Does "Open" mean insecure?

[Not unique]

Does "Open" mean insecure?

I have used Ubuntu since 2005 and love it, also I am always trying to no avail to pursued my friends to try it or at least open source software for Windows as a way forward to recommending Open source and Ubuntu.
But they ask Does Open mean insecure? as any one can get to the code.
Can any one help me with some good answers?

[LinuxFan999]

No, Open source software is not insecure, and is usually more secure than proprietary software. A great example is OpenBSD, which has security as it's first priority, and it's open source. Linux is also more secure than Windows, and Browsers like Firefox and Chrome are more secure than Internet Explorer.

[Shazaam]

That's one of the beauties of open source. So many people having access to the source code means there are more "eyes" looking at it. More "eyes" to check and improve code. More "eyes" to detect malicious code. So no, "open source" does not mean it's insecure.

[Not unique]

Yes but if the codes "open" then what's stopping people going in and messing around with it or making virus's/malware/spyware?

[An Sanct]

That's one of the beauties of open source. So many people having access to the source code means there are more "eyes" looking at it. More "eyes" to check and improve code. More "eyes" to detect malicious code. So no, "open source" does not mean it's insecure.

I agree with this, open source means more developers can take a look...

[squenson]

Yes but if the codes "open" then what's stopping people going in and messing around with it or making virus's/malware/spyware?

Yes, anyone can change the code and make malicious things, but then what? How would they distribute this code to your machine? The main "distros" are very well controlled from this point of view!

[Erik1984]

Yes but if the codes "open" then what's stopping people going in and messing around with it or making virus's/malware/spyware?

Usually only a few people control access to the actual code in the repository. They can look at the suggested new code to see if it contains any bad stuff. At the same time many other people involved with the project will quickly spot bad code because it's all open.

[mamamia88]

If anything it would be more secure since you don't have to wait for a massive corporation to release bug fixes.

[MG&TL]

Tell them to go here:

http://uptime.netcraft.com/up/graph And search for their favourite sites. Then see how many of them are running Linux/Apache compared to Windows/whatever the windows webserver is called.

[haqking]

Open has nothing to do with security and does not effect security.

Linux and Windows are equally secure and certified such, the way the user runs things will effect security.

Linux is as easily attacked as Windows, however Linux does not suffer from Virus code but only due to the lack of distribution and the malicious code writers not as yet targeting Linux, but AV is a very small security issue and small percentage of attack vectors.

there is no more secure in the Linux and Windows world as an end user OS.

You can tighten the security in windows as you can and need to in Linux.

Things like running with admin permission, allowing scripts to run in your browser etc etc

Read here for a wiki we have been working on for the Ubuntu noob to security https://wiki.ubuntu.com/BasicSecurity

which was born from this thread http://ubuntuforums.org/showthread.php?t=1873643

Security is user/admin controlled with common sense.

Open however means the code is open source and so more eyes to look at to modify and develop, so things get patched quicker generally than in the proprietary world but that is debatable.

to summarise there is no MORE SECURE in either windows or Linux they are certified roughly the same.