There's a bunch of interesting articles about this on securityfocus.com...
1) The source code for Linux's kernel and 99% of the utilities that make
it Unix is freely available. The source code for FW-1 is most definitely
not available. A exploit against FW-1 is therefore equally likely/unlikely
regardless of OS. An exploit against the OS will always trump security of
a process.
2) IMHO it's a lot easier to trust a disparate group of people using
public, archived communication to reach a openly expressed goal (World
Domination. Fast.) with open source software than it is to trust a private
group of people using private communication to reach the same goal using
closed source software. Of course, the whole thing depends on who's
auditing the code -- I don't personally have the patience for anything
more complex than a bit of shell scripting, but I do find it comforting
that I can see the bug fixing process.**
3) It's in the nature of the model that developers will come and go. It's
also in the nature of corporations that developers will come and
go. Them's the breaks -- again, I'd feel more comfortable if the ource was
written from the start for public reading and consumption. Witness the
messes that occur when a massive upgrade is attempted on something like
Netscape.
4) Linux is UNIX -- I assume you're referring to another variant, such as
Solaris or HP-UX. Have a look at bugtraq, and make your own decisions.
**A few weeks ago I downloaded the Mailman mailing list manager and
attempted to install it. Trying to create a new list bombed. So I went to
the archives of the Mailman mailing list and discovered that there was a
small bug in the script which had been discovered hours before. In fact it
was a simple enough bug that I was able to apply the patch by hand, create
my lists, and be on my merry way. Contrast that with the last time you saw
odd behavior in Microsoft Outlook.
HTH
--
Jack Coates, Rainfinity SE
t: 650-962-5301 m: 650-280-4376
On Thu, 20 Jul 2000, sathish wrote:
> Hi,
>
> We are planning to install Checkpoint 4.1 on Linux, our concern is
>
> 1. As this is security related issue and Linux source code is available freely to
>everyone ?
> 2. Linux is developed by a group of developers and can we trust that what ever
>these developers have contributed doesnot have malicious programs built into it ?
> 3.Future OS updates will be again thru the same group of develpers ?
> 4. Is it safe going with linux for security solutions or opt for NT, UNIX ?
>
>
> regs
>
> Sathish M R
> Network Systems Engineer
> Euclid India Limited
> Bangalore.
>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
