[TriLUG] Can open source solutions be viable companies?

Mike Mueller mjm-58 at mindspring.com
Fri Jun 28 21:18:40 EDT 2002


On Friday 28 June 2002 18:21, Tanner Lovelace reputedly wrote:
> On Fri, 2002-06-28 at 17:31, Mike Mueller wrote:
> > Are these not facts: 1) MS succumbs to attacks often and Linux
> > infrequently,
>
> Mike, while I whole heartedly agree with this, in the interest of
> full disclosure I must point out that one (of the many) reasons
> MS systems succumb to attacks more often is that, having 90% of the
> desktop market, attackers are more likely to target them.  If the
> situation was reversed, I believe there would be more problems
> with linux.  I *believe* it would be less than what currently
> happens with microsoft, but I can't prove that.  So, let's not
> let us (the linux camp) get a false sense of security about this.
> We still have to make sure linux is secure (i.e. the recent push
> to update apache and openssh).

I hear ya.  Good tools and no vigilance will result in failure.  Now if I 
assume equal vigilance in the MS camp and the OS/Linux camp, I would argue 
that the Linux camp security program has more credibility.  I've read some of 
the explanations of recent openssh weaknesses.  Even though I could not 
understand the details of what I read, I felt that the circle of people that 
do understand such things ensure that such writings are accurate.  To this I 
compare the updates from MS that contain who-knows-what that could compromise 
operations and security while purportedly fixing something in IE.  The Linux 
security camp acts like a top rated surgeon explaining a complicated 
procedure to patient that is respected.  The MS security camp acts like a 
pill pushing doctor writing prescriptions to all comers.  I agree that Linux 
by itself is not a secure solution and that uninformed or complacent or 
overwhelmed people can compromise the good set of tools. that Linux provides. 

I am still amazed that I don't need a virus cleaner on my Linux systems.  
Maybe that will change one day.  

Has TriLUG considered a "How to run a secure shop" topic for the monthly 
meetings?

-- 
m



More information about the TriLUG mailing list