Jump to content

Linux, Can open source be secure?


Kieth
 Share

Recommended Posts

Just for discussion's sake, I thought I would tell you what I was told today by a Windows information technician for a very large national "company". I ask him if they ever considered using Linux instead of Windows, and he said no, categorically, because of security. His argument was that, since Linux is open source, everyone knows the codes, so therefore it would be too easy to "break" the system. Whereas, the code for Windows is unknown, therefore much harder to break. I didn't believe him, but I thought it was interesting on how he was so convinced on the "greatness" of WindowsXP (but not Vista!).

 

 

[moved from Security by spinynorman]

Link to comment
Share on other sites

I've heard that argument several times, especially in my previous (government) job. it's a bit of a fallacy, really.

 

You should toss this argument back at him.

 

Because Windows is closed-source, a bug/security hole could exist and be exploited in the wild without anyone ever knowing, until it reaches enough occurences to attract attention. With open source, anyone may be able to find the hole, but that also means that anyone can fix it - if a flaw is exploited, the affected party can go look at the code and find the issue (assuming they have the necessary knowledge). You don't have to wait for some company to 1) notice the problem and 2) create a fix.

 

when it comes to security, both open and closed source programs have their downfalls. research has, however, shown that open source projects fix security flaws quicker than closed source.

Edited by tyme
Link to comment
Share on other sites

The Windows guy is talking through his a**e.

If security was a problem do you think the National Security Agency (USA), NASA, Stock Exchanges, Banks, Police Forces, Schools, Military, Universitys, Railways and others would be using Linux. And more organisations are changing over to Linux every day, not less. The only reason it isn't happening faster is because of the proliferation of these kind of fools who keep regurgitating this kind of falsehood.

 

He is simply demonstrating he is an idiot who is simply pretending to, or thinks he knows what he is talking about.

 

I would call him out on it and get him to show his sources of this nonsense. I can bet you his sources will be Microsoft.

 

Just remind him that it was the NSA that said some time back that NOBODY should use Internet Explorer under any circumstances if they valued security. Funny isn't it that it did not say the same about any other browser.

 

Cheers. John.

Edited by AussieJohn
Link to comment
Share on other sites

I also would argue that the user permissions with linux are far tighter than with windows. I guess a key logger type of program could work its way in, but it cant attack the system as it needs to have root privileges to do that.

Link to comment
Share on other sites

I also would argue that the user permissions with linux are far tighter than with windows. I guess a key logger type of program could work its way in, but it cant attack the system as it needs to have root privileges to do that.
This statement is true without a doubt, however, how many Linux users (including myself) use a strong root password?

The question of open source security is raised from time to time and I would say that in my experience it is no more secure than Windows. The difference being that if rouge code was introduced it would quickly be found and rectified. There is no 'Registry' in which to hide such code. As for say a web page installing a trojan, well one would know as usually for a program to be installed the root password needs to be supplied and so the dialog box would pop up and ask for it.

There are many, many arguments to this subject so I will leave it there and let some others add their views and experience.

Link to comment
Share on other sites

As tyme says, with open-source, anyone can fix it, whereas Windows, it's only Microsoft.

 

Also, don't forget that not so long ago, a flaw and exploit existed in Windows which took at least two months before a fix was available! Shocking!!!

Link to comment
Share on other sites

In any case, his premise is entirely flawed. Most of the Windows codebase has been leaked (it's happened several times) and is easily available in all the wrong places. Just because it's not *legal* to acquire the Windows source code doesn't mean you *can't* - and the kind of people who attempt to exploit operating systems are hardly likely to worry about legality.

 

The argument is completely wrong too, of course, but you don't even have to bother engaging him that far down the road. It fell at the first hurdle.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...