Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trend Micro Chairman Says Open Source Is a Security Risk

Posted by Soulskill on from the with-friends-like-these dept.

dkd903 writes "Steve Chang, the Chairman of Trend Micro, has kicked up a controversy by claiming that open source software is inherently less secure than closed source. When talking about the security of smartphones, Chang claimed that the iPhone is more secure than Android because being an open-source platform lets attackers know more about the underlying architecture." This comes a week after Trend Micro released a mobile security app for Android.

8 of 258 comments (clear)

  1. Security through obscurity doesn't work by WiglyWorm · · Score: 5, Insightful

    Just some FUD to sell an app.

    1. Re:Security through obscurity doesn't work by dintech · · Score: 5, Insightful

      It's scary that someone of his seniority in the computer security business would be pushing 'security through obscurity'. Doesn't he have access to Google? The only fear uncertainty and doubt I have is about Trend Micro.

    2. Re:Security through obscurity doesn't work by fuzzyfuzzyfungus · · Score: 5, Insightful

      If I had spent years building AV software to paper over Windows' flaws, I'd probably have given up on technical correctness as well...

    3. Re:Security through obscurity doesn't work by Anonymous Coward · · Score: 5, Interesting

      Don't forget that the bad guys end up with the source code while the white hats don't get it. Take a look at Windows. The Chinese intel services have the source for it. Russia does too. However, people who need and rely the protection of the OS do not get the source code.

      So, the blackhats already have a leg up because they can clear-box their exploits. The whitehats have to keep disassembling stuff in order to have any hope whatsoever.

      Because MS doesn't trust people with the source code of their products, how can people trust them?

    4. Re:Security through obscurity doesn't work by apoc.famine · · Score: 5, Insightful

      Have some F about Trend Micro, but don't have any U or D - TM is one of the worst AV programs I've seen in action.

      Back around 2003, the corporate parent of my little used-to-be-locally-owned business set up a "19th hole" deal with TM. We were told to use TM as our sole AV in our local branch, as we now had a corporate-wide license. We refused, and were told that our AV must then come out of our own IT budget. Fair enough.

      Why did we refuse TM? For one, the version we were given at that time had to be installed by hand on every machine. Corporate IT actually went through their thousands of machine and installed the damn thing. Probably using interns, as it wouldn't have been cost effective to have actual IT do that work, despite their sweetheart deal with TM. With an IT staff of 3, only one of which was on desktop support, we didn't feel that it was worth a hand-install on 150 or so machines. Especially since almost everything about TM sucked.

      So we shelled out for Norton Corporate, set up a beefy desktop as a dedicated AV server, and pushed the client to all the local machines. 15 minutes of visual inspection plus the help of the rest of the employees found the dozen or so that didn't install properly, and those were dealt with by hand.

      A few months later, corporate got slammed with some hellacious worm. TM didn't pick it up at all. In the least. While it spread like wildfire from one of our local corporate goons' laptops onto our systems, Norton at least disarmed all the tens of thousands of copies it placed throughout most of our file systems. (The bastard was doing auditing, and had access to just about everything.)

      Corporate was unable to deal with the worm for a few days - we firewalled them off, cleaned up the mess, and got on with life before their IT was able to send us instructions on how to deal with it, and how to fix TM, which it had destroyed in the process. (Yes, every machine by hand, once again.)

      So long ramble short - don't listen to TM. Ever.

      --
      Velociraptor = Distiraptor / Timeraptor
  2. Also in the news ... by BrianRoach · · Score: 5, Funny

    In a related story, Trend Micro also noted that Windows has been far more secure than Linux for years due to it being closed source ...

  3. Consider the source by Just+Some+Guy · · Score: 5, Insightful

    That's nice. Of course, I tend to associate Internet security firms with SEO consultants, astrologers, and anyone else who makes a living off fear and ignorance.

    --
    Dewey, what part of this looks like authorities should be involved?
  4. Re:Right. by dkleinsc · · Score: 5, Funny

    It is if you're Sir Gallahad of Camelot at the Bridge of Death.

    --
    I am officially gone from /. Long live http://www.soylentnews.com/