 |
|
For absolute security (is there any such thing?), you must create your software from scratch. With Free/Open Source, you have the basic work done for you already. If you are worried about the re-distribution clause in the GPL, my guess is that you do not need to redistribute your code if the product itself is not distributed publicly (that is, for internal use).
-
Aveek Bhattacha
RVCE
Bangalore
|
07/02/05 04:08 PM
Reply
|
|
|
|
|
|
No! Sorry Sir O'Downd this risk not happen if you have a sharp IT team
Don't worrie we cappable people.
-
Ibson Pereira
Hightechserver
Deerfield Beach
|
02/02/05 09:08 PM
Reply
|
|
|
|
|
|
My argument on yankee group report published in CXO Today still holds true that by its very nature, open source platforms could be changed (by the client, - for example) leaving vendors defending potential intellectual property liability claims for a platform or components they cannot control. While open source is generally a good thing, I would have concerns about running a business on code that could be changed by anybody, anytime. And with defense this surely is a concern. To repeat I am no Linux hater and nither I have any grudge against Linux but the point is till the time this issues are not solved Linux will never find a way in large places (baring few) and always these points would be debated.
-
Rana Dutta
Movinture Stora
Bangalore
|
13/04/04 11:25 AM
Reply
|
|
|
|
| |
Anybody can "change" code on any system . . . I don't need to know the original source code to wrie a new "print" command on Windows or cloes source UNIX. The issue you are thinking about is source control and basic system integrity security, an issue not unique to LINUX. If you run a company that has their systems set up to allow anybody to "change code", you would also need to run a company that allows anybody tohave access to install that code on your systems . . . in this case, having closed source would not be of much advantage.
-
David Landry
no company
Toronto
|
13/04/04 06:03 PM
|
|
|
|
| |
Agreed code can be changed any time and by any one but who tells u to use it. Be happy with the code that u have already verified and start working on that. It not number of people that should count, it is availabilty of code and design that should be considered. And BTW getting Linux source and verifing it is always a better (and wise) alternative compare to starting from scratch.
-
MWTI
MWTI
Mumbai
|
31/01/05 11:48 AM
|
|
|
|
|
|
Sorry - O'Dowd's point is badly argued and logically weak. The Ken Thompson back-door in Unix was, the article states, inserted in the BINARY code -- which O'Dowd then says 'proves' that "...'many eyes' looking at the SOURCE code can't prevent subversion." [emph. added] Well, of COURSE source review won't reveal binary tampering - that's not even at issue. The bigger problem is that he lumps together any and all Linux systems into a single concept and says "that's insecure because there are too many fingers in the pie". Well, if I just download a full distro and install executables -- sure, it could have a security flaw, intentional backdoor or programmer error (Microsoft buffer-overflow, anyone?) But if I build a system from source, using well-reviewed code bases, AND follow good security practices and processes, that's a VERY different scenario. (Btw - I've served as an expert witness and testified on computer security matters, and gotten a security encryption company to funding with two major venture capital firms - I DO know something about this stuff...)
-
Privacy Please
[decline to sta
SF Bay Area
|
15/04/04 08:26 PM
Reply
|
|
|
|
|
|
It is a Joke..
-
Niket
Neo Consultancy
Gandhinagar
|
15/04/04 03:35 PM
Reply
|
|
|
|
|
|
No, He is totally wrong. Is he getting paid by Microsoft?
-
Cruz
Home
San Antonio
|
12/04/04 06:45 PM
Reply
|
|
|
|
| |
Considering his picture looks like a twin of Bill Gates, more than likely!
-
Anonymous
No Company A'ta
Denver
|
13/04/04 04:30 AM
|
|
|
|
| |
My dear friend ensure not to use a public forum to voice your hatred for others. You can always opt for hate groups to do that. If some one resembles some one that doesn't make him a close ally of that person. A healthy debate is always welcome but not this way.
-
Rana Dutta
Movinture Stora
Bangalore
|
13/04/04 11:28 AM
|
|
|
|
|
|
Here is another American with GB (George Bush) syndrome crying "WMD" and declare war on Linux. Reading his comments make me conclude he is on the payroll of some big fish like SCO or MS. Get out of your shell man ...there is a whole world out there to be explored in the Open Source.
