[kwlug-disc] given enough eyeballs, all bugs are shallow?

unsolicited unsolicited at swiz.ca
Sat Jan 9 16:24:10 EST 2010



Lori Paniak wrote, On 01/09/2010 10:44 AM:
> On Sat, 2010-01-09 at 10:08 -0500, john at netdirect.ca wrote:
>> -----kwlug-disc-bounces at kwlug.org wrote: -----
>>
>>> From: unsolicited <unsolicited at swiz.ca>
>>>
>>> I get irritated when it is claimed Linux is more secure than Windows 
>>> because it doesn't get viruses. When we cannot possibly know that.
>>>
>>> Particularly when the reality is, if Linux were as popular as
>>> Windows, 
>>> it would be a much greater target than it is today, and get a 
>>> correspondingly larger level of viruses (which are essentially bugs /
>>> security holes).
>> Compare it to neighbourhoods. Despite houses being generally alike in
>> how they can be broken into, would you rather live in a neighbourhood
>> that has a high rate of break-ins or lower rate?
>>
>> I pick Linux. It has a lower rate of break-ins and I don't have to do
>> very much to keep it that way.
>>
> If "more eyeballs..." is not exactly true, then the "Windows has more
> security problems because it is more popular" line is pure BS.
> 
> Windows has more security problems because it has a poor/non-existent
> security policy that allows any Tom, Dick or Harriet process root
> privilege.  

I'll respond to John's elsewhere, but for here:

Part of the point of this thread is the lack of hard numbers, and, as 
you pointed out, arguments predicated on positions and assumptions 
that ultimately can't be nailed to the wall and quantitatively settled.

So, some portion of Windows security problems is because it is a 
larger base and more people whacking at it.

I don't disagree the better security model etc. ad nauseum, I've 
promulgated it myself in other messages in this thread.

But it's unlikely that the whole answer is better security model. Some 
amount of it has to be Windows is lower hanging fruit.

My base point is - that's at this moment. As Linux penetrates further, 
that will change. Never as bad as Windows, and found and fixed sooner 
and no longer an issue, but it's something greater than zero.

> 
> If security problems scaled with adoption, then Mac users should be
> running for their anti-virus distributors.  Surely Apple is ripe target
> for hackers.  In reality, Mac users happily compute without A/V software
> degrading the performance of their systems.  Why is that?  It is because
> OSX is firmly rooted in BSD which, like Linux, is designed for secure
> multi-user environments from day one. From a security standpoint, it is
> a demonstrably better operating system than any of the Windows.

I don't dispute that. I agree it's better. It's not realistic to say 
it's perfect.

Arguments can and have been made, for example, that part of Windows 
problem is that it's too permissive out of the box. Yet users beat 
Windows up when it's too restrictive, then again when they loosen 
those restrictions, then get nailed. So is that Window's fault, or the 
users?

So, when Linux desktops number as Windows desktops do today, and users 
do the same stupid things, it's not sensible to say Linux is 
absolutely secure. I agree, better than Windows, but how much better 
is debatable.

To Bob's point, starting this thread, I think actual hard numbers in 
this area are less than why is popularly promulgated.

> I do not understand why people put up with a product as defective as
> Windows - a product so defective that it implores you to go and buy
> anti-virus software as soon as you start it.  It is like buying a new
> car and when you start it you get a warning light that directs you to
> the repair shop immediately.  Car buyers would consider that a lemon.
> In computer-land, MS has made it the happy norm.  This is where Linux
> and BSD are clearly superior in ways that the typical user (and their
> wallets) can understand and appreciate.

I don't agree that your examples are appropriate here. Instead, try 
'rust protection' and 'extended warranty'.

Some cars resist rust better and are better built than others. But in 
the end, they will all rust, and will all break down.

Linux will have a increasing rate of problems as more and more 
eyeballs get put on it. Granted, they will be fixed faster, and the 
rate won't be as great as Windows due to security model and other 
things, but to say 'Linux is secure' and 'there will never be 
problems' is fallacy.



More information about the kwlug-disc_kwlug.org mailing list