Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Argue That Open Source Software Is Secure?

Posted by kdawson on from the beyond-because-i-say-so-dammit dept.

Smidge207 writes "Lately there has been a huge push by Certified Microsoft Professionals and their companies to call (potential) clients and warn them of the dangers of open source. This week I received calls from four different customers saying that they were warned that they are dangerously insecure because they run open source operating systems or software, because 'anyone can read the code and hack you with ease.' Other colleagues in the area also have noticed that three local Microsoft Partners have been trying to strike fear in the minds of companies that respond, 'Yes, we use open source or Linux' when the sales call comes in. I know this is simply a sales tactic by these companies, but how do I fix the damage these tactics cause? I have several customers who now want more than my word about the security of systems that have worked for them flawlessly for 5-6 years, with minimal expense outside of upgrades and patching for security. Does anyone have a good plan or sources of reliable information that can be used to inform the customer?"

9 of 674 comments (clear)

  1. That's a new low by Daishiman · · Score: 5, Interesting

    Really, that's a new low for Microsoft lackeys. Being ISV's you'd expect them to be a bit more honest and pragmatic. Turns out they're just like their evil overlords.

  2. Go to the bug logs for your software by wtansill · · Score: 5, Interesting

    Show them how quickly discovered vulnerabilities are patched and how much discussion each bug receives. Ask the competitors to provide access to their discussion groups and bug logs. Compare. Contrast.

    --
    The contest for ages has been to rescue liberty from the grasp of executive power. -- Daniel Webster
  3. Of course... by QuietLagoon · · Score: 4, Interesting
    they are dangerously insecure because they run open source operating systems or software, because 'anyone can read the code and hack you with ease.'

    .
    Of course, Microsoft Windows has proven that closed-source, proprietary software is secure. Ha-ha-ha-ha-ha-ha-ha-...

    Microsoft is desperate to fight the lower cost of Open Source in these troubled economic times. Microsoft is having trouble justifying their economic exstence. So, instead of fighting on a cost basis, Microsoft is tryng to shift the battleground to a different arena --- one of security. Unfortunately, in the arena of security, Microsoft loses big.

  4. Think of it like an academic report by TheSpoom · · Score: 4, Interesting

    Open source software is like any report in an academic journal.

    While a little more informal, it has usually been similarly vetted by competent experts in the field before it's been allowed into the wild, especially in large projects.

    Therefore, it's much more reliable than closed source software like Windows, for which you have to take Microsoft's word alone, as opposed to the reviews of several top developers in their fields who approved the commits in the first place.

    Plus, tell them to examine their sources; the bias is obvious.

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
  5. Antivirus by lena_10326 · · Score: 5, Interesting

    2 points.

    1. The fact that an antivirus program combined with a firewall is mandatory for any windows box (closed source) to remain virus free for longer than 20 seconds connected to the internet, whereas linux (open source) requires no such antivirus program, is experiential proof that linux is more secure.
    2. Many firewall/routers run linux. If linux is good enough to protect your windows machines from intrusion, then a logical person would conclude an open source operating system such as linux is more secure.
    --
    Camping on quad since 1996.
  6. Windows is Open source on Balckhat sites already by goombah99 · · Score: 4, Interesting

    Since 2004 The source code for windows is available for $20 on blackhat websites. SO it's avaialble for scrutiny by a very select few since possession is criminal.

    Also it's worth noting that even for-profit companies like Sun and Apple often open source their code (e.g. apple's Darwin Kernel and openSolaris). And those companies have much better security reputations than Microsoft.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  7. Ask your customers just some simple questions by Johnny+Loves+Linux · · Score: 5, Interesting

    What is the #1 website on the planet today? Answer: google. How many machines does google have to support it's busines? Answer: tens of thousands. What operating system does google use? Answer: Linux. How many times has google been hacked in its 11 year history? Answer: Anybody, anybody? What is the #1 desktop operating system today? Answer: Microsoft. How many worms, trojans, viruses, etc. are there for Microsoft OSes? Answer: > 100,000 (source: pick you're favorite anti-virus company counting scheme.) How many times have businesses been hosed by using Microsoft software? Answer: Too many to count. The latest blunder today? The French navy. Reference: http://www.networkworld.com/news/2009/020909-conficker-worm-sinks-french-navy.html Now for the last and most important question: What does Microsoft think that it knows about security that Gooogle doesn't? Because comparing their security track records, it's not obvious to me that Microsoft knows anything about security. --Johnny says when in doubt just ask Google.

  8. Re:turn tables by sumdumass · · Score: 4, Interesting

    Many small shops like to think they are more important then they are. I don't know how many times I have had to switch to some other software because a partner found that a larger firm used something else just to find it willfully inadequate compared to what was being used before the 20 grand switch. This is true for law firms, Tax shops and accounting shops, insurance agencies and almost everything else I have worked with. They seem to think that using the software they use will give them the edge to be as profitable as they are.

    The counter spin tactics that would probably be beneficial is something along the lines of Sun, IBM, Novel, and several other big Iron shops use OSS. Even the smaller shops mid level shops that use DB back ends use OSS like pervasive SQL, Oracle, MySQL, and so on. How is it that the large shops who spend the money for the Sun or Novel or IBM or Oracle servers that cost probably more then what they paid for IT in the last year don't have security concerns with Open-Source Software but a Microsoft rep who is attempting to sell you software and lock your into their specific version/line can convince you that it is unsafe?

    I would still attempt to back that up with other facts concerning OSS usage like by Cisco, Zycell, and several other routing companies who provide industry leading security and routing products. I mean if the routers are configures correctly and capable of acting as a firewall, it's the first line of defense. And if their OSS servers and software aren't directly connected to the internet, then where is the worry because in order to hack them, you would need to bypass the routers or gain physical access to them.

  9. Re:turn tables by damburger · · Score: 4, Interesting

    In other words "Science - it works bitches"

    As a physicist I am quite comfortable arguing the merits of evolution over creationism because I understand the strength of the process that favored the former over the latter. I don't have to see every single experiment performed in that area of research; I know dodgy research would've been (and has been) spotted.

    --
    If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?