Trend Micro Chairman Says Open Source Is a Security Risk

← Back to Stories (view on slashdot.org)

Trend Micro Chairman Says Open Source Is a Security Risk

Posted by Soulskill on Friday January 14, 2011 @02:26AM from the with-friends-like-these dept.

dkd903 writes "Steve Chang, the Chairman of Trend Micro, has kicked up a controversy by claiming that open source software is inherently less secure than closed source. When talking about the security of smartphones, Chang claimed that the iPhone is more secure than Android because being an open-source platform lets attackers know more about the underlying architecture." This comes a week after Trend Micro released a mobile security app for Android.

17 of 258 comments (clear)

Min score:

Reason:

Sort:

Security through obscurity doesn't work by WiglyWorm · 2011-01-14 02:29 · Score: 5, Insightful

Just some FUD to sell an app.
1. Re:Security through obscurity doesn't work by dintech · 2011-01-14 02:37 · Score: 5, Insightful
  
  It's scary that someone of his seniority in the computer security business would be pushing 'security through obscurity'. Doesn't he have access to Google? The only fear uncertainty and doubt I have is about Trend Micro.
2. Re:Security through obscurity doesn't work by fuzzyfuzzyfungus · 2011-01-14 02:40 · Score: 5, Insightful
  
  If I had spent years building AV software to paper over Windows' flaws, I'd probably have given up on technical correctness as well...
3. Re:Security through obscurity doesn't work by fearlezz · 2011-01-14 02:57 · Score: 4, Interesting
  
  It's not all FUD... open source is actually a security risk... for mr. Chang's wallet.
  Remember the lawsuit against clamav? And of course, there's the fact that if everyone ditched windows for an open source OS, trend micro wouldn't have many customers anymore.
  
  --
  .sig: No such file or directory
4. Re:Security through obscurity doesn't work by nahdude812 · 2011-01-14 03:05 · Score: 4, Insightful
  
  He's not pushing security through obscurity. He's pushing fear plus "security through giving us your money." His claim is a clear conflict of interest.
  Did you know dangerous radio waves are passing through your brain every minute? Buy my special tinfoil hat to protect yourself!
  
  --
  Slay a dragon... over lunch!
5. Re:Security through obscurity doesn't work by Eraesr · 2011-01-14 03:09 · Score: 4, Insightful
  
  His claim is a clear conflict of interest.
  Not at all, really. His claim clearly lines up with his interests. He wants you to buy his Android security app, so he'll claim that Android is really insecure.
6. Re:Security through obscurity doesn't work by Anonymous Coward · 2011-01-14 03:16 · Score: 5, Interesting
  
  Don't forget that the bad guys end up with the source code while the white hats don't get it. Take a look at Windows. The Chinese intel services have the source for it. Russia does too. However, people who need and rely the protection of the OS do not get the source code.
  So, the blackhats already have a leg up because they can clear-box their exploits. The whitehats have to keep disassembling stuff in order to have any hope whatsoever.
  Because MS doesn't trust people with the source code of their products, how can people trust them?
7. Re:Security through obscurity doesn't work by mlts · 2011-01-14 03:27 · Score: 4, Informative
  
  If people dumped Windows for open source, there will still be a large market for AV utilities, for legal reasons.
  There are a lot of companies where I had to spec out antivirus solutions for AIX, Solaris, RedHat, and OS X just for CYA reasons. Not like all the LPARs on the pSeries 795 in the server room is going to get infected, but because it is a checkbox on a contract that "all computers on the corporate network will have antivirus software on them."
8. Re:Security through obscurity doesn't work by apoc.famine · 2011-01-14 04:56 · Score: 5, Insightful
  
  Have some F about Trend Micro, but don't have any U or D - TM is one of the worst AV programs I've seen in action.
  
