Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Full-Disclosure] why commcerical software *could* be better [WAS: Re: Microsoft prepares security assault on Linux]

From: Jeremiah Cornelius <jeremiah () nur net>
Date: Wed, 12 Nov 2003 13:13:13 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 12 November 2003 22:33, Gadi Evron wrote:
<SNIP>

As much as generally and usually I'd vigorously agree with you, there is 
a lot to be said for:
1. A serious (note serious) commercial company that has a crew working
    on addressing security concerns, and updating the product.


Not bloody well manifested by the evidence in hand now, is it?  I would say 
that eEye has been a better crew working on windows security concerns than 
MS.


2. A commercial company providing with liability (and responsibility)
    for the software you use (in other words - tech support and someone
    to blame).


Liability?  Oh, yeah.  MS makes hay about IBM not indemnifying Linux users (as 
if IBM supplied distros!)  How much money is MS shelling out to cover costs 
incurred by Melissa/Nimda/Code Red/Slammer/Blaster/etc. ?  Smoke screen and 
BS.


3. No source (!!) available for people to examine, thus making it, to a
    level, harder to locate security "holes" - for outsides in any case.


Almost every one of the vulnerabilities that I reference were discovered by 
independent 3rd parties, with access only to derived binary objects.  MS - 
with privileged access to sources - never discovered any of these flaws 
internally.
 

I can come up with a few more.. but basically all I am saying is, 
support open source, don't condemn commercial software. There is a 
difference between the two ideologies, and one should follow/support
whichever suits him/her best. Constructive vs. destructive attitudes?


I assert -unoriginally- that the reasons to oppose closed-source software are 
considerations of freedom and access, not quality.  That said, the arguments 
are not with commercial software as a class, but with Microsoft.  This 
relates to specific practices and products - all of which are agrivated by a 
monopoly position in the market.


Don't allow bad examples to cloud your better judgment.



Or good ones. ;-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/sqJwJi2cv3XsiSARAgEVAJkBGKG8xXdCrfUtga1APhOicSU5/wCgiDGg
jyqs53MXFSRRlMkesdxJrWY=
=ruy4
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: