I was just wondering about this. Think about Ubuntu's vulnerabilities, most are patched in 1-2 days and then are almost never serious. Most vulnerabilities for Linux are patched before they even become publicly known and even then, the problems are fixed very quickly. Now think about Microsoft. They have so many security problems that then have a "Patch Tuesday." Even then it takes 4+ days for the security problem to be fixed only for more to arise. So what do you think is more secure ?

Closed source and open source have pros and cons when it comes to security.

Asking on a closed source forum would probably yeild a different result to what you get here.

Windows is more popular than Linux and is a better target for hackers. Ironically this makes it quicker to find these security problems.

To make the point the recent X.org update was caused by when a critical bug was found by an audit by the US Governments Homeland Security Agency.

http://news.yahoo.com/s/zd/20060502/tc_zd/177195

How long would it have taken if this audit was not carried out?

Is it more secure? Yes, definitely.

I think closed has one big advantage, its closed;) If someone is looking for exploits having the source code wont make it any harder for you. Therefore closed source has the advantage of security through obscurity. (http://en.wikipedia.org/wiki/Security_through_obscurity)
But that is only if the closed source is secure, just look at MS they are so big, but still they make the most unsecure platform Ive ever heard of. If open source is "popular" hopefully many can look through it and find security holes.


Then we have the virus issue, if a virus source code is realeased crackers can copy and modify it, I know this is a little OT but thought Id bring it up. IDG.se big site for news is famous for their "Headlines" Once they were "open source gives more viruses" Like gpl was something bad:rolleyes:

Therefore closed source has the advantage of security through obscurity.

Real secure programming IMHO isn't accomplished by obscurity. . . That's pretty much banking your entire strategy on a user's ignorance of either how to decompile a program or how to decipher the associated code.

It isn't an advantage when, using that strategy, you do nothing to really fix the problem.

I think closed has one big advantage, its closed;) If someone is looking for exploits having the source code wont make it any harder for you. Therefore closed source has the advantage of security through obscurity. (http://en.wikipedia.org/wiki/Security_through_obscurity)
But that is only if the closed source is secure, just look at MS they are so big, but still they make the most unsecure platform Ive ever heard of. If open source is "popular" hopefully many can look through it and find security holes.


Then we have the virus issue, if a virus source code is realeased crackers can copy and modify it, I know this is a little OT but thought Id bring it up. IDG.se big site for news is famous for their "Headlines" Once they were "open source gives more viruses" Like gpl was something bad:rolleyes:

Well, I think the poll is iffy. I will say open source leads to better coding practices since it's out in the open and subject to peer review. I will say patches come out faster, bugs are fixed faster. And I can get those fixes faster. Normally (not to name names), one company releases patches on a fixed day, and another sits on it's hands since disaster hasn't struck...

As for obscurity, you don't know what's going on behind the scenes, that doesn't stop people from exploiting and finding flaws. As for viruses, Windows reigns supreme (no contest.)

Hmmm...stupid stupid me, mentioning something remotely positive about close source on a foss forum :D I guess I didnt make myself clear. I dont like closed source and I try to stay away from it, I voted open source as the most secure. (Im not that one person (yes one :)) who voted closed)

It depends, closed source can be pretty secure and opensource can get code audits all day but some projects just generaly suck.

If you think closed source is more "secure" then you obviously are not a programmer (or you aren't a very good one anyway).

To a machine ALL code is open source, and that's exactly the way a hacker looks at it.

Mark Cox has some very good statistics up comparing RHEL3, FC3 and Windows, Linux consistently had lower number of days of risk as well as an overall lower number of critical flaws (by Microsoft' own standard).

His blog can be found here and is regularly updated with security statistics and information:
http://www.awe.com/mark/blog

Looking at the numbers, free software beats closed software hands down when it comes to security in every study I've read (except those sponosored by Microsoft for some reason).

That being said we are only better than an absolutely terrible option, that doesn't make us good - the best distro from a security stance would probably be Fedora Core with SELinux turned on as they currently are the only mainstream distro to deploy proactive security.

lol - I voted closed source as a laugh. because it was obvious no one else would.

I get my kicks in strange ways.

There should be a "Dont know/care" option.

Well I'm no programmer but speaking as a layman, on the face of it I can't imagine why one would be intrinsically more secure than the other. Yes with Linux there may well be peer review, it's not as if Microsoft has never had bugs/exploits reported back to them by end users though is it.

Another point, people here tend to take the attitude of closed = MS and open = Linux. It ain't as simple as that and so to compare the worst examples of slothfulness from a closed source organisation against the best examples of open source seems an unfair comparison to me.

Windows may or may not be poor quality but it doesn't follow from there that all closed products are similarly poor/mediorce/great (some of you seem to think it does) and of course Linux may or may not be great but it doesn't follow that... well, you get my point

It's hard to say. I think security means "number of choices for attacking" when talking about software. If something's closed source, people don't usually read the code and don't find mistakes, but a "hacker" can find the attacking holes because they are there. When something is open source, people will read the code and fix the mistakes so there's nowhere to attack for the attackers, but if it's open source hackers can read the code as easily as others. So if an open source project is popular and has good development policy (like BSD-s) then it's more secure but if it's unpopular (noone reads the code) then it might be more unsecure. The safest thing must be unpopular closed source :)