Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
06-20-2007, 03:13 AM
|
#1
|
LQ Newbie
Registered: Mar 2007
Location: Newcastle, Aus.
Distribution: Ubuntu 8.04 and SuSE 9.2
Posts: 23
Rep:
|
How safe is Open Source?
Hi guys.
I'm really sorry if this has been covered before but I have a limited time frame right at the moment and can't go through oodles of pages to try and find the answer to this.
I work in IT and look after networks for small businesses. Many have been having trouble with Microsoft and like the idea of a "free" OS but there is this perception out there (my business partner being one who holds this) that because Linux is Open Source it has to be by definition more vulnerable to attacks and such as hackers can see the code and write more code to get around it or through it or whatever.
Basically what I would like to be able to do is either put up or shut up with regards to using Linux as a viable option to the monopolistic (and overly expensive) monster that is Microsoft.
Any input would be greatly appreciated  as this is something of a bone of contention.
Thanks guys.
Tim 
|
|
|
06-20-2007, 03:50 AM
|
#2
|
Member
Registered: Apr 2006
Location: Earth
Distribution: BLFS customized
Posts: 160
Rep:
|
This is NOT the case... Open Source is safe because of the community... If a hacker found a flaw in the kernel... Within days (from previous experience, there was this one case which both Linux and M$ windows has this flaw) Linux community fixed the flaw but M$ took much longer(forgotten how long it was  )
Hope this helps...
|
|
|
06-20-2007, 04:52 AM
|
#3
|
Senior Member
Registered: Nov 2003
Location: London, England
Distribution: Ubuntu
Posts: 1,460
Rep:
|
If it's easy for nasty people to examine the source code & find exploits, then it must by extension be easy for the nice FOSS devs to do the same thing. And once the FOSS people find bugs, they remove them.
Thus, if open source makes it easy for crackers to find exploits, there won't be any exploits, because they'll have been removed by devs who found them easily. QED.
|
|
|
06-20-2007, 05:00 AM
|
#4
|
Member
Registered: Dec 2005
Location: Portugal
Distribution: Slackware64 13.0, Slackware64 13.1
Posts: 538
Rep:
|
Its safe enough to be the driving force of the Internet (Linux/BSD + Apache dominate the webserver market).
Don't hear Microsoft publicizing that do you? 
|
|
|
06-20-2007, 01:42 PM
|
#5
|
Moderator
Registered: May 2001
Posts: 29,415
|
First of all welcome to LQ, hope you like it here.
Quote:
I have a limited time frame right at the moment and can't go through oodles of pages to try and find the answer to this.
|
What you reap is what you sow, I'd say...
Anyway. Executive overview: if people tell you just "yes" or "no" then, regardless of what side they're on, they're not painting the whole picture.
Comparing OSes in some aspects, yes, GNU/Linux is by definition way more rugged and secure, yes, vulns usually get uncovered and fixed way more faster, but no, that still doesn't mean GNU/Linux is way more safe to use in RL without regular auditing, adjusting of security policies, updating software, etc, etc. Having dealt with forensics and incident response in and outside of LQ for a few years now I know from experience the "many eyeballs" argument is a nice one but it doesn't cover all aspects of RL usage (lack of knowledge, misconfiguration, lax restrictions and lack of updating). (BTW, if you say "many have been having trouble with Microsoft" then I wonder if this is due to a) vulns and viruses (not virii) or licensing, IOW: what's the *real* beef here?..) The reason I trust GNU/Linux to be my main platform of choice is because it's free (beer, money, choice), performant (doesn't waste cycles on what I don't need), extensible (if it ain't got what you need you damn well can add it w/o worries), trusted (RHEL-5 just got EAL4), dependable and it allows me to control (as in user, admin, freak, uber-BOFH) about everything I need to w/o me having to worry about buying "security" add-ons or licenses I should have gotten by default.
GNU/Linux is safe to use and GNU/Linux is free in that it doesn't cost you money. But you'll have to invest in it as gaining knowledge costs time and effort and security aspects are not an exception. Reap what you sow.
|
|
|
06-21-2007, 10:02 AM
|
#7
|
LQ Newbie
Registered: Mar 2007
Location: Newcastle, Aus.
Distribution: Ubuntu 8.04 and SuSE 9.2
Posts: 23
Original Poster
Rep:
|
Thank you all so much for your reply. This at least gives me something to "take to the table" as it were as far as the O/S debate is concerned. Unspawn, it has been a combination of things that have been getting our clients nervous. Many have had large chunks of downtime due to updates messing up their configurations but I suppose the big thing is licensing and how much it costs to set up a small office (close to $4000 for 1 SBSServer2003 and 10 PC's). To my way of thinking they could pay 1/2 that to have Linux set up and their staff trained to a level of proficiency. I just reckon that makes sense. Oh, and btw, when I said I don't have time to scour oodles of pages I'm simply talking to find initial info such as what you guys have provided. Believe me, if I start to get clients using Linux I WILL be scouring the pages and being a pain in the arse (if you hate people asking questions at least).
All the best guys, and thanks again.
Regards,
Tim.
|
|
|
All times are GMT -5. The time now is 03:38 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|