  Back around 2003, the corporate parent of my little used-to-be-locally-owned business set up a "19th hole" deal with TM. We were told to use TM as our sole AV in our local branch, as we now had a corporate-wide license. We refused, and were told that our AV must then come out of our own IT budget. Fair enough.
  
  Why did we refuse TM? For one, the version we were given at that time had to be installed by hand on every machine. Corporate IT actually went through their thousands of machine and installed the damn thing. Probably using interns, as it wouldn't have been cost effective to have actual IT do that work, despite their sweetheart deal with TM. With an IT staff of 3, only one of which was on desktop support, we didn't feel that it was worth a hand-install on 150 or so machines. Especially since almost everything about TM sucked.
  
  So we shelled out for Norton Corporate, set up a beefy desktop as a dedicated AV server, and pushed the client to all the local machines. 15 minutes of visual inspection plus the help of the rest of the employees found the dozen or so that didn't install properly, and those were dealt with by hand.
  
  A few months later, corporate got slammed with some hellacious worm. TM didn't pick it up at all. In the least. While it spread like wildfire from one of our local corporate goons' laptops onto our systems, Norton at least disarmed all the tens of thousands of copies it placed throughout most of our file systems. (The bastard was doing auditing, and had access to just about everything.)
  
  Corporate was unable to deal with the worm for a few days - we firewalled them off, cleaned up the mess, and got on with life before their IT was able to send us instructions on how to deal with it, and how to fix TM, which it had destroyed in the process. (Yes, every machine by hand, once again.)
  
  So long ramble short - don't listen to TM. Ever.
  
  --
  Velociraptor = Distiraptor / Timeraptor
Also in the news ... by BrianRoach · 2011-01-14 02:30 · Score: 5, Funny

In a related story, Trend Micro also noted that Windows has been far more secure than Linux for years due to it being closed source ...
1. Re:Also in the news ... by fuzzyfuzzyfungus · 2011-01-14 02:41 · Score: 4, Funny
  
  They then politely ignored inquiries as to why their software was needed to protect superior closed-source systems...
Feh by Pojut · 2011-01-14 02:33 · Score: 4, Interesting

They were doing this malarkey at my office a couple of years ago. They were spending all kinds of money on licenses on some sound program from Adobe (it was only going to be used to edit down calls that we recorded in our call center...so, yeah. We didn't really have huge requirements.) I tried convincing them to just use Audacity, but their response was "it's open source, anyone could mess with it, it was probably made by some guy in china, it's free which means it sucks, etc." ::eyeroll:: I tried telling them about how widespread its use is, and how it was made by a former Carnegie-Mellon-current-Google-employee, but they weren't having none of it.

--
Living With a Nerd
1. Re:Feh by Opportunist · 2011-01-14 03:33 · Score: 4, Insightful
  
  Wrong approach. It took me a while to wrap my mind around the mindset of the execs, but their reasoning seems to follow two logics when it comes to software:
  1. If it doesn't cost anything, it can't be worth anything.
  2. If there is no company behind it, we can't sue anyone if it fails.
  It's near impossible to show them that 1 is untrue and that 2 is a wet dream at best.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Consider the source by Just+Some+Guy · 2011-01-14 02:37 · Score: 5, Insightful

That's nice. Of course, I tend to associate Internet security firms with SEO consultants, astrologers, and anyone else who makes a living off fear and ignorance.

--
Dewey, what part of this looks like authorities should be involved?
Re:indeed by Dunbal · 2011-01-14 02:39 · Score: 4, Insightful

And also rocks should be banned.

--
Seven puppies were harmed during the making of this post.
Re:Right. by dkleinsc · 2011-01-14 02:44 · Score: 5, Funny

It is if you're Sir Gallahad of Camelot at the Bridge of Death.

--
I am officially gone from /. Long live http://www.soylentnews.com/
Re:Can Slashdot OP's cut the snark? by WiglyWorm · 2011-01-14 02:51 · Score: 4, Insightful

I take this as full disclosure, not editorializing.