Posted on 03/04/2003 12:26:52 PM PST by Bush2000
Really? Is that why I have purchased copies of Microsoft Office on half the Macs in my house? Is that what all the rest of the commercial software I've bought is all about?
Yes, there are bugs in both open and closed source applications. There are potential dangers to open source software but they are lost in the broad arguments you make. Specifically, Open Source software lacks a formal quality control system and users who don't discriminate between proven Open Source software (like emacs or Perl) and more amateur efforts can cause problems. Of course so can users who load crummy commercial software or warez. But I'll admit that the hurdle to entry for commercial software does help to exclude the very worst software, a hurdle that doesn't exist for Open Source software.
And if Open Source software becomes buggier and buggier, as you suggest it will, it won't get adopted more and more, now will it?
Read Aberdeen's report on open source code quality. It's enlightening.
Ah. The report that counts CERT advisories. You ask me to trust your experience below, yet you want me to trust a single report over the collective experience of many people who have tried both Windows and *nix systems here that have seen Windows cause more problems, in practice, than *nix servers?
No, but as a general rule, people that use both Windows and Linux tend to be more technically astute than most users.
As opposed to someone who uses just Windows or someone who uses just Linux?
Experience. I've been around in the software industry for a long time. I know trends. Most of the people using Linux were using Windows not so long ago, in my experience.
I'm not talking about "users" but "programmers". A lot of people programming in Linux come straight off using Solaris or Linux in college. But what's most important, in my opinion, is that the sort of anti-Microsoft fanatic that might want to sabotage Windows servers is unlikely to have spent much time developing software on Windows. Do you know anyone who is both a Windows programmer and an anti-Microsoft zealot? I don't. And having done very little development on Windows (outside of Basic and Visual Basic) yet a lot of low-level development on *nix servers, I wouldn't have the first clue of where to start if I wanted to write a Windows virus but I might be able to hack my way into a Unix server. What you are suggesting is that we blame a large number of Windows security exploits on people who simultaneously advocate and use Open Source software yet spend a substantial amount of time learning hacking Windows.
Huh? They're not so different. They only have a few forms: (1) email viruses and worms, (2) server-attack worms, (3) virus-attached warez, shareware, and spyware. Each generation has been a subtle evolution of the previous generation.
You know as well as I do that server attack on different services require an understanding of the service being attacked, how it communicates, and what its vulnerabilities are. A sendmail worm, though conceptually similar to a SQL Server worm, requires knowledge of a different set of software and communications protocols. You need to know where an overflow exists, how to get at it, and what message to send to utilize it and that's not the same from one service to another. It isn't a matter of changing a few lines to turn one into the other. As for warez, hacking commercial software to remove license keys again requires substantial knowledge of Windows, as does hiding spyware. If we were only talking about email viruses and worms, I might believe that Open Source script kiddies were a significant part of the problem.
A more likely source is people who use Windows but hate Microsoft. Crackers and anarchist. I'm sure they are the same thing as Open Source "ABMers" to you but they aren't. Indeed, does it make any sense to think that someone who believes in "anything but Microsoft" is going to spend a substantial amount of time using Microsoft Windows and development software to develop viruses and worms?
The arguments are based on common sense. Something which you don't embrace.
Relying on "common sense" isn't an argument. It's a glorified way of saying, "Trust me. I'm right." That only works with the choir. If your sense is so "common", you should have no trouble explaining the reasoning behind it. I'm not saying that it's impossible for an Open Source advocate to hack Windows. I simply think it is unlikely. You, however, seem to be blaming all of Microsoft's security woes on a very specific type of person. I'm simply asking for the proof to back up your certainty. So far, you haven't produced any. And, no, I don't think it is coincidental that you are blaming a group that you otherwise don't like.
The same place you are deriving your sweeping statements. My experience and the experience of others as read in trade magazines, online forums, and at work. The concerns about Windows security are not entirely the product of anti-Microsoft propaganda. FYI, the one web site that I developed where I recommended Windows as a platform was the only web site I ever worked on that was hacked (through no fault of my own -- a large number of Windows machines were hacked that weekend).
It's been my experience that, if you use Linux, you in all likelihood are pretty proficient at using Windows. But the converse is not true.
Most of the people I know who use Linux are Unix developers or sysadmin types. They don't program on Windows. I use Linux. I'm a developer. The only programming I've ever done on Windows involved spreadsheet macros, BASIC, and a very little Visual Basic.
Recent virus writers ("Melissa", "Anna", etc).
Fair enough, though it doesn't seem clear that the Melissa writer was an anti-Microsoft zealot. Do you have any articles about it (it could be true -- my searches simply didn't turn up any solid evidence of it).
And we both know that a program written in Berkeley sockets on unix will port to Windows quite nicely, thank you. It doesn't require much of a stretch.
And? Port scanning and sending client messages is trivial. It's what's in the message and the package sent to the overflow that matters. The overflow exploit needs to be in binary format and generally, as far as I know, needs to be "aware" of what it is exploiting. I suppose it is possible that all the pieces were simply laying out there for some script kiddie to put them all together but the SQL Server attack seemed a bit more sophisticated than that.
And really ... SMTP is, like HTTP, a simple text protocol. You're not arguing that the protocols are so arcane that even a junior dev couldn't write code for them, are you? Because my 12 year old nephew has written a fair amount of network programming code... ;-p
I'm not talking about SMTP. I'm talking about the SQL Server worm, but even then, the overflow message needs to be more than text. And if the buffer overflow problem is not be present in the primary buffer, it may require a specific sequence of data to be sent to exploit it. That's hardly trivial to find, text or binary. Put another way, if viruses and worms were easy enough for a 12 year-old to find and exploit, regardless of the platform, 12 year-olds like your nephew would be writing them. People who hate Microsoft -- and let's understand something (hate isn't just a mild dislike) -- are more likely to move to alternatives such as Linux. I don't know why you insist on establishing artificial boundaries for them... as if they wouldn't be likely to use Linux.
Almost everyone I've encountered who doesn't like Microsoft and uses Linux simply does that. They use Linux. That could care less about Microsoft and wouldn't want to use their software to hurt them. The people that I've encountered with the knowledge and will to write worms and viruses have generally been people well versed in the internals of Windows. In other words, I don't think the situation is as simplistic as you are making it out to be nor do I think you are justified in pointing the finger of guilt to one particular group without evidence. But unless either of us is willing to look at the motives for each virus and worm on a case by case basis, we're both basically talking from experience and guessing.
And I have explained it. It's not a stretch to reason that people who hate Microsoft are (a) more likely to seek out and use alternatives, and (b) if they truly hate Microsoft, they are probably motivated to hurt the company any way they can. That would include writing malicious worms and viruses.
It's not a stretch to believe that some viruses are written by Microsoft haters. It is a stretch to believe that this provides an explanation for every virus and worm targetting Microsoft products.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.