Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!news.gan.net.au!act.news.telstra.net!psgrain!newsfeed.internetmci.com!news.mathworks.com!zombie.ncsc.mil!nntp.coast.net!harbinger.cc.monash.edu.au!mail_gw.fwall.telecom.com.au!cdn_news.telecom.com.au!sjg From: sjg@dn.itg.telecom.com.au (Simon J. Gerraty) Newsgroups: comp.os.linux.misc,comp.os.linux.development.system,comp.os.linux.networking,comp.unix.bsd.bsdi.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.freebsd.misc Subject: Re: need secure OS to entrust millions to Date: 20 Mar 96 03:11:32 GMT Organization: Telstra Lines: 43 Message-ID: <sjg.827291492@netboss> References: <4gi6t6$3h9@lace.colorado.edu> <nc0453Dn96w6.93F@netcom.com> <y5ad974s4v4.fsf@graphics.cs.nyu.edu> <4gqf17$1lr@cynic.portal.ca> <1996Feb25.152559.8977@jarvis.cs.toronto.edu> NNTP-Posting-Host: 144.136.48.60 Keywords: security linux freebsd operating system Xref: euryale.cc.adfa.oz.au comp.os.linux.misc:92931 comp.os.linux.development.system:19630 comp.os.linux.networking:32186 comp.unix.bsd.bsdi.misc:2698 comp.unix.bsd.netbsd.misc:2499 comp.unix.bsd.freebsd.misc:15643 colohan@eecg.toronto.edu (Chris Colohan) writes: >To reiterate the points that have been made so far: >1. Buy commercial software that is designed and built for high >security applications. It has been developed with security in mind >from beginning to end, and has had experts comb through it for flaws. >It also will cost money to get the source, which means that it is more >difficult for intruders to get the source and look for holes. This argument has been repeated ad nauseum in the firewalls list. According to the gods there, lack of available source is no deterent to profesional intruders. >2. Buy a service contract and a source license for the OS. You can >hire professionals who will guarantee that your machine will keep on >working to your standards, and be as secure as you can afford to pay >for. By having access to the source, fixes can be made quickly if >necessary. Really? Better professionals than the guys who wrote the OS? and who still haven't found all the bugs? I agree though that having source is good. That's why most folk reading this use Free OS's. >What do you lose by using a free OS in a mission critical application? >1. Security through obscurity. More people have access to the source >code for your OS, so there is a greater chance of someone finding a >security flaw and exploiting it before you can fix it. There is also a infinitely greater chance of someone finding a flaw fixing it and making the fix available to you. Of all the software I've found bugs in over the last 10 years, commercial packages (incl OS's) are the only ones that still have some of the bugs. All the bugs that _I_ found in free s/w were either fixed by me or by someone else - often within hours... -- Simon J. Gerraty <sjg@telstra.com.au> #include <disclaimer> /* imagine something _very_ witty here */