Need Hlp Answering Microsoft Guy!

[esafwan]

Hi Everybody,
I'm a passionate user of linux and at present i'm using Ubuntu Gutsy. I recently had debate with my friends, regarding linux vs Windows.

The point i couldn't answer was; that he claims that the source code being open source make greater chance for security breaches and it cannot be secure as windows. And the present less virus condition is b'cos less ppl use it.

I answered like it was not right, i sited that moazilla firefox even aftr being open source is more secure than IE.

But i myself is not clear with this open source and security relation!

Pls somebody Hlp me!

[bigtomrodney]

You know what they say....obscurity is not security. Bad code does not survive because it can't be seen. Think of all of the software cracks out there on proprietary software. All hidden code. All of the Windows exploits that viruses make use of.

Good secure code can be right there in front of you and still not let you know how to get around it. Encryption for example is better than just hiding the code that evaluates the password.

[Jonathan183]

Google opensource software security ... first hit you should be able to find lots on the subject.

[hugortega]

Hi esafwan,

With source code, many people have the opportunity of fix quickly bugs... in Eric Raymond words: "given enough eyeballs, all bugs are shallow"...

[flynismo]

The point i couldn't answer was; that he claims that the source code being open source make greater chance for security breaches and it cannot be secure as windows. And the present less virus condition is b'cos less ppl use it.

In one sense, he does have a point...Windows is the top dog (in terms of how many people use it), so naturally, it will be attacked more.

However, and I certainly wouldn't use this as an argument because I have absolutely nothing to back it up with, I suspect that proportionally, Windows users are much more likely to make mistakes that causes them security issues because they are in large part casual users. Linux users for the most part are a bit more computer savvy, or so it seems, anyway.

[Dapper Dan]

The point i couldn't answer was; that he claims that the source code being open source make greater chance for security breaches and it cannot be secure as windows.

This is not a valid argument. One could know every aspect of the security of Fort Knox, but that wouldn't make the job of stealing gold bullion from it's vaults any easier.

[MikeTbob]

This is not a valid argument. One could know every aspect of the security of Fort Knox, but that wouldn't make the job of stealing gold bullion from it's vaults any easier.

Hiya Dan!
What a most excellent Analogy!
I give it four Bananas! heh

[elija]

I am possibly re-iterating a point made earlier but, open source will usually be
more secure than closed source for the following reasons.

It's not Microsoft. It may be a cliché but MS is definitely attacked more than
other operating systems. This is not purely down to numbers but also quality
of code and integration. Take IE as an example here. It is so closely tied in
to the operating system that an update to the web browser requires a reboot.
Compromise the browser and it lets you in elsewhere. How may exploits have
been found for IE alone?

Open source has a worldwide community of talented and motivated programmers
looking at and modifying the code base. It is probable that when an exploit is
found it will be patched quicker than in an open source environment. If a coder
on the Debian distro finds and fixes a flaw, it will usually be distributed to the
other distros very quickly. Such is the nature of Open Source.

Apart from a lack of talent, there is nothing to stop me from finding, fixing and
submitting bugs

The very architecture underlying Windows allows for security breaches. Unix
(and therefore Linux, Mac OS and others) were designed from the ground up
for a networked environment.

Cyber-thugs (hackers according to the tabloids) value getting into Linux
systems far more than they do getting in to Windows systems. Purely because
it is harder and the kudos that goes with it will be greater. I'm not talking
about script kiddies here, I mean the skilled but morally bankrupt individuals
who really know what they are doing!

I would say that the last point is interesting. It shows how much better the
Unix based Operating Systems are at security. A valued prize that is achieved
far less often.

Finally, don't let anyone tell you that Linux is impregnable. It isn't.

[Dapper Dan]

What a most excellent Analogy!

Hi Mike. I'm afraid I can't take credit for that. I read it somewhere years ago in an article online about this very subject. I've been trying to find the exact quote but haven't yet. Still looking though...

[Manchunian]

Every minute of the day, someone, somewhere in the world is looking at the Linux source code. If there's a weakness, then it's found within hours of its appearing. Microsoft employees are relatively few (compared to the millions of world-wide Linux volunteers) and most of them are in one place. 24 hours a day, 7 days a week, someone is working on Linux. Also, the fact that Linux and its software is open means that official servers, wherever they are in the world, store Linux programmes, as well as the kernel and the various distributions themselves. When you install something using the software management tool, you know that what you're putting on your computer has been checked and double checked against errors and malicious code. Compare this with downloading software for Winows where all you can do is hope that what you're installing comes from a reliable source and that your anti-virus will be able to detect any nasties that might come with it. The two are simply incomparable, which is why most servers in the world run on Linux and other Unix-type systems rather than Windows.