[Eug-lug] EDITOR'S NOTE:

[Jacob Meuser]

On Wed, Aug 04, 2004 at 04:49:48AM +0000, Bob Crandell wrote:

> But where open source is different from proprietary code is that
> open source encourages honest people to access source code, and
> find security holes and patch them fast. The large open-source
> community can find and patch security holes faster than teams of
> proprietary developers - even when those developers work for
> Microsoft - simply because the proprietary developers are hobbled
> by their need to keep secrets.

This is horse hockey.  Bad code is bad code.  Yes, they _can_ find
the problems, but all too often it's after an incident.

> Another reason for Linux's inherent security is its user model.
> End-users run with limited privileges; only systems
> administrators have access to the all-powerful root account.
> Mostly even systems administrators run as limited-privilege
> users, unless they absolutely need root access. By limiting
> users' access to systems, Linux limits the amount of damage a
> user can do.

Whatever.  That has been part of UNIX for ages.  It's not something
invented in linux land.

> Linux's lower vulnerability, compared with Windows, isn't just a
> function of its smaller popularity. Linux is breached less often
> because it's more secure. Microsoft has a lot of catching up to do.

You know, I agree that generally linux land is more secure than MS
products, but please, where is the hard evidence?  The author says
"Linux is breached less often because it's more secure."  "Linux
is inherently more secure."  But he never mentions anything about the
code itself, not to mention coding practices.  He merely speculates.

I'm sorry but as long as there are GNU developers who don't want
strlcat to be part of glibc, I'm going to have to agree that linux
is more secure than MS products because it comes from a UNIX
background (and I'd say it's the least secure of modern UNIX-likes),
and is less targeted than MS.

-- 
<jakemsr at jakemsr.com>