#22 - Why do you think it's worked up until this point?
Case in point: There was a recent hole found in the telnet daemon used by nearly every Linux and BSD distribution, except OpenBSD. Only thing is, it's not exactly recent... it's been there for about 25 years. The exploit allows remote root, by the way.
So, tell me where all your "experts" were for 25 years?
I suppose you'll counter with the claim that open source operating systems have fewer exploits than Windows, proving that they are more secure. Well, there are three problems with that claim:
1.) It's far from true. Redhat has almost double the known exploits of Windows just this year.
2.) Even if it were true, that does not mean that open source is more secure. That's a false causation assumption. It could be, for instance (and more probably) that the open source products are attacked far less than Microsoft products, and are therefore less likely to have high numbers of exploits.
3.) Open source relies on the people who find the holes telling others nicely. (As do closed source discoveries.) A hacker is FAR more likely to find a hole if he has the code right there in front of him, thereby increasing the chance that a dangerous hole will be exploited before a patch is released.
Now, I know you will counter that last one with the idea that along with those hackers are security experts looking at the code. That may well be true, but it is far *less* common than hackers looking at the code. There are MANY more hackers than there are security experts, nor do all security experts examine all code, as the telnet hole previously mentioned highlights.
It goes back to the old adage: Which is easier to rob? A bank which you've only seen the outside of the building, or a bank to which you have all the floor plans?
The point, is you can claim that more eyes == more security until you're blue in the face, but nobody has ever offered proof of this claim.
|