Trend Micro Chairman Says Open Source Is a Security Risk

← Back to Stories (view on slashdot.org)

Trend Micro Chairman Says Open Source Is a Security Risk

Posted by Soulskill on Friday January 14, 2011 @02:26AM from the with-friends-like-these dept.

dkd903 writes "Steve Chang, the Chairman of Trend Micro, has kicked up a controversy by claiming that open source software is inherently less secure than closed source. When talking about the security of smartphones, Chang claimed that the iPhone is more secure than Android because being an open-source platform lets attackers know more about the underlying architecture." This comes a week after Trend Micro released a mobile security app for Android.

10 of 258 comments (clear)

Min score:

Reason:

Sort:

Security through obscurity doesn't work by WiglyWorm · 2011-01-14 02:29 · Score: 5, Insightful

Just some FUD to sell an app.
1. Re:Security through obscurity doesn't work by dintech · 2011-01-14 02:37 · Score: 5, Insightful
  
  It's scary that someone of his seniority in the computer security business would be pushing 'security through obscurity'. Doesn't he have access to Google? The only fear uncertainty and doubt I have is about Trend Micro.
2. Re:Security through obscurity doesn't work by fuzzyfuzzyfungus · 2011-01-14 02:40 · Score: 5, Insightful
  
  If I had spent years building AV software to paper over Windows' flaws, I'd probably have given up on technical correctness as well...
3. Re:Security through obscurity doesn't work by nahdude812 · 2011-01-14 03:05 · Score: 4, Insightful
  
  He's not pushing security through obscurity. He's pushing fear plus "security through giving us your money." His claim is a clear conflict of interest.
  Did you know dangerous radio waves are passing through your brain every minute? Buy my special tinfoil hat to protect yourself!
  
  --
  Slay a dragon... over lunch!
4. Re:Security through obscurity doesn't work by Eraesr · 2011-01-14 03:09 · Score: 4, Insightful
  
  His claim is a clear conflict of interest.
  Not at all, really. His claim clearly lines up with his interests. He wants you to buy his Android security app, so he'll claim that Android is really insecure.
5. Re:Security through obscurity doesn't work by apoc.famine · 2011-01-14 04:56 · Score: 5, Insightful
  
  Have some F about Trend Micro, but don't have any U or D - TM is one of the worst AV programs I've seen in action.
  
  Back around 2003, the corporate parent of my little used-to-be-locally-owned business set up a "19th hole" deal with TM. We were told to use TM as our sole AV in our local branch, as we now had a corporate-wide license. We refused, and were told that our AV must then come out of our own IT budget. Fair enough.
  
  Why did we refuse TM? For one, the version we were given at that time had to be installed by hand on every machine. Corporate IT actually went through their thousands of machine and installed the damn thing. Probably using interns, as it wouldn't have been cost effective to have actual IT do that work, despite their sweetheart deal with TM. With an IT staff of 3, only one of which was on desktop support, we didn't feel that it was worth a hand-install on 150 or so machines. Especially since almost everything about TM sucked.
  
  So we shelled out for Norton Corporate, set up a beefy desktop as a dedicated AV server, and pushed the client to all the local machines. 15 minutes of visual inspection plus the help of the rest of the employees found the dozen or so that didn't install properly, and those were dealt with by hand.
  
  A few months later, corporate got slammed with some hellacious worm. TM didn't pick it up at all. In the least. While it spread like wildfire from one of our local corporate goons' laptops onto our systems, Norton at least disarmed all the tens of thousands of copies it placed throughout most of our file systems. (The bastard was doing auditing, and had access to just about everything.)
  
  Corporate was unable to deal with the worm for a few days - we firewalled them off, cleaned up the mess, and got on with life before their IT was able to send us instructions on how to deal with it, and how to fix TM, which it had destroyed in the process. (Yes, every machine by hand, once again.)
  
  So long ramble short - don't listen to TM. Ever.
  
  --
  Velociraptor = Distiraptor / Timeraptor
Consider the source by Just+Some+Guy · 2011-01-14 02:37 · Score: 5, Insightful

That's nice. Of course, I tend to associate Internet security firms with SEO consultants, astrologers, and anyone else who makes a living off fear and ignorance.

--
Dewey, what part of this looks like authorities should be involved?
Re:indeed by Dunbal · 2011-01-14 02:39 · Score: 4, Insightful

And also rocks should be banned.

--
Seven puppies were harmed during the making of this post.
Re:Can Slashdot OP's cut the snark? by WiglyWorm · 2011-01-14 02:51 · Score: 4, Insightful

I take this as full disclosure, not editorializing.
Re:Feh by Opportunist · 2011-01-14 03:33 · Score: 4, Insightful

Wrong approach. It took me a while to wrap my mind around the mindset of the execs, but their reasoning seems to follow two logics when it comes to software:
1. If it doesn't cost anything, it can't be worth anything.
2. If there is no company behind it, we can't sue anyone if it fails.
It's near impossible to show them that 1 is untrue and that 2 is a wet dream at best.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.