October 2nd, 2003, 04:07 PM
is open-soure REALLY more secure???
after seeing articles like this, i really begin to doubt the whole open-source argument that open-source software IS more secure than proprietary products. i just cannot believe that the "many eyes=better code" philosophy is accurate at all. if that were true, than we would not have these issues, right??? (personally i don't think either one is more secure than the other) i think it all depends on the developers working on the code, as we all know, there are quality developers and crappy ones. i have been a technician for many, many years now and have yet to come across any developer that has said "hmmm...i'm bored, i think i'll look over this code for bugs". unless, they are wanting to use some of that particular code in one of their projects or want to build something similar, they don't do that. anyway, i just wanted to get some of the AOers thougts on this.
BTW-before i get flamed or neg'd, i have to say that i hate all OSs equally...they all do the same thing, but get from point A to point B differently. IMO
just making some minor adjustments to your system....
October 2nd, 2003, 04:21 PM
open source is actually less secure because the flaws can be found easier. But, when a flaw is found, it is patched a LOT more quickly then propriatary software.
\"Ignorance is bliss....
but only for your enemy\"
October 2nd, 2003, 04:23 PM
See that's the oddity of opinions...
I read that exact same article - and it makes me think what a GREAT idea open source is. I believe that article outlines the very reason open-source is made to be more secure then most non-open source.
Being that non-open source it normally only the developers and the 'bad guys' (to use their terms) that have access to the source-code. So mainly 'bad-guys' find the holes and the 'good guys' don't find out about it until after we see the exploits found for the holes.
Where as with open source this is not always the case, as both good-guys and bad-guys have the same access to the same info. Thus causing situations like this when (to quote them)
Thus giving the end users a chance to fix the problem before it even becomes exploitable...
"We certainly know of no exploits yet," he said. "These were found by the good guys.
Thats my 2 cents,
October 2nd, 2003, 04:36 PM
The whole idea of open source with relation to security is that bugs are found because people can see the source code. If software is insecure but closed-source, it's going to take longer for the problem to be noticed by the creators and fixed. Plus, at the end of the day, if you notice a security hole in an open source product and have the programming ability, you can fix it yourself and submit a patch to the project. Even if the developers refuse to use it, you have at least secured your own system.
With closed-source products (e.g Windows XP), I have to wait for the developer - in this case Microsoft - to release a patch before I can secure my system. There's nothing I can do in the meantime except leave my computer disconnected from the internet (or even switched off) and wait for MS to solve the problem.
October 2nd, 2003, 04:39 PM
I would say that it depends on the people that aquire it. If the people who get the software decide to search for flaws and exploit them then it is somewhat less secure. On the other hand if the people decide to notify people and patch it then it is perfectly fine.
[gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]
October 2nd, 2003, 05:07 PM
"Security is in the hands of the beholder".......if you do not know what you are doing, all OSes are vulnerable.
If you have open source then you are vulnerable in that a bad guy can see how it works?...in the case of the closed source, the bad guy can generally figure out how it works..........hell Gates would not have gotten that rich if he only employed angels and geniuses?......they are ordinary folks. And hacking is based on HOW IT WORKS, not on the potential of a system/language. It is very much a "suck it and see" activity?
IMHO vulnerabilities are attached to applications NOT sources.
I have a machine I just moved today...it is a trifle old, OK, but it runs the RISK operating system...........anyone out there under 40 fancy their chances?...I doubt it
It is closed source, but that does not matter.............not many of us would understand it anyway?
My final comment is that with closed source it is THEIR problem...with open source it is yours
October 2nd, 2003, 06:26 PM
Open source vs closed source by themselves have no direct correlation to the security of the product. If you have a group of 5 guys all coding for the same open source product and they don't care about security at all, and make a lot of mistakes, that product is insecure. Same thing can happen with closed source development. They are development models, and that is it. The security of the product is only as good as the developers care to make it. All developers right now are humans, and humans make mistakes. Which means that no matter how good you think you are, you are going to screw up atleast once, and that is all it takes for an insecurity to pop up.
The whole argument that open source is more secure because open source developers care more is conjecture. I have never seen any statistical evidence that proves that open source developers care more, or vice-versa. Most of the time the people who get into these arguments are either open source or closed source developers/supporters and they are tooting their own horns.
nihil- That would be RISC. What type of ARM processor are you running in that machine?
October 2nd, 2003, 07:20 PM
You spotted my dyslexia straight off It is RISC, and the chip is some sort of Motorola. The machine is 1990 and is designated a 12/20 so I suppose the processor is 12Mhz and the FSB 20?
It has a 151Mb hard drive (Wow)
A nice bit of history as far as I am concerned, I must get it going again (just moved house) I will have a look and get back..............are you interested in old machines too?............sort of a hobby for me like some guys with old bikes or cars?
October 2nd, 2003, 07:59 PM
RE: Neat stuff is neat, right?
Nihil is right that if the person setting it up has no idea what they are doing then it probably will not be secure, however... I do believe that open source gets patched much faster because many more people see it. Where as with Windows even if they have a developement team of say, 100, they are not nearly as numerous as the people who look at open source material, they are most likely also focusing on release dates, and that type of thing, and security is less important than does it work, and will it not crash every few minutes. I do comment them on XP Pro, it has been more stable for me, until I killed it and put RedHat on .
October 2nd, 2003, 11:28 PM
The time between discovery of a possible exploit and patching with open source is many times a matter of hours at most days not weeks or months(unless the project is dead/unsupported. Right now there are exploits for IE6 that have been around for along time. Companys work for the bottom line , people who do open source work for the love and challenge. I know where i put my trust.
Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots