TOPICS: Tech Industry


Topic: Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • OPEN I "feel" ....

    well, i'll run merely 2 servers, M$ W2k Adv. Svr & Fedora core 1.

    it maybe i'm, just paranoic, but so far i've patched ( or search for patches ) every single week since i've installed it, i've got 2 differents backups from that server, including a full HD-copy ( using linux dd BTW ) and thanks to BSOD, OS reboots and so on, i don't know if i'm being attacked or OS's is just pissing me off ( im not an forensic pro, and windows havent's all the logs i wish )

    on the other hand i've patched my linux box once every two months or so, having just one incremental back up and never had happen since, i've got all the logs i want, i can audit everithing that happens on that server.

    i'dont know if it's just my imagination, but @ least i feel "safer" with linux, don't you agree?
  • I disagree with open source being more secure

    Is open source inherently more secure than proprietary code?

    My opinion is no, as a closed system, in theory, limits the knowledge base of how to exploit or manipulate or change the system. I think there is something to consider about security here - no matter how "Secure" an OS is deemed, there will always be smart people that will be able to find ways around "Security" measures. Securing an OS has other factors such as patching, which I believe Microsoft does a better job with than open source. I quote this from http://seattletimes.nwsource.com/html/businesstechnology/2002182315_security17.html

    If you consider the total number of servers deployed with windows and all the products integrated by Microsoft is the code not secure? Maybe Microsoft could do a better job of this. Is open source more secure, I say no, because patches for vulnerabilities are not even available or addressed in variety of open source applications and OS's. What will the Open Source community do if it becomes more prevalent? Will there be an army of paid developers to handle security or will it be addressed as it is today - only some patches available for known vulnerabilities? The perception of Windows not being secure may just be a numbers game not an inherent flaw.
    • More secure?

      Like those unpatched IE flaws?

      Or the flaw that's been in Windows itself for more than a decade (heck, it's been *acknowledged* by MS for more than a decade, it's been in there longer than that)

      Remember, there are more OSS servers than MS servers, yet the MS servers get compromised more. What does that say about the numbers game?
    • can you say.. "Disassemble"

      "a closed system, in theory, limits the knowledge base of how to exploit or manipulate or change the system."

      so... we've never heard of a 'disassembler'?? Rest assured that some hackers have a better grasp of certain parts of MS code than do the coders.

      I forget the url now, but there is an interesting story about a locksmith (>200 years ago) who 'published' the inner workings (& failings) of locks. He was lambasted by his peers, but defended himself (accurately) by stating that one can be assured that the criminal element already knew this is it was essential to their livelihood. His exposes were to enable the community of lock users to better protect themselves. It was true then. It's true now.

      Many minds are better than one. Open Source IS more secure because Many Minds are giving input into possible solutions, the best of which are used. Think of Open source as Evolution^10, while closed source == entrophy.
      • Minor Correction

        It's not true that Open Source IS more secure because of many eyes, it's Open Source *CAN BE* more secure. Just because many can look at it doesn't that many do.

        Look at the hardcoded password that stayed in Interbase for a year and a half before it was discovered.
        • Interbase example actually shows how good OSS is!

          The Interbase hardcoded pw was originally in a closed source product. Borland open sourced it later in its life. The hardcoded pw (backdoor) was found AFTER it was open sourced (about 6 months??).. Open Source IS more secure.

          You are correct in that 'may be' is more accurate than 'is' only a 'technical' way. No system is TOTALLY secure, yet Open Source IS more secure.

          Closed source (tries to?) relies on "Security by Obfuscation".. ie, confuse the potential kracker (not hacker, hackers do not break things.. krackers do). The old maxim "There is Always someone Smarter/Faster/Stronger (whatever) than You" applies. Write code which does NOT rely on obfuscation for security. Linux/Unix passwords, for example. The source (for creating/matching) is available, yet the passwords are secure, baring brute force "try every possible combination till we get it" which is further foiled by the simple expedient of false passwords generating time delays on repeated attempts.

          Actuality >> illusion. Open Source >> Closed Source

          The above is true given equal programming skills. It is more so true given that some of the best minds in programming live for Open Source.
          • zlib - security flaw for several years

            Many eyes don't always look, even in a library that's used in many, many projects (even included in commercial apps like Windows)

            Where the difference really comes is it is far easier to do due diligence on an open source security (whether or not it actually gets done is another question)
          • missing the point..

            You are confusing instances with methods. Yes, there are instances of error in coding. ZLib is another 'bad' example. altho 'open source' (actually, public domain, which allows proprietary coders to essentially 'steal' it), it had only one principal author (& one maintainer). It was a 'work of love' which he/they shared with the world. I thank them greatly for the sharing, but to compare the work of 1 or 2 (admitedly skilled in their fields (compression)) programers to works done & proofed by many expert programers is comparing apples to screwdrivers.. not even in the same category!
          • No, I'm not

            That software could have been examined and WAS NOT, even by those using it commercially.

            Why is this a unique example? Very few of the many eyes understand security flaws.

            nmap takes features over security
            bind took many versions to resolve security issues
  • Honestly, after XP SP2

    I've not had a single problem.
    • Yup!

      Service pack Mandrake 6.0 in 1999 and not a problem... now on SuSE 9.2 and still not a problem! ;)
      Linux User 147560
    • Most of the security concerns are for servers and not desktops!

      The areas that security is of concern would be: medical records (HIPAA requirements), financial data (GAAP, banks and other financial institutions, etc.), military (DoE, DoD etc.) and other areas where security is of concern. Having a "secure" desktop may be amusing (XP is only desktop) but isn't really what people thinking about security (especially in this scope) are concerned with.
  • An interesting question

    "Closed source security is asymmetrical, which in theory should make it safer, assuming the good guys know more than the bad guys."

    I see another analogy here. We have a drinking age of 21 in the US, and MANY underage people drink (too much). In Europe, there is no drinking age - and there are not nearly as many "problem" drinkers. Making something "closed" (or illegal) makes it more attractive to certain people. THIS "factor" may be at work here - where closed source has far more "crackers" beating on it. If M$ open-sourced their Windoze code, I wonder if it would have the same attraction . . .
    Roger Ramjet
    • Totally AGREE.

      yeah, "forbidden fruit" syndrome are always been at work with windows, honestly M$ deserves it.

      but thre's the other side of the coin; Open source OS's gives the user, the hability to change the way "thing" works, thus making hackers attempt's more difficult.
  • Does Apple have anything to say?

    Ok, so far talkback has it's missiles fired just between M$ & Linux.

    Does anyone remember OSX it's a linux?
    Does any M$ "worshhiper" that all across the modern history of OS's M$ has been always the leading "guinea pig" for hackers and stuff?
    Does anyone remeber that Mac releases its patches much the same way M$ does?
    Does anyone know how many Mac's are been compromised?
    Does anyone know how many linux boxes are been compromised?
    Does anyone know how many windows boxes are been compromised?

    that sayed, why does PERCENTAGE say M$ is more "hackable" ( or at least has been hacked more times )?

    BTW; does anyone remeber how many virus/worms/malware are for microsoft products?, how many for mac, and how many for linux? those pest count as well towards "security", aren't they?

    i'm may be wrong, but numbers ( percetage ) aren't...
    • OSX is a Unix, not a Linux

      It's BSD based, not Linux based.

      Different code pedigree, different licensing.
      • you're rigth

        sorry about that

        But still the point persist.
      • different==same

        different license, but still (kernel & base utilities) Open Source. Essentially, Apple added a proprietory Window Manager (GUI) to an Open Source OS.
  • Open source is less safe

    In principle, open source is less safe because they can see vulnerability in systems, whereas close systems are not.

    However most safety violations occur with malicious intention. So they don't bother spend on time attacking open source products. It's not worth to spend time on open source systems because they can inflict minimal damage or information they still may have no value, due to demographics of such users.
    • Visibility is why it *IS* safe

      Adobe tried to "encrypt" with ROT13. How safe is that? How quickly was it found without the source code (answer: very quickly) How quickly could a customer find this out? (answer: not without breaking their license) Why would Adobe fix something customers can't see?

      As for the value of the information, Fortune 500 companies trust their data to OSS and about 2/3 of web servers are open source. Why do you say it's not valuable?