Welcome to p2pnet.net - The original daily p2p and digital news site. Always First!
REGISTER | LOGIN
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
Reviews
Open Source
Mobiles
Advertising
Products
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Scroogle Search: 
Search
 
Web p2pnet   
   Search: 
Search
Torrent Site Tracker
    Sponsored by
Frostwire
 
p2pnet
 


mp3rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

‘Switch to Linux,’ continued

p2pnet.net News:- Chris Spencer’s Open Letter has sparked debate here and elsewhere.

Below is another p2pnet reader’s post on the subject.

Read on >>>>>>>>>>>>>>>>>>>>>>>>

Spencer: “But, I’ve never gotten [spyware] accidently or without my knowledge.”

This is a rationalization primarily because the Windows operating system permits execution of arbitrary code from a remote web site simply by visiting that site. All one has to do is visit an infected site-and many reportedly infected sites are from respectable sites such as ZDNet UK-to get spyware.

Spencer: “Linux is secure right now because it’s not mainstream (enough.)”

Over 70 per cent of all web servers on the Internet run the Open Source Apache Web server. You may view the Netcraft Web server statistics here: http://news.netcraft.com/archives/web_server_survey.html

The difference isn’t popularity; it’s design. Unix and Linux have been through over 25 years of people trying to break it; some of the brightest coming from the Universities. What you end up with is a system that is secure by design having it’s rough edges smoothed over like pebbles in a creek over time.

Spencer: “The main problem with Linux? Everyone knows the source code.”

This is decidedly untrue. Does access to the source code give the bad guys a leg up when designing exploits? Of course it does. Consider though that the source has been open for the last 10 years. Most of the most severe exploits have already been discovered and remedied. As the project matures it becomes more and more secure-more stable and “bullet proof.”

Besides, not having the source code is at best a minor impedament to breaking a system; anyone who has ever gotten a Windows virus or spyware can testify to that.

In short, security by obscurity does not work. It is only when everyone knows the algorythm and you _still_ can’t crack the application as it is mathmatically “clean” that you can have a truly secure system.

A Master Lock, for example, isn’t secure because no one knows how a lock works; it’s secure because everyone knows how it works and is still secure. I recognize that one can pick a lock but you get the idea.

Finally, once an exploit is discovered you’ll find the community refreshingly honest letting people know about it. You’ll also find hundreds swooping down to fix it. This results in faster patches (often within hours) for an exploit advisory.

By the way, since the code is open and Linux is modular, you can see the effect of the patch before you apply it. I’ll take that over crossing my fingers with Windows every time.

Finally, I’d like to give you an updated view of the technology scene. It’s turning out that the industry is getting increasingly impatient with the whole notion that closed is better than open. Please, it’s time to start thinking for yourselves; really examine the system and make your own decisions rather than regurgitating when someone else has told you.

The rest is up to you.

===================

See:-

Open LetterOpen Letter to a Digital World, Chris Spencer, December 19, 2004
another – Answer to ‘Switch to Linux’, p2pnet, December 21, 2004

This entry was posted on Tuesday, December 21st, 2004 at 4:33 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 9807 times

« previous BBC to close web sites
Orrin Hatch song in Ocean’s 12 next »

5 Responses to “‘Switch to Linux,’ continued”

  1. Reader's Write Says:
    December 21st, 2004 at 7:02 pm

    Exactly the way to put it.
    As a longtime Linux user, it really angers me to see m$ propaganda that is full of lies. :(

  2. Reader's Write Says:
    December 21st, 2004 at 7:10 pm

    I’ve been using Fedora Core 3 Linux now for over 3 months, and I regret not having switched sooner. I mean, I don’t have to care about spyware, viruses or anything. Azureus, Apollon, Xnap and WinMX (under WINE) are all running most of the time.
    The Open Source world rocks! :D
    DaBlade (666forums.tk, Slyck.com)

  3. Reader's Write Says:
    December 22nd, 2004 at 2:05 pm

    With Linux, you can have the best of both worlds. Even if a worm is designed to exploit a general Linux flaw, it will most likely not affect me. This is because a made a lame hack that filters exec system calls made from most prgrams that use the Internet. I would have had a hard time doing this within the Winblows environment. Yes, if a security flaw is not fixed, it is possible to include instructions within an exploit to bypass my filtering hack, but anyone with sufficient knowlege can write their own hack that would require different bypass code. Now, imagine virus and exploit writers having to tailor their code to work against a hundred or so hacks. It would make things more difficult, wouldn’t you agree? Welcome to the world of open source.

  4. Reader's Write Says:
    December 22nd, 2004 at 2:07 pm

    I have explained Security by Obscurity this way in the past:

    Security is like a game of chess. There are players working against you which we tend to call “black hats”, and players that are working for you which we tend to call “white hats”. For every move a “black hat” makes, you need to have your own “white hat” making a counter-move so that in the end you win.

    What Open Source does is give both the white and black-hats the ability to learn well their craft and practice any time they want. When a white-hat finds a bug in the system they will fix it, essentially removing a possible future move from the black-hat and narrowing down his/her options.

    With closed source what you have is a situation where only those willing to break the law, in other words the black-hats, will have the ability to learn and practice their craft. When a potential move is discovered it remains undiscovered and not fixed until it is fully exploited at a public tournament (IE: many computers get broken into).

    By tying the hands of the white-hats you end up only ensuring that when the real tournament happens that YOU WILL LOSE!

    A few years ago I was involved in a government initiative to help define the Open Source security strategy. The following WIKI contains some of the results: http://c2.com/cgi/wiki?OpenSourceSecurityStrategy

    Russell McOrmond http://www.goslingcommunity.org/

  5. Reader's Write Says:
    December 25th, 2004 at 12:10 am

    “The difference isn’t popularity; it’s design”
    Yeah right! Dream on….if I was a hacker, I wouldn’t waste my bragging rights on Linux. Why? Because, if I was a hacker, I would want to do as much damage as possible. I would want my creation on CNN. Going after Linux wouldn’t get me that fame.
    But…if one day Linux becomes super popular…people with attitudes such as yours are taunting, to say the least.

    The Lounge

Leave a Reply

ONLY items referencing the post at hand, please. No links to personal sites, no personal attacks, trolling, freebie advertising, or off-topic posts. Thanks. And Cheers!

    Sponsored by
tek savvy