Posted on 05/31/2002 3:15:28 PM PDT by Bush2000
A conservative U.S. think tank suggests in an upcoming report that open-source software is inherently less secure than proprietary software, and warns governments against relying on it for national security.
The white paper, Opening the Open Source Debate, from the Alexis de Tocqueville Institution (ADTI) will suggest that open source opens the gates to hackers and terrorists.
"Terrorists trying to hack or disrupt U.S. computer networks might find it easier if the federal government attempts to switch to 'open source' as some groups propose," ADTI said in a statement released ahead of the report.
Open-source software is freely available for distribution and modification, as long as the modified software is itself available under open-source terms. The Linux operating system is the best-known example of open source, having become popular in the Web server market because of its stability and low cost.
Many researchers have also suggested that since a large community contributes to and scrutinizes open-source code, security holes are less likely to occur than in proprietary software, and can be caught and fixed more quickly.
The ADTI white paper, to be released next week, will take the opposite line, outlining "how open source might facilitate efforts to disrupt or sabotage electronic commerce, air traffic control or even sensitive surveillance systems," the institute said.
"Computer systems are the backbone to U.S. national security," said ADTI Chairman Gregory Fossedal. "Before the Pentagon and other federal agencies make uninformed decisions to alter the very foundation of computer security, they should study the potential consequences carefully."
Um, shouldn't one be labelled an "idiot" for assuming it was not bought and paid for or otherwise influenced? That's what these think tanks mostly exist for. So your statement about references is not well taken.
BTW, plug in the name of the "Institution" and "Microsoft" into a web search engine. Hundreds of hits - many of which deal with some paper the "Institution" created "proving" how Microsoft's training programs and degrees are better than others. A favorite topic of Alexis D.T., no doubt. < /sarcasm>
Security by obscurity has not worked. But nothing else has yet.
Solaris, HPUX, FreeBSD, Linux, NT, XP etc all have exploitable flaws. All non-trivial code will.
When the feature set settles down it might be possible to reach a state of reasonable security by using time/hacker tested OSs. For now all you can do is keep up your patches and run a heterogenius network (so one flaw will not take the whole thing down).
I quote:
Diversity:
Replacing a position because some guy back in '83 decided to use the odd-ball programming language : $120k
Maintaining 17 different operating system at once : $225k
Answering calls from 200 end users with slightly different desktops : $57k
Having your entire network, the networks of all your end users, and your entire array of backup systems turned into incomprehensible mush overnight due to an advanced virus that could easily target and replicate in your undiversified computer systems : Priceless
And yes this study was paid for by the propriatary OS vendors.
wow, it might? so it follows that it might not.
after they release the white paper, there might be enough details to discuss. then again, maybe not.
Do yourself and others a favor: Don't attempt to work in any job that requires logical reasoning.
Touchy, aren't you? Did you try out the web search yet, or are you just a paid poster spamming disinfo and testing the waters?
wow, it might? so it follows that it might not.
after they release the white paper, there might be enough details to discuss. then again, maybe not.
It's intuitively obvious. Open source for a hacker / terrorist is analogous to having the blueprints for Fort Knox, the US attack plan for Iraq, or the schematics on how our missile targeting systems work. Yes, as someone posted above, it can be decompiled and deduced. But that's a pretty tedious and difficult process. You can also deduce our missile targeting systems with adequate access and time.
My initial reaction to Clinton-supporting liberals who deny any liberal bias in the main stream media is a bit of angry frustration and then wondering how and why any otherwise apparently mentally competent person would continue to so delude themselves so greviously. And my initial reaction to defensive Microsoft apologizers, among whom I include the otherwise good Mr. Bush2000, is almost identical.
But then my reactions diverge. In the case of Liberals, I see that they have been a major scourge for at least the last couple of centuries, and I feel compelled to continue trying to make sense of this failing of the human condition.
In the case of Microsoft ... oh well ... their time will come ... the wheels of justice may grind slowly, but they grind exceedingly fine.
That's a nice boat you've got (on your FR homepage), Mr Bush2000. Is that Seattle in the background? I take it that Microsoft has been good to you. Congratulations on your good fortune.
Having done bug fixes on code by long gone programmers I know how much comments can help, easily a 50% reduction in "figure out how it doesn't work" (remember I was fixing bugs) time.
Good point. You also don't get the technical documentation that is available for Unix.
I was in a meeting today discussing the Pros & Cons of NT/Win2000 vs. Unix. A techie stated the Microsoft platforms were more vulnerable to intrusion attempts. I had to think of all the Abbie Hoffman's hacker newsletters. These early hackers were all Unix people. They knew Unix inside and out and had the source and documentation to fully exploit it. Of course, their biggest targets at the time were IBM and AT&T.
Touchy, aren't you? Did you try out the web search yet, or are you just a paid poster spamming disinfo and testing the waters?Sorry, bub. Debate doesn't work that way. You make an assertion, you prove it. I don't do your research for you.
"Debate doesn't work that way... Hmmm, where you learn this? And why is this a debate? Aren't you curious to find out if your premises are correct? I understand that "debate" generally is not intended to promote understanding or discussion and examination, but dualities, often false, for advocating a position, the face of specific interests.
You intiated this thread with a demonstrative assertion. Yes, I do understand that in "debate" deflection and lying are acceptable, but some here don't want to sink to that level. We're here to learn.
Though I do enjoy your web page, it's fair game, you posted it. You have my vote for most narcissitic FR profile! A masterpiece in simplicity.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.