-
Sreejit N
Open Source
Chennai
|
13/04/04 10:30 AM
Reply
|
|
|
|
|
|
I really Pitty Dan O'Dowd knowledge of security. While linux is developed by open sourse does not mean that the system can be insecure,security comes at a price and its no guarantee that windows could give that because of its price. Hackers get kick out of the challenges in security and so do people who write virus. There are more instances of windows going vulnerable to attack that we have been reading and not on Linux. As long as there is a good firewall and internet security system in place no information can become vulnerable.But also it is a fact that there is no one system today that can claim it is safe. Windows or Linux both have their advantage and disadvantages.Where as you don't spend much on Linux so you can afford to spend on the security aspect where as on windows you loose in both aspect valuable $.
Please remember that most well guarded and secure places have been always had most security breaches and in Public places there is less threat to security.It is a fond illusion that any other system thats paid tax payers money can buy National Security. Linux is owned by common people and they are stake holders and I am sure there patritism to this can give better Security.
Whats the Guarantee that there are no bugs in other OS which sends out critical info to its owners.Anything is possible.Atleast in an open sourse there are no such threats.
-
Dr.N.V.R.Nathan
Amrita Vishwa V
Coimbatore-India
|
13/04/04 10:01 AM
Reply
|
|
|
|
|
|
There is no security that cannot be broken into. It is a question of time. The better security systems are those that will require more time and hence reduce the probability of a break-in. Open source has more options and hence will require more time to break-in. Hence it would be a more secure system.
-
Anon
Anonymous
Mumbai
|
13/04/04 10:00 AM
Reply
|
|
|
|
|
|
I think we should not curse O'Dowd. It is business and whatever he said (offcoures Microsoft would have supported it thru' BackDoor) is his need to run his business. I think there is no threat to "Linux", but Linux is a possible threat to O'Dowd and his big brother Bill and so many godfathers of "Closed Source Operating Systems".
-
Ruchika Sharma
MicroHard (Door
Don't know where I am???
|
13/04/04 09:59 AM
Reply
|
|
|
|
|
|
this fudster Green Hills ' an OS provider for 32- and 64-bit embedded systems is mad because his windows based fud ware did not get every greedy little bit of money posible out of the usa goverment and that is there problem.
-
wawadave
nuteck
regina
|
13/04/04 08:48 AM
Reply
|
|
|
|
|
|
<quote>He installed a back door in the <b><b>binary code</b></b> of Unix that automatically added his user name and password to every Unix system</quote>
I assume this story is true, but it says binary code. Does this have anything to do with open-source. It seem like the author is trying to fool inattentive readers.
-
Anonymous
None
New York
|
12/04/04 10:53 PM
Reply
|
|
|
|
|
|
Saying that the openness of Linux makes it vulnerable is like saying that being in a big public area with many witnesses around dramatically increases the chances of getting mugged -- because each of those "witnesses" is a potential mugger. What destroys this line of logic is that each non-mugger is still a potential witness, which muggers avoid.
O'Dowd's entire press release is based on the false logic of swallowing the elephant and straining at the gnat: that we must accept that foreign agents could potentially submit "backdoor" code, and we must accept that the code might actually win inclusion into the source tree, but we must dismiss the possibility that thousands of eyeballs looking at the source might discover the vulnerability, and we must dismiss the possibility that maybe foreign agents would rather take a route that's _not going to put them_ under thousands of eyeballs of scrutiny -- and we should do all this accepting and denying of possibilities without once looking at actual probabilities.
It's telling, though, that O'Dowd has to move on to absolute falsification of the facts to try and shore up his point. He references Ken Thompson's hack of the UNIX C compiler that was designed to edit a back-door into any recompilation of the "login" command and falsely claims that it "automatically added his user name and password to every Unix system", which might have been the case, *if the compiler that contained the back-door had ever been distributed, which it wasn't*.
The incident proves the exact opposite of what O'Dowd tries to claim it does. Scrutiny of the source code could not have detected the back-door, because the back-door *wasn't in the source code at all*, it was in the binary code -- exactly what O'Dowd is selling as CEO of a closed-source operating system and exactly what he is trying to pitch as the solution to security woes caused by open source.
With this in mind, it is somewhere between hilarious and unconscionable that O'Dowd so conveniently edited Thompson's quote to eliminate eight words that he clearly found inconvenient. Thompson's original words in "Reflections on Trusting Trust" were "You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.)"
