeler's work has simply blown away other, similar studies; then as now, I consider it the single best source of quantitative information on the topic ever published for public consumption.

One of the secrets to Wheeler's success is his constant work keeping his study up to date: Since December, 2002, he has issued around 200 sets of revisions to the original study. It's a remarkable achievement, given that most comparable online research covers a fraction of the material Wheeler covers, rarely takes such pains to cite only relevant data from reliable sources, and often turns out to be months or years out of date.

Since Wheeler also has a career and a life to enjoy, it is understandable that he doesn't spend a lot of time promoting his study. (Wheeler has created a presentation-length briefing based on his study, and he also allows readers to reprint it free of charge, either on paper or in electronic format. He does not, however, allow others to mirror the study on the public Internet, since he updates the material so frequently; also, reprints must be attributed, and they must always be distributed free of charge, regardless of format.) Even so, I wish Wheeler's work got far more attention than it does -- especially given the resources some companies pour into publicizing the pimped-out PR dreck they label (without a hint of irony) as "research."

Don't let the lack of publicity, the uninspiring title, or the back-to-basics formatting fool you: When Wheeler makes a point regarding total cost of ownership and ROI, security, usability, or other key topics, he backs it up with carefully sourced data anyone can verify, and he uses that data to generate statistics anyone can duplicate.

If you subscribe to an old-school view of research, where seeing is believing and where leaps of faith are for suckers and fools, then you're going to love Wheeler's work. But don't take my word for it.

Linux FUD. Kevin Guertin describes himself as a "Microsoft Windows guru," and he has the resume to back it up: Since 1991, he has worked with and studied Microsoft products, from MS-DOS to Windows Vista.

Guertin's relationship with Microsoft products, he admits, was not always a happy or healthy experience:

It's a relationship that sounds familiar to many of us. And I can definitely sympathize with Guertin's attitude towards Linux: While I have worked with a half-dozen or so Linux distros on a day-to-day basis over the past decade, none of them earned my loyalty and respect as quickly or as completely as Ubuntu did.

In any case, Guertin clearly knows his stuff, both as a professional Windows user and as a recent, but still very tech-savvy, Linux convert. Since Guertin makes the focus of href="http://linuxfud.wordpress.com/">his blog pretty clear, I won't waste any more bandwidth describing it. I will note that he is currently working his way through a series of posts entitled, "Top 10 Linux FUD Patterns" and that his most recent entry in the series -- number five -- tackles the especially FUD-tacular claim that "Linux is not secure."

While you're Browsing Guertin's blog, take a break from your FUD-fighting and check out some of his posts on other Linux-related topics, including Ubuntu.