is open-soure REALLY more secure???
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: is open-soure REALLY more secure???

  1. #1
    Senior Member
    Join Date
    Jul 2002
    Posts
    106

    is open-soure REALLY more secure???

    after seeing articles like this, i really begin to doubt the whole open-source argument that open-source software IS more secure than proprietary products. i just cannot believe that the "many eyes=better code" philosophy is accurate at all. if that were true, than we would not have these issues, right??? (personally i don't think either one is more secure than the other) i think it all depends on the developers working on the code, as we all know, there are quality developers and crappy ones. i have been a technician for many, many years now and have yet to come across any developer that has said "hmmm...i'm bored, i think i'll look over this code for bugs". unless, they are wanting to use some of that particular code in one of their projects or want to build something similar, they don't do that. anyway, i just wanted to get some of the AOers thougts on this.

    BTW-before i get flamed or neg'd, i have to say that i hate all OSs equally...they all do the same thing, but get from point A to point B differently. IMO


    http://news.com.com/2100-1002_3-5085...l?tag=nefd_top
    just making some minor adjustments to your system....

  2. #2
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    open source is actually less secure because the flaws can be found easier. But, when a flaw is found, it is patched a LOT more quickly then propriatary software.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  3. #3
    See that's the oddity of opinions...

    I read that exact same article - and it makes me think what a GREAT idea open source is. I believe that article outlines the very reason open-source is made to be more secure then most non-open source.

    Being that non-open source it normally only the developers and the 'bad guys' (to use their terms) that have access to the source-code. So mainly 'bad-guys' find the holes and the 'good guys' don't find out about it until after we see the exploits found for the holes.

    Where as with open source this is not always the case, as both good-guys and bad-guys have the same access to the same info. Thus causing situations like this when (to quote them)

    "We certainly know of no exploits yet," he said. "These were found by the good guys.
    Thus giving the end users a chance to fix the problem before it even becomes exploitable...

    Thats my 2 cents,
    RRP

  4. #4
    AO Antique pwaring's Avatar
    Join Date
    Aug 2001
    Posts
    1,409
    The whole idea of open source with relation to security is that bugs are found because people can see the source code. If software is insecure but closed-source, it's going to take longer for the problem to be noticed by the creators and fixed. Plus, at the end of the day, if you notice a security hole in an open source product and have the programming ability, you can fix it yourself and submit a patch to the project. Even if the developers refuse to use it, you have at least secured your own system.

    With closed-source products (e.g Windows XP), I have to wait for the developer - in this case Microsoft - to release a patch before I can secure my system. There's nothing I can do in the meantime except leave my computer disconnected from the internet (or even switched off) and wait for MS to solve the problem.
    Paul Waring - Web site design and development.

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    220
    I would say that it depends on the people that aquire it. If the people who get the software decide to search for flaws and exploit them then it is somewhat less secure. On the other hand if the people decide to notify people and patch it then it is perfectly fine.
    [gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi,

    "Security is in the hands of the beholder".......if you do not know what you are doing, all OSes are vulnerable.

    If you have open source then you are vulnerable in that a bad guy can see how it works?...in the case of the closed source, the bad guy can generally figure out how it works..........hell Gates would not have gotten that rich if he only employed angels and geniuses?......they are ordinary folks. And hacking is based on HOW IT WORKS, not on the potential of a system/language. It is very much a "suck it and see" activity?

    IMHO vulnerabilities are attached to applications NOT sources.

    I have a machine I just moved today...it is a trifle old, OK, but it runs the RISK operating system...........anyone out there under 40 fancy their chances?...I doubt it

    It is closed source, but that does not matter.............not many of us would understand it anyway?

    My final comment is that with closed source it is THEIR problem...with open source it is yours


    Cheers

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Open source vs closed source by themselves have no direct correlation to the security of the product. If you have a group of 5 guys all coding for the same open source product and they don't care about security at all, and make a lot of mistakes, that product is insecure. Same thing can happen with closed source development. They are development models, and that is it. The security of the product is only as good as the developers care to make it. All developers right now are humans, and humans make mistakes. Which means that no matter how good you think you are, you are going to screw up atleast once, and that is all it takes for an insecurity to pop up.

    The whole argument that open source is more secure because open source developers care more is conjecture. I have never seen any statistical evidence that proves that open source developers care more, or vice-versa. Most of the time the people who get into these arguments are either open source or closed source developers/supporters and they are tooting their own horns.


    nihil- That would be RISC. What type of ARM processor are you running in that machine?

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi mohaughn,

    You spotted my dyslexia straight off It is RISC, and the chip is some sort of Motorola. The machine is 1990 and is designated a 12/20 so I suppose the processor is 12Mhz and the FSB 20?

    It has a 151Mb hard drive (Wow)


    A nice bit of history as far as I am concerned, I must get it going again (just moved house) I will have a look and get back..............are you interested in old machines too?............sort of a hobby for me like some guys with old bikes or cars?

    Cheers

  9. #9

    RE: Neat stuff is neat, right?

    Nihil is right that if the person setting it up has no idea what they are doing then it probably will not be secure, however... I do believe that open source gets patched much faster because many more people see it. Where as with Windows even if they have a developement team of say, 100, they are not nearly as numerous as the people who look at open source material, they are most likely also focusing on release dates, and that type of thing, and security is less important than does it work, and will it not crash every few minutes. I do comment them on XP Pro, it has been more stable for me, until I killed it and put RedHat on .

  10. #10
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    The time between discovery of a possible exploit and patching with open source is many times a matter of hours at most days not weeks or months(unless the project is dead/unsupported. Right now there are exploits for IE6 that have been around for along time. Companys work for the bottom line , people who do open source work for the love and challenge. I know where i put my trust.
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •