Open source gets results, while Microsoft blames malware on 'stupid users'
Summary: While Microsoft is blaming users and giving up on malware-infested machines, the open source community proves once again it can fix bugs faster than any one company, no matter how big.
Two very different news articles crossed my desk today. First, there was a report that open source developers on 32 projects fixed 900 bugs in two weeks that were reported by an automated scan program from Coverity, sponsored by a grant from U.S. Homeland Security. Second, a presentation was given by a Microsoft security official who said that rootkits, phishing, trojans, spyware, and other forms of malware had gotten so bad on Windows that IT departments needed to come up with a fast way to "nuke the systems from orbit", i.e., wipe out the hard drive and start over. He goes on to say that phishing is a problem because "there really is no patch for human stupidity".
Suppose for a moment that popular open source systems like Linux or Samba were suddenly under the same wide ranging attacks that the proprietary Microsoft systems are under now. What do you think would happen?
I predict that lots of people, all over the world, would get fed up and start fervently scanning for holes, first by hand and then by ever more sophisticated automated scans over the source code and analysis at run time. Lists of bugs would be created, reputations put on the line, and those lists would be pounced upon by some of the same people that pounced on the Coverity list.
While the problem would not be solved in two weeks, there would certainly be a heck of a lot of progress in a hurry, compared to the years of fixes that have trickled out of Redmond. Users are plenty fed up now, but what can even knowledgeable users do to help without the source code? Nothing.
What do you think? Which is inherently more *securable*, open source or closed source?
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Give me a break, no one writes virii for Linux
And this is why
Keep telling yourself that. I'm sure it's very comforting to you.
On the other hand, maybe you should correct IDC. For some reason they think that buyers are spending over a billion dollars a quarter on Linux servers alone in 2005 -- if the growth is tracking the last few years, the Q1 number will be more like $1.5 billion.
http://www.idc.com/getdoc.jsp?containerId=prUS00153905
Here's a free break coupon
Print and cut along the dotted lines
+------------------------------+
| |
| |
| |
| This Coupon Entitles |
| You to: |
| One (1) FREE Break |
| |
| |
| |
+------------------------------+
[/pre]
Enjoy!
As I have said before
I would tend to say that #2 is more significant than #1 - but they BOTH exist!
Viruses on Linux
I'd like to know - how would OSS put a patch in the *nix kernel for phising
How exactly is a patch going to be developed for phising.
Phising is when a web site look just like the original and prompts you enter your username, password and/or credit card #'s
Normally they send you an email eg. please update your account information.
Give me a couple of tips on how Linux would put a patch in the OS kernel for phising.
the above post was posted at wrong thread
Not a system problem
Any OS can have these problems, the only thing a user can do is use an e-mail client that does such as hard as MS Outlook, like thunderbird, that WARNS the user if links looks suspitious.
OPen source is secure???
How about all the banks and credit card companies being hacked, they to run *nix in almost all case.
In fact, the ONLY place Linux seems to be adopted widely is on servers and that is where Linux is hacked daily. As to hacking Linux desktops? Not enough even exist to bother counting...
Not according to your source
Your source says over 60% are MSWindows. If you separate all of the MSWin versions and lump together all of the Apache platforms, Apache collectively comes out ahead of any one MS platform.
As they say, prevarication does not preclude computation.
You're not talking about zone-h.org are you?
LOL, way to shoot yourself in the foot
"all the banks and credit card companies being hacked, they to run *nix in almost all case."
Because they KNOW that *nix is SOOOOO far more secure than Windows.
Web servers are too easy to hack...
I find it more perverse that just connecting a PC out of the box to the Internet or browsing to certain web sites or looking at certain mail or pictures can cause it to become infected.
And if the server is
Operator error or careless administration can't be blamed on the OS, whichever one it is.
Besides, the article in question was about coding flaws, such as variables declared but not used, null pointers, writing beyond allocated memory, allocated memory not being freed, etc. I don't know where Axey came up with viruses ([i]virii[/i] is not a word) and web server defacing.
The "virii" virus
Virus - or viruses or viri.
Credit card companies being hacked?
Shape shifting
And as to "nobody" using Linux on the desktop, I do, and I've installed it on several dozen other machines for friends and family who are tired of paying the "Microsoft vulnerability/stupid-tax".
But it'll be OK, No_Az, The M/S juggernaut will continue to suck enough victims into it's web that you will be able to continue to feel some sense of vicarious power, or importance, or whatever it is that you get from being a (unpaid?) M/S shill/fanboy.
Open Source
You state that Linux use on desktops is " not enough to bother counting ".
Perhaps you should go to the Distributed Computing site Folding@Home latest figures where 1.5 million computers work on their project.
84.7% MS Windows
4.6% Mac OSX
10.6% Linux
If you can count you note it adds up to 99.9% (it's called rounding I believe )
These are real world numbers, not from your fantasy one.
Bruce
I'll call your strawman