Conservatives: Open source is less secure than proprietary software (BAHAHAHA)

Phokus

Lifer
Nov 20, 1999
22,994
779
126
*COUGH* freebsd/openbsd anyone? Somehow, i don't think you conservatives want this group representing you.

http://zdnet.com.com/2100-1104-929669.html

Study: Open source poses security risks

By Matthew Broersma
ZDNet (UK)
May 31, 2002, 9:30 AM PT







A conservative U.S. think tank suggests in an upcoming report that open-source software is inherently less secure than proprietary software, and warns governments against relying on it for national security.

The white paper, Opening the Open Source Debate, from the Alexis de Tocqueville Institution (ADTI) will suggest that open source opens the gates to hackers and terrorists.

"Terrorists trying to hack or disrupt U.S. computer networks might find it easier if the federal government attempts to switch to 'open source' as some groups propose," ADTI said in a statement released ahead of the report.



Open-source software is freely available for distribution and modification, as long as the modified software is itself available under open-source terms. The Linux operating system is the best-known example of open source, having become popular in the Web server market because of its stability and low cost.

Many researchers have also suggested that since a large community contributes to and scrutinizes open-source code, security holes are less likely to occur than in proprietary software, and can be caught and fixed more quickly.

The ADTI white paper, to be released next week, will take the opposite line, outlining "how open source might facilitate efforts to disrupt or sabotage electronic commerce, air traffic control or even sensitive surveillance systems," the institute said.

"Computer systems are the backbone to U.S. national security," said ADTI Chairman Gregory Fossedal. "Before the Pentagon and other federal agencies make uninformed decisions to alter the very foundation of computer security, they should study the potential consequences carefully."
 

StageLeft

No Lifer
Sep 29, 2000
70,150
5
0
Interesting since a thread today said that Germany was changing to Linux. But then we ain't germany ;)
 

kgraeme

Diamond Member
Sep 5, 2000
3,536
0
0
First, open source isn't inherently more secure than proprietary. There have been many, many cases of various *nix implementations leaving gaping holes open on default installs.

The difference is the community. Currently, the open source community is quite passionate about security and will patch things quite quickly. Microsoft also claims to be passionate about security these days, and based on the frequency of updates, I can't say they're slacking. What will happen if/when the open source community becomes more mainstream and people become lax about updates, as happens when anything becomes mainstream? Just a question.



BTW, Texmaster isn't around anymore. Your sig is therefore an anachronism.
 

TallBill

Lifer
Apr 29, 2001
46,017
62
91
hehe.. even if they are less secure.... hackers dont like attacking open source product... cuz its open source.. and no fun.. unlike microsoft which is percieved as evil.. and must be "beat down" or whatever...
 

nihil

Golden Member
Feb 13, 2002
1,479
0
0
Of course republicans will say that. Because open source operations aren't some HUGE corporation raking in billions of dollars. There's no back pocket to put their hand into.
 

joohang

Lifer
Oct 22, 2000
12,340
1
0
The argument could be something along the lines that because the source code is available, it is more vulnerable to attacks.

Perhaps it *is* based on a well-founded argument.

I agree with what kgraeme said.
 

Hayabusa Rider

Admin Emeritus & Elite Member
Jan 26, 2000
50,879
4,268
126
Originally posted by: nihil
Of course republicans will say that. Because open source operations aren't some HUGE corporation raking in billions of dollars. There's no back pocket to put their hand into.

OMG! And I was thinking about tinkering with Linux. Since I voted Republican, I can't do that. Thanks for reminding me! :p
 

SuperTool

Lifer
Jan 25, 2000
14,000
2
0
Actually they might be right. I mean of course linux is more secure than Windows. But if I was the government, I would not use linux for mission critical stuff, at least without additional secret modifications. I would use some rare OS that few people are familiar with. Not only that, but I would not disclose which OS they are using anyways.
 

nihil

Golden Member
Feb 13, 2002
1,479
0
0
Originally posted by: Hayabusarider
Originally posted by: nihil
Of course republicans will say that. Because open source operations aren't some HUGE corporation raking in billions of dollars. There's no back pocket to put their hand into.

OMG! And I was thinking about tinkering with Linux. Since I voted Republican, I can't do that. Thanks for reminding me! :p

You're really stretching what i said. =\

All i mean is that it makes sense that they would say this considering historically republicans are all about big business. This is just another attempt to snub out the competition and it's really quite pathetic. I don't even think that these politicians have any right to even say something like this because they most likely know nothing about computers and security. I could be way off, but i think it's fair to say that they should have little say in this matter unless they have done comprehensive studies through unbiased research institutions.
 

Hayabusa Rider

Admin Emeritus & Elite Member
Jan 26, 2000
50,879
4,268
126
Originally posted by: nihil
Originally posted by: Hayabusarider
Originally posted by: nihil Of course republicans will say that. Because open source operations aren't some HUGE corporation raking in billions of dollars. There's no back pocket to put their hand into.
OMG! And I was thinking about tinkering with Linux. Since I voted Republican, I can't do that. Thanks for reminding me! :p
You're really stretching what i said. =\ All i mean is that it makes sense that they would say this considering historically republicans are all about big business. This is just another attempt to snub out the competition and it's really quite pathetic. I don't even think that these politicians have any right to even say something like this because they most likely know nothing about computers and security. I could be way off, but i think it's fair to say that they should have little say in this matter unless they have done comprehensive studies through unbiased research institutions.

