lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: jeremiah at nur.net (Jeremiah Cornelius)
Subject: why commcerical software *could* be better [WAS: Re: Microsoft prepares security assault on Linux]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 12 November 2003 22:33, Gadi Evron wrote:
<SNIP>
> As much as generally and usually I'd vigorously agree with you, there is 
> a lot to be said for:
> 1. A serious (note serious) commercial company that has a crew working
>     on addressing security concerns, and updating the product.

Not bloody well manifested by the evidence in hand now, is it?  I would say 
that eEye has been a better crew working on windows security concerns than 
MS.

> 2. A commercial company providing with liability (and responsibility)
>     for the software you use (in other words - tech support and someone
>     to blame).

Liability?  Oh, yeah.  MS makes hay about IBM not indemnifying Linux users (as 
if IBM supplied distros!)  How much money is MS shelling out to cover costs 
incurred by Melissa/Nimda/Code Red/Slammer/Blaster/etc. ?  Smoke screen and 
BS.

> 3. No source (!!) available for people to examine, thus making it, to a
>     level, harder to locate security "holes" - for outsides in any case.

Almost every one of the vulnerabilities that I reference were discovered by 
independent 3rd parties, with access only to derived binary objects.  MS - 
with privileged access to sources - never discovered any of these flaws 
internally.
 
> I can come up with a few more.. but basically all I am saying is, 
> support open source, don't condemn commercial software. There is a 
> difference between the two ideologies, and one should follow/support
> whichever suits him/her best. Constructive vs. destructive attitudes?

I assert -unoriginally- that the reasons to oppose closed-source software are 
considerations of freedom and access, not quality.  That said, the arguments 
are not with commercial software as a class, but with Microsoft.  This 
relates to specific practices and products - all of which are agrivated by a 
monopoly position in the market.

> Don't allow bad examples to cloud your better judgment.
>

Or good ones. ;-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/sqJwJi2cv3XsiSARAgEVAJkBGKG8xXdCrfUtga1APhOicSU5/wCgiDGg
jyqs53MXFSRRlMkesdxJrWY=
=ruy4
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists