Aug 17, 2005

There are no pickpockets in the desert

Categories: Security
Written By: Edward

or, “Is open source (e.g. Linux) more secure than proprietary (e.g. Windows)?”

Open source advocates say these platforms are more secure than commercial software because they are open. But Forrester think the biggest reason there haven’t been more hacker attacks on open source is the relatively small footprint these components have within the enterprise. It is not at all uncommon for a company to have 50 Windows servers, three Unix servers, and two Linux servers. So, which platform do you think hackers will target? Companies should not be lulled into a false sense of security with open source. It is open, available to anyone that wants to do harm, and, therefore, needs to have special attention with testing and security.

While it may also be true that Linux servers make up a large percentage of web servers on the Internet, these are not as strategic for hackers to attack as corporate or “higher profile” sites, at least so far … in other words, there are no pickpockets in the desert. If you look at some of the behind-the-scenes data for last Christmas’ script kiddie hacker festival - a time when security response is thought to be lower and so the number of scripted hack attacks occur on server installations - more Linux servers were “compromised” than Windows servers. Compromised can simply mean having a whole load of unwanted content dumped on them as a file share.

Another security issue suggests that since Open Source is “open”, although patch releases may be swift from the open source community in response to security holes being discovered, there is a higher likelihood that any of these patches may in fact be an exploit in disguise and cause more problems than it solves. At least with a proprietary system, only official patches are released which resolve the vulnerability, and these patches are usually applied automatically and require less human intervention to maintain the system, unlike Open Source patches which need higher technical knowledge and a physical presence to apply the patch.

See also “Does Open Source mean free?“.

Leave a Reply

You must be logged in to post a comment.

Browse Posts By Category

Choose a category below to browse and subscribe to specific content.

Subscribe

Stay updated with Brilliant Thinking via RSS (Syndicate).

Featured & Popular Articles