Re: Russian Mafia responsible for MyDoom

From: Walter Mautner (nextnews.15.eatallspam_at_spamgourmet.com)
Date: 02/07/04


Date: Sat, 07 Feb 2004 11:47:46 +0100

S. C. M. wrote:

....
> My question (because I am not able to answer it to my self) is:
>
> A Open Source operating system should be more secure ?
>
> I mean, spread and free access to the code could help to make an
> operating system more secure because a big
> number of programmers will go help to pinpoint bugs into the code ?
> Open Source could enable the System Operators to fix a bug or a virus
> vulnerability more easy and faster ?
>
Yes, that's one of the thoughts behind open source: many contributions from
not business-blinded people like professional programmers tend to become,
and a lot more eyes to look at the code.
Of course, that philosophy makes it - at the first glance - also easier to
exploit systems, like seen recently. But in the long run, there is nothing
like "security by obscurity". It just won't work.
Also, there are other aspects of *nix that make it superior in terms of
security by concept: *nix has been designed for multiuser from the
beginning, with process and user space separation in mind, as well as a
concept of permissions unknown to the windows world. The time Microsoft
jumped on the wagon with NT and its successors, they still kept all the
legacy DOS non-multiuser stuff, 16-bit executables and the "system" account
as a gluestick. Given the fact, a non-admin user may not install anything
that writes to the holy grail "global registry" but execute everything with
appropriate (also user-changeable) file extension received by e-mail or
download source, we can clearly identify the light at the end of the
tunnel. It's growing bigger every second as we stand and stare at it ...

-- 
Longhorn error#4711: TCPA / NGSCB VIOLATION: Microsoft optical mouse 
detected penguin patterns on mousepad. Partition scan in progress
 to remove offending incompatible products.  Reactivate your MS software
 (3 days grace period). [LinuxCounter#295241]