--- David Jackson <[EMAIL PROTECTED]> wrote: > On Sat, 2004-02-14 at 18:05, John Hebert wrote: > > Well, then what do you think about: > > > http://www.dougriddle.com/linux/johnh20020606.html? > > > > I would like to first draw attention to the fact > that this original > thread started over the possibility that the source > code to Windows had > been leaked out. > > I believe your article, and the support article > about Kerchoff's > Principle, serve to reinforce my original point. > > "Security through obscurity" never works, for dozens > of reasons. > Microsoft has relied on it for the bulk of their > existence. They do not > benefit from "peer review", because their OS and > applications are closed > source. > > Following this assertion, it might be easy to draw > the conclusion that > open source, by inference, is much more secure. > But, it is solely > because of peer review that it is more secure.
Ah. Now I understand why you said we were miscommunicating. I agree with what you are saying so far. > Microsoft does not have the luxury of peer review; > they keep their > source code secret. When someone discovers their > "secrets" (in this > case, their source code), they no longer have > obscurity, thus they have > no more security. Agreed, but obscurity is not and never should be considered security, as I pointed out in my essay. If Microsoft really considered their source code secret, they would not have signed Shared Source licenses with the former KGB and China. Personally, I am disgusted by this fact. > We're not talking about cryptography here; we're > talking an operating > system, and the ability to exploit it. Having the > source code will give > you all manner of information that will enable you > to tailor-make buffer > overrun exploits, play with sending packets to any > one of the dozen or > so ports that Windows leaves open...etc. I disagree here. We are talking about cryptography, but more importantly I am talking about writing better code. Buffer overruns happen because someone wrote bad code that did not validate input. The same answer applies for open ports; ports must be open for the OS to be useful, but the OS should operate in a fashion that does not compromise security because of unexpected input. My point is that an OS exploit is the result of buggy code. As you pointed out, "it is solely because of peer review that it is more secure", so open source gets debugged faster, relative to closed source. In too many cases it can be shown that closed source software providers rely on obscurity to hide buggy code (http://www.eweek.com/article2/0,3959,5264,00.asp). The end users (consumers) do not benefit from this policy, because it is unknown which parties know about the exploit, or insecurity, while the closed source provider (the only party able to debug it) provides a patch. This is not security, this is CYA. The reason I said that we are talking about cryptography is because I am implying that OSs should use cryptography where it makes sense to use it: user identity for one, message encryption for another, and password encryption for a third. For example, POP, IMAP, and SMTP can all use SSL/TLS now. Even MS LookOut supports SSL for sending and receiving email, but few people use it. Granted, this is more of a userland issue than an OS issue, but MS could certainly do more to encourage admins and users to use encryption. Despite MS's previous postering, they still do not take security seriously enough. In today's security conscious environment, we should treat OS security problems with the same seriousness that we treat other dangerous faults with other products; seat belts, exploding gas tanks, etc. > The bottom line is this; as long as open source > benefits from peer > review, then yes, open source will be, by it's > nature, more secure than > closed source. I'd like to point out to others who may be reading this: peer-review alone is just part of the security process. Vigilant sysadmins will keep themselves informed about security problems, for example. There are many good resources about operating system and network security on the web. Here's a good place to start: http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-The-Ultimate-Solution-v2.0.pdf > In this specific case however, Microsoft will lose > it's obscurity, and > their entire operating system will be compromised. I see your point and understand you better now. But I still say that relying on obscurity only gives a false sense of security. Source code will _always_ be discovered, since it must be available to be useful. Source code cannot be treated or thought of like classified material, where the user audience is vigorously restricted. ===== John Hebert Official BRLUG Linux Curmudgeon Open Source Ankle Biter __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html