-
Antaeus Feldspa
none
Boston, MA
|
12/04/04 10:40 PM
Reply
|
|
|
|
|
|
No, quite the opposite. ---Food for thought-- how many times have you seen a Mac or Windows computer hacked in a movie? Now ask the same about Linux...?!
-
Anonymous
Anonymous
-
|
12/04/04 10:36 PM
Reply
|
|
|
|
|
|
NO. What about this story then dealing with trojaned closed source software that was planted for the Russians to steal???
http://www.theregister.co.uk/2004/03/16/explosive_cold_war_trojan_has/
Quote "A reminder of how important these are came last week with a revelation from the Cold War era, contained in a new book by a senior US national security official. Thomas Reed's At The Abyss recounts how the United States exported control software that included a Trojan Horse, and used the software to detonate the Trans-Siberian gas pipeline in 1982. The Trojan ran a test on the pipeline that doubled the usual pressure, causing the explosion. Reed was Reagan's special assistant for National Security Policy at the time; he had also served as Secretary of the Air Force from 1966 to 1977 and was a former nuclear physicist at the Lawrence Livermore laboratory in California. The software subterfuge was so secret that Reed didn't know about it until he began researching the book, 20 years later.
The scheme to plant bugs in Soviet software was masterminded by Gus Weiss, who at the time was on the National Security Council and who died last year. Soviet agents had been so keen to acquire US technology, they didn't question its provenance.
"[CIA Director] Bill Casey at Weiss at the NSC decided to help the Russians with their shopping. Every piece of sw would have an added ingredient," said Reed to NPR's Terry Gross last week."
endquote
-
paul cooke
linux user
Gloucester UK
|
12/04/04 09:44 PM
Reply
|
|
|
|
|
|
I believe that O'Dowd must be recieving a microsoft paycheck, because of his belief that a military controlled linux code is more vulnerable than some proprietary code. Think about it O'Dowd, due you really trust Bill and SCO enough to give them our defense?
-
-_-
-_-
-_-
|
12/04/04 09:40 PM
Reply
|
|
|
|
|
|
How can something that is transperent be worse than something that is in a black box? The black box (MS??) could have many problems that others could find prior to use. The army does not want weekly bug fixes!
-
Rohin Baneji
R.B.C.
Sterling Heights
|
12/04/04 09:30 PM
Reply
|
|
|
|
|
|
Linux not secure? I guess O'Dowd nor the author have ever bothered to check out the version of Linux created/supported by the National Security Agency. Web site at: http://www.nsa.gov/selinux/
This article is another case of fear-uncertainty-doubt (FUD) from people who lose money as Linux advances. It's nothing more than that.
-
Bryce Fowler
Defense Contrac
San Jose
|
12/04/04 09:20 PM
Reply
|
|
|
|
|
|
The Register aptly summed it up for our CEO F(r)iend. He's gone Apeshit Bananas. http://www.theinquirer.net/?article=15274
-
Sameer Verma
I Insist Via Ja
that.you.must
|
12/04/04 09:13 PM
Reply
|
|
|
|
|
|
umm... so it's safe to assume closed source software doesn't have any hidden backdoors, but it's not safe to look through open source software and look for them? The 'many eyes' are even more many than they were years ago (and indeed are many many times more than the number of eyes looking at closed source software), and "you can't trust code you didn't write yourself" applies to code in closed source software too!
why is the word free in quotes there?
"one back door in linux, one infiltration, one virus..." are you saying there are more viruses/trojans/backdoors for linux than closed source software? one of any of those could do exactly the same if the government were using closed source software.
and what are you saying "provably secure solutions" for? nothing is provably secure, and closed source software is provably less secure.
-
Andrew Kay
Not A Company,
Coventry, UK
|
12/04/04 08:56 PM
Reply
|
|
|
|
|
|
WWW.BEYOND-SCEINCE.COM
MIGHT BE BUT LINUX IS THE FUTURE
YOU CANNOT CONTROL EVERYTHING OR CAN WE!!!???? Is that it!!
-
TIMOTHY LIVERAN
BEYOND-SCIENCE.
LAWRENCEBURG
|
12/04/04 08:50 PM
Reply
|
|
|
|
|
|
IS THIS WRITER BLONDE?
The fact that it is open-source means that if anyone tries to include elements that would harm the same community it would be immediately detected. It is not a one man show but a community of thousands of developers who have shown responsibility towards their users and the community as a whole.