Dude it was a joke ;)
 

nihil

Golden Member
Feb 13, 2002
1,479
0
0
Originally posted by: SuperTool
Actually they might be right. I mean of course linux is more secure than Windows. But if I was the government, I would not use linux for mission critical stuff, at least without additional secret modifications. I would use some rare OS that few people are familiar with. Not only that, but I would not disclose which OS they are using anyways.

Why do you think it is that the NSA has their own version of linux? It was developed with security in mind and heavily fortified. But it is still open source, if it had "secret modifications" then it would not be considered an open source OS at all. As far as not disclosing what OS is being run, that is just not possible. It is simple to find information like this out.
 

nihil

Golden Member
Feb 13, 2002
1,479
0
0
Originally posted by: Hayabusarider
Originally posted by: nihil
Originally posted by: Hayabusarider
Originally posted by: nihil Of course republicans will say that. Because open source operations aren't some HUGE corporation raking in billions of dollars. There's no back pocket to put their hand into.
OMG! And I was thinking about tinkering with Linux. Since I voted Republican, I can't do that. Thanks for reminding me! :p
You're really stretching what i said. =\ All i mean is that it makes sense that they would say this considering historically republicans are all about big business. This is just another attempt to snub out the competition and it's really quite pathetic. I don't even think that these politicians have any right to even say something like this because they most likely know nothing about computers and security. I could be way off, but i think it's fair to say that they should have little say in this matter unless they have done comprehensive studies through unbiased research institutions.

Dude it was a joke ;)

Oh. That one sailed right over my head. Dude, you're getting the finger!
;)
 

SuperTool

Lifer
Jan 25, 2000
14,000
2
0
I will say one more thing. I think ADTI should mind it's own business and let the IT professionals at various government institutions deside what system they want to use without outside political pressures.
 

nd

Golden Member
Oct 9, 1999
1,690
0
0
Originally posted by: SuperTool
Actually they might be right. I mean of course linux is more secure than Windows. But if I was the government, I would not use linux for mission critical stuff, at least without additional secret modifications. I would use some rare OS that few people are familiar with. Not only that, but I would not disclose which OS they are using anyways.
Sorry to beat a dead horse, but security through obscurity is STILL not security. Some rare OS is likely to be less tested/mature than others, and is a bigger risk. Look at the recent X-box security hole report. It really is a natural tendency to want to embrace obscurity, but you must not fall for it.
 

nihil

Golden Member
Feb 13, 2002
1,479
0
0
Originally posted by: SuperTool
I will say one more thing. I think ADTI should mind it's own business and let the IT professionals at various government institutions deside what system they want to use without outside political pressures.

Yep. That's exactly what I was trying to say in my post above. The professionals should make these decisions, not a bunch of technophobe politicians.
 

KevinMU1

Senior member
Sep 23, 2001
673
0
0
I concur that the best security is having no information. If I were running a box that I needed to be as secure as possible, I would certainly NOT say what OS it was running--although this could be found out easily enough I'm sure. Remember, lots of the hacking out there is casual hacking, and so anything that makes it slightly harder is a good deterent. It's like locking your doors... if you leave them unlocked you beg for disaster, but by simply locking them an intruder may move on, hoping to get lucky elsewher. Further, the open source OS *can* be overhauled, as the NSA did, which is probably the best option of all. Of course, the ideal option would be to build one from the ground up, but that gets to be a bit impractical.

I think to say either is inherently worse is just making generalizations, ones that I don't think could possibly be consistently true. That's why statements/arguments like this bother me. The world's not black & white, it has many shades of gray.
 

her209

No Lifer
Oct 11, 2000
56,336
11
0
Actually, why can't they modify the source code and not provide the source code. There are a lot of companies out there that use Linux and modify it for their needs. I don't think it is required to give out source code if you aren't distributing the software.
 

JellyBaby

Diamond Member
Apr 21, 2000
9,159
1
81
Software can be either insecure or secure. Whether it's based on open source code or closed source code doesn't really matter.

All you need to do is look at MSs security problems over the life of all of its products. Proprietary means jack squat.

Software must be designed from the get-go with security in mind. MS's hasn't done this. They're finally paying the price. But there's no reason they can't batten down the hatches.
 

Nemesis77

Diamond Member
Jun 21, 2001
7,329
0
0
An expert at the British government's computer security headquarters, CESG (Communications-Electronics Security Group) has endorsed Linux along with the open source model for software development as the most secure computer architecture available. CESG is the sister organisation of the notoriously secretive GCHQ (Government Communications Headquarters).

Troughton also explains why he would never recommend a competing commercial product with hidden source code. He says, "Windows was built for a single computer and then the network was added on as an afterthought. Also it's closed source, and I would never ever trust someone else completely with security."

"I don't think anyone who has ever really looked at security has ever taken that "security by obscurity" claim seriously. I have faith in Linux because I can audit it. I wouldn't put my money in an unaudited bank"

Source