LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-20-2007, 03:13 AM   #1
timbothecat
LQ Newbie
 
Registered: Mar 2007
Location: Newcastle, Aus.
Distribution: Ubuntu 8.04 and SuSE 9.2
Posts: 23

Rep: Reputation: 15
How safe is Open Source?


Hi guys.

I'm really sorry if this has been covered before but I have a limited time frame right at the moment and can't go through oodles of pages to try and find the answer to this.

I work in IT and look after networks for small businesses. Many have been having trouble with Microsoft and like the idea of a "free" OS but there is this perception out there (my business partner being one who holds this) that because Linux is Open Source it has to be by definition more vulnerable to attacks and such as hackers can see the code and write more code to get around it or through it or whatever.

Basically what I would like to be able to do is either put up or shut up with regards to using Linux as a viable option to the monopolistic (and overly expensive) monster that is Microsoft.

Any input would be greatly appreciated as this is something of a bone of contention.

Thanks guys.

Tim
 
Old 06-20-2007, 03:50 AM   #2
thloh85
Member
 
Registered: Apr 2006
Location: Earth
Distribution: BLFS customized
Posts: 160

Rep: Reputation: 31
This is NOT the case... Open Source is safe because of the community... If a hacker found a flaw in the kernel... Within days (from previous experience, there was this one case which both Linux and M$ windows has this flaw) Linux community fixed the flaw but M$ took much longer(forgotten how long it was )
Hope this helps...
 
Old 06-20-2007, 04:52 AM   #3
oneandoneis2
Senior Member
 
Registered: Nov 2003
Location: London, England
Distribution: Ubuntu
Posts: 1,460

Rep: Reputation: 48
If it's easy for nasty people to examine the source code & find exploits, then it must by extension be easy for the nice FOSS devs to do the same thing. And once the FOSS people find bugs, they remove them.

Thus, if open source makes it easy for crackers to find exploits, there won't be any exploits, because they'll have been removed by devs who found them easily. QED.
 
Old 06-20-2007, 05:00 AM   #4
easuter
Member
 
Registered: Dec 2005
Location: Portugal
Distribution: Slackware64 13.0, Slackware64 13.1
Posts: 538

Rep: Reputation: 62
Its safe enough to be the driving force of the Internet (Linux/BSD + Apache dominate the webserver market).
Don't hear Microsoft publicizing that do you?
 
Old 06-20-2007, 01:42 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607
First of all welcome to LQ, hope you like it here.


Quote:
I have a limited time frame right at the moment and can't go through oodles of pages to try and find the answer to this.
What you reap is what you sow, I'd say...


Anyway. Executive overview: if people tell you just "yes" or "no" then, regardless of what side they're on, they're not painting the whole picture.


Comparing OSes in some aspects, yes, GNU/Linux is by definition way more rugged and secure, yes, vulns usually get uncovered and fixed way more faster, but no, that still doesn't mean GNU/Linux is way more safe to use in RL without regular auditing, adjusting of security policies, updating software, etc, etc. Having dealt with forensics and incident response in and outside of LQ for a few years now I know from experience the "many eyeballs" argument is a nice one but it doesn't cover all aspects of RL usage (lack of knowledge, misconfiguration, lax restrictions and lack of updating). (BTW, if you say "many have been having trouble with Microsoft" then I wonder if this is due to a) vulns and viruses (not virii) or licensing, IOW: what's the *real* beef here?..) The reason I trust GNU/Linux to be my main platform of choice is because it's free (beer, money, choice), performant (doesn't waste cycles on what I don't need), extensible (if it ain't got what you need you damn well can add it w/o worries), trusted (RHEL-5 just got EAL4), dependable and it allows me to control (as in user, admin, freak, uber-BOFH) about everything I need to w/o me having to worry about buying "security" add-ons or licenses I should have gotten by default.

GNU/Linux is safe to use and GNU/Linux is free in that it doesn't cost you money. But you'll have to invest in it as gaining knowledge costs time and effort and security aspects are not an exception. Reap what you sow.
 
Old 06-20-2007, 03:35 PM   #6
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Given the recent news regarding IBM/Redhat, the Linux developers must be doing something right:
http://www.computerworld.com.au/inde...4194304;fpid;1
 
Old 06-21-2007, 10:02 AM   #7
timbothecat
LQ Newbie
 
Registered: Mar 2007
Location: Newcastle, Aus.
Distribution: Ubuntu 8.04 and SuSE 9.2
Posts: 23

Original Poster
Rep: Reputation: 15
Thank you all so much for your reply. This at least gives me something to "take to the table" as it were as far as the O/S debate is concerned. Unspawn, it has been a combination of things that have been getting our clients nervous. Many have had large chunks of downtime due to updates messing up their configurations but I suppose the big thing is licensing and how much it costs to set up a small office (close to $4000 for 1 SBSServer2003 and 10 PC's). To my way of thinking they could pay 1/2 that to have Linux set up and their staff trained to a level of proficiency. I just reckon that makes sense. Oh, and btw, when I said I don't have time to scour oodles of pages I'm simply talking to find initial info such as what you guys have provided. Believe me, if I start to get clients using Linux I WILL be scouring the pages and being a pain in the arse (if you hate people asking questions at least).

All the best guys, and thanks again.

Regards,

Tim.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Global Summit of Open Source Leaders Releases Free Online Report on State of Commercial Open Source LXer Syndicated Linux News 0 05-04-2007 09:46 AM
LXer: Open Source coders caught stealing Open Source code LXer Syndicated Linux News 1 04-06-2007 08:08 AM
LXer: Krugle offers code search engine for open source, with open source LXer Syndicated Linux News 0 02-27-2007 09:04 AM
LXer: Open Source Geospatial Foundation Selects Tyler Mitchell, Open Source Advocate, as Executive Director LXer Syndicated Linux News 0 10-19-2006 10:54 PM
Open Source Software being reliable and safe? ltsai General 10 10-13-2003 05:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration