| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Open source review would aid Windows security: Gartner | |
|
||
| Time: 04:04 EST/09:04 GMT | News Source: The Register | Posted By: Alex Harris | ||
|
Microsoft should dump security via obscurity, and submit its software to open source review, according to Gartner. The open source review bit is something so utterly alien, communist and horrible to the mind of Bill Gates that it's almost worth us running a competition to find what he'd rather do (Sacrifice of firstborn? Auction mother on eBay? Tell Steve Jobs he was right?) - but actually, Gartner is perpetrating a small piece of sensationalism by saying it agrees with Gates about security, "and believes that open source review of Microsoft's code is necessary to meet security goals." Which is not the same as saying this is what Bill believes, but they had us going for a moment there. Gartner contrasts the assertion by Jim Allchin, Microsoft's senior vice president for Windows, that Windows boxes would be more vulnerable to attack if the company had to disclose technical information to rivals with previous pronouncements by his Billness. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 488 Last | Next |
The time now is
11:01:16 PM
ET.
Any comment problems? E-mail us |
| #1 By 2332 (129.21.145.80) at 5/16/2002 5:11:37 AM |
|
Somebody provide me with evidence that open source software is, on average, significantly more secure than closed source software.
Remember, the software must have approximately equal scrutiny, meaning about equal usage, and the difference in security must be able to be linked directly to the open source methods used during development and upkeep. I'll give ya a hint... nobody has ever done a study like that. (Not to my knowledge.) All the "evidence" people provide is anecdotal, at best. So, why do I suggest closed software is more secure? Well, I don't really think closed software is *more* secure, I think it really doesn't make too much of a difference as far as security or code quality goes. It does make a BIG difference, however, in the viability of your business model... which is the primary reason I object to it. But it makes logical sense to me that keeping something closed adds a layer of protection. If you have two systems, both approximately equal in code quality, and one also has the advantage of all the code being hidden from hackers looking for holes, it seems to me that the closed solution would be more secure - all other things being equal. Security by obscurity? Sure. As long as that's not the *only* security layer, what's wrong with it? Think about this analogy. What would you be more likely to put your money in, a bank whose security system plans, floor layout, and vault timings are all publicly known, or a bank that keeps all of that secret? Which would be easier to break in to? Again, this is all pure speculation. But the open source community would have you think open source development has been scientifically proven to result in higher quality, more secure code. Well, show me the study. Show me the evidence. If you make the claim, it is your responsibility to prove your case. |
| #2 By 6859 (204.71.100.215) at 5/16/2002 8:59:08 AM |
|
All this plan would do is eliminate MS' IP rights. The whole idea that OSS is more secure is BS. I call it "open sore" because the more eyes on the code the more people who will take advantage of the weaknesses. OSS assumes that if a bug/exploit is found it will be turned in and fixed. And we all know what happens when one assumes...
RMD, brother, you are so 100% on target. "Where's the beef?" |
| #3 By 135 (209.180.28.6) at 5/16/2002 10:35:41 AM |
|
Microsoft has done third party reviews of much of their security critical code. They've hired RSA labs and others to assist them in this.
I agree with RMD, I am getting really sick of anecdotal evidence being bandied about as fact. |
| #4 By 135 (209.180.28.6) at 5/16/2002 12:09:47 PM |
|
#7 - That depends on a lot of things. What you are doing with the site, will it be maintained, etc.
I would have no problem recommending MS/IIS because I feel comfortable locking it down. I can see how someone might think they were more comfortable recommending Apache if they didn't know anything about securing Windows, but I hope that they also take the time to learn how to secure Apache. Otherwise you put a base install of Linux directly on the net and it'll be rooted by tomorrow morning. For a small outfit who didn't have the time to maintain an install, I would recommend a hosting solution. I'm favorable to crystaltech.com personally because they offer a lot for the money. |
| #5 By 20 (24.243.51.87) at 5/16/2002 12:19:02 PM |
|
Open source works really well for small projects. You get more people looking at it than if you just wrote it youself and released the binaries.