Linux would allow any organization to highly customize it according to their own use and needs. Morever its performance is more of the factor than the issue of price. I am sure that with Bush in office there is no shortage of funds to buy software.
And if you dont want to use a truely open software then buy the Enterprise editions offered by several Linux vendors.
NOTE TO THE EDITOR:
please screen your articles so that they have some sense and facts behind them.
-
rohan
none
state college
|
12/04/04 08:47 PM
Reply
|
|
|
|
|
|
yes definitely and there is no single organisation who will then take responsibility of the same...
-
Akshay Shah
ASIC Infotech P
Mumbai
|
12/04/04 08:44 PM
Reply
|
|
|
|
|
|
Of course there is always a chance that any OS will have vulnerabities, but "openness" is no more a contributor than "closeness".
Just as someone could fake an ID and contribute backdoor code that might get missed in a code review, so to could this happen in a "closed" OS . . . not only that, but thus whole "Green Hills" company could be a spy-ring with the code reviewers themselves being "in-on-it".
In order for the D.O.D. to be reasonably sure there is no backdoor or other security issues, they should review the code no matter who supplies the OS.
That puts them in the position of where the best starting place might be . . . an open source OS that has passed thousands of reviewers, or a closed source OS that has been reviewed by a few reviewers.
All things being equal, the open source OS has a much better chance at coming out of the process in better security shape.
-
David Landry
No Comapny
Toronto
|
12/04/04 08:34 PM
Reply
|
|
|
|
|
|
This Guy is a DUMB FOOL and has some affiliation to SCO. Linux is about to rule the World, if you are not fine with it dont use it, After all using Windows/UNIX you are breaking hundred of EULA's and vulnerable to attacks from all over the world. With Linux the product is improved all the time. If I leave a gaping hole someone else will find that out. Have you heard about peer review, Linux is the Equivalent of Peer review for a Software. And no peer review is always good.
-
Anand
Anonymous
Philadelphia
|
12/04/04 08:25 PM
Reply
|
|
|
|
|
|
Dan O'Dowd has not got a clue.
Unix was and is not open source. That's why Ken Thompson "backdoor was never found. If that were done in Linux, it would be found very quickly. I guess Dan O'Dowd would prefer we use his OS because he is loosing business to open source. By the way the D.O.D. does not download the free versions of Linux. They purchase a supported Enterprise Edition to be customized for thier needs. Dan O'Dowd has not got a clue.
-
JoeTheTech
City of Warner
Warner Robins
|
12/04/04 08:18 PM
Reply
|
|
|
|
|
|
That is TOTALLY ridiculous. How do they know that proprietary code hasn't been affected? They examine it that is why. They can examine the Linux code as well but with Linux they have thousands others with a great deal more experience doing the same thing and there is almost no way someone could slip something by that many. That is why Linux is so stable to begin with.
-
Anonymous
Anonymous
Anonymous
|
12/04/04 08:03 PM
Reply
|
|
|
|
|
|
If 99% of your article is nothing more than copying a biased, product-related press release (aren't they all), then just reproduce the press release. This "reporter" has added nothing to the press release other than presenting it as "news".
-
No name
No company
Toronto
|
12/04/04 08:02 PM
Reply
|
|
|
|
|
|
quite the contrary - what bothers this guy is his lucrative business might suffer! If the DOD wants to use Linux and make sure there are no security problems, then they should hire staff to fix the bugs - that way we can all benefit!
-
Aslakson
Home
Atlanta
|
12/04/04 08:00 PM
Reply
|
|
|
|
|
|
YES
-
bob
ffff
NY
|
12/04/04 07:38 PM
Reply
|
|
|
|
|
|
What crap. Recent history shows microsoft is the number one security risk for any system. O'dowd is another Micro$oft flunky who should stay home and shut up.
-
Ted Potter
Linux Freedom M
San Rafael
|
12/04/04 07:30 PM
Reply
|
|
|
|
|
|
By simply saying that Linux is a huge security hole and that devence agancies should use closed source software people are trapping them selves. When dealing with closed sorce software, sutch as Windows, end users and buyers have to jump through hoops to get look at the source. Who is to say that the closed source solutions don't have Trojans imbeded in them and if they do how would you ever know untill it is too late. With open source programs you can always hire programers, with the money you saved, to go over the code for security holes.
-
Alexander Somma
sommona.com
Montreal
|
12/04/04 06:49 PM
Reply
|
|
|
|
|
|
