[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Closed source & Secutiry (was: Re: Smooth wall - more detailed)



On Wed, 29 Aug 2001, Alon Altman wrote:

> On Wed, 29 Aug 2001, Dani Arbel wrote:
>
> > Alon,
> > Where did you get this idea about closed source ?
> > You can trust it just like you trust open source: use caerfuly and keep
> > tuned for news/patches.
> > Dani
>
> But with closed source, you can't ever be sure there ain't backdoors that
> were deliberately added to the software for the advantage of the closed
> source developers. See for example, Microsoft "registration wizard" and
> other deliberate backdoors such as the noturious "NSA key".
> Open source software is checked by experts around the world to ensure its
> security and thus disallowing the original producer to put in malicious code
> or backdoor. That's why I never use closed-source products when security is
> a concern.

>From your argument it can be concluded that:

1. closed source software cannot be trusted (enough for those critical
   applications)

2. Whenever you want to apply an open-source product you have to either
   review it yourself and search for critical bugs and backdoors, or
   verify that someone else already has.

Have you verified that for, say, the latest version of smoothwall?

Another consideration is the ammount of support: One of the tings I didn't
like about LRP (http://linuxrouter.org) is the lack of awareness for
security updates. For instance: look at the versions of the kernels, and
of the bind, proftpd, ssh (and probably other) packages in the 'official'
archive (although I haven't checked those spesific packages in the recent
monthes. Things may have improved lately).

-- 
Tzafrir Cohen
mailto:tzafrir@technion.ac.il
http://www.technion.ac.il/~tzafrir


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il