For large projects, it's a disaster. Like Communism, OSS looks good on paper but fails miserably in the real world. |
| #6 By 2332 (129.21.145.80) at 5/16/2002 1:22:01 PM |
|
#7 - I can certainly understand your decision, and as long as the customer didn't require any kind of "advanced" stuff for the server (ASP, WebDAV, etc.), I would agree.
Microsoft is rewriting IIS for version 6.0, and hopefully the new codebase won't be so bug prone. Personally, I wish they would do the same for IE. But, again, this says nothing about closed source software. It's anecdotal, or statistically insignificant at best. |
| #7 By 135 (209.180.28.6) at 5/16/2002 1:45:47 PM |
|
#10 - Interesting. I like the last quote in the BW article...
''Linux is "like someone giving you a puppy," says Peter Houston, senior director of the Windows Server Group at Microsoft. "It may be free, but you have to pay more to feed it and take care of it." '' #11 - Interesting article, and it certainly highlights the point that the myth that Linux/Apache is more secure is just that, a myth. Well actually it's FUD, but the article doesn't address that aspect of it. |
| #8 By 135 (209.180.28.6) at 5/16/2002 2:45:24 PM |
|
#14 - If those are your priorities, then I can see where Apache may work for you.
I know from my own personal experience doing load testing that Apache does not scale near as well as IIS, at least with prior versions. The new Version 2 may have improved upon this somewhat. I have no real interest in looking at the source code because I don't have time to fix the bugs. Even when I used open source software in the past I never had time to fix the bugs, and the one prime difference that I encountered was the open source developers had no interest in receiving bug reports which didn't have patches attached, whereas MS(and Oracle and other commercial vendors) will work with us to resolve major issues. I guess we're not worried about license audits. My experience with open source was that it was free, but like the puppy you paid for it in increased time to configure and install. It's also just as much a lock-in to one technology as using anything else. Business practices don't concern me, as it's just business. I have a tougher time finding a willingness to support GPL software because of the immoral and unethical attitudes of Richard Stallman, personally. |
| #9 By 3108 (200.61.156.54) at 5/16/2002 2:56:19 PM |
|
First of all , I do totally agree with RMD. But I find that this discussion has nosense, because The Register is considered one of the worst IT magazines. In fact I would not be surprised that what they have written about gartner is a lie. Besides if you look in gartner.com you will find information against opensource. So do not believe everything you read in The Register.
|
| #10 By 2332 (129.21.145.80) at 5/16/2002 3:23:48 PM |
|
#16 - Soda - Apache 2.0 is really good as far as speed and scalability. That, coupled with the fact I can run ASP.NET on it (it's just an ISAPI filter), makes Apache a very attractive platform.
I still pick IIS because I run a lot of legacy stuff... ASP/COM, C++ ISAPI filters written specifically for IIS, etc. Plus, I find it much easier to manage and use. IIS 6.0 looks *really* excellent though. #17 - Well... *we* consider The Register one of the worst IT magazines... the majority of people out there think it's great. :-) |
| #11 By 135 (209.180.28.6) at 5/16/2002 4:11:30 PM |
|
#18 - Apache 2.0 moved to a new model using threads, which I would assume increases the speed and scalability. I shall have to try this at some point, and I'm curious about that ASP.NET comment.
#19 - Yes, that's the problem with anecdotal evidence. It's not the best way to make decisions, but it is one of the only ways that we presently have. |
| #12 By 2332 (129.21.145.80) at 5/17/2002 3:12:56 PM |
| #21 - http://httpd.apache.org/docs/mod/mod_isapi.html |
|
Write Comment
Return to News |
Displaying 1 through 25 of 488 Last | Next |
The time now is
11:01:16 PM
ET.
Any comment problems? E-mail us |
