Re: Qns on linux security frm windows users :::Help !!!
- From: "Peter N. Schweitzer" <pschweitzer@xxxxxxxx>
- Date: Fri, 8 Sep 2006 15:07:34 GMT
Arvin wrote:
I've been using linux for a long time and have been trying to *popularize*
it. But can anyone help me with some qns which windows users asked me...???
1. Since the source is open, cant people introduce trojans and spywares in
the main source code itself, taking away our personal info ? (i'm not saying
windows doesnt have such codes)
The source is open in the sense that anybody can read it. But any specific
distribution package of the code has to be made by somebody, and that
person or group serves as gatekeeper, deciding what changes will be
incorporated and what will not. For the kernel, Linus Torvalds had that
function by himself for a number of years; now it is essentially done by
a small group. But if a distribution--the actual packages people install--
acquires a reputation for instability, it will disappear quickly.
So the short answer is that "open source" doesn't mean anybody gets to
change the software that everybody else uses. It means lots of people
are able to review and discuss openly what does change.
2. Is ther any other feature which protects itself frm viruses other than
the denial of the execution permission ? (not talking about 3rd party
antiviruses)
I don't think Linux has special antivirus capabilities, but the
general UNIX model of not running with more privileges than necessary,
which are very slowly becoming the norm in Windows systems, have
helped Linux a lot. Still, if you run a Linux desktop system as root,
you're asking for trouble. But most Linux users simply don't.
Much of the early vulnerabilities of both UNIX and Windows came from
applications trusting each others' data too much. Both systems have
changed a lot since the early 1990s, and the biggest changes have been
in checking carefully the data that are exchanged.
3. Since the *making* of the linux apps involves the open source community
as a whole, how can they follow a good well defined process to generate a
*good* code ? which can lead to security holes and other problems ?
<opinion>
Widespread code review and actual use is better than any methodological system.
Cheaper, too. Moreover, there's nothing to prevent Linux developers from
using a systematic process to develop code.
</opinion>
Peter
--
Peter N. Schweitzer (MS 954, U.S. Geological Survey, Reston, VA 20192)
(703) 648-6533 FAX: (703) 648-6252 email: pschweitzer@xxxxxxxx
<http://geology.usgs.gov/peter/>
.
- References:
- Prev by Date: Re: Cyberterrorism [was: Re: NSA wiretap, Friday night]
- Next by Date: Re: Qns on linux security frm windows users :::Help !!!
- Previous by thread: Re: Qns on linux security frm windows users :::Help !!!
- Next by thread: Re: Qns on linux security frm windows users :::Help !!!
- Index(es):
Relevant Pages
|
