[kwlug-disc] given enough eyeballs, all bugs are shallow?

unsolicited unsolicited at swiz.ca
Sat Jan 9 16:41:03 EST 2010

john at netdirect.ca wrote, On 01/09/2010 10:08 AM:
> -----kwlug-disc-bounces at kwlug.org wrote: -----
>> From: unsolicited <unsolicited at swiz.ca>
>> I get irritated when it is claimed Linux is more secure than
>> Windows because it doesn't get viruses. When we cannot possibly
>> know that.
>> Particularly when the reality is, if Linux were as popular as 
>> Windows, it would be a much greater target than it is today, and
>> get a correspondingly larger level of viruses (which are
>> essentially bugs / security holes).
> Compare it to neighbourhoods. Despite houses being generally alike
> in how they can be broken into, would you rather live in a
> neighbourhood that has a high rate of break-ins or lower rate?

You misunderstand me.

I'm not saying Linux isn't better, I'm saying Linux has a patina on 
it that will eventually be rubbed off as more and more use it 
(eyeballs), and for people to claim that Linux will always be malware 
free is snake oil.

And it's the snake oil that I get irritated at. Only. Full stop.

To use your analogy - to blame more breakins in inner city houses than 
rural houses on the contractor, solely, is ludicrous. Inner city has 
more people around, some percentage of any population is nefarious, so 
there are more people around, some of whom are interested in breaking 
in, so more breakins will happen.

I don't disagree that lots of factors make the Linux situation far 
better than Windows - but it's not zero. And it's those claiming that 
it's zero that bother me.

In this thread of hard numbers and eyeballs.

> I pick Linux. It has a lower rate of break-ins and I don't have to
> do very much to keep it that way.

Today. But you will in time have to do some things, probably in some 
correlated proportion to the number of eyeballs beating on it. I think 
it unreasonable to claim otherwise. And, granted, always less than 
what Windows puts you through. Aside from being less vulnerable, the 
community will also respond with less onerous protection mechanisms.

But a bad open office writer download will take out your documents 
just as fast as a bad Word download with macros in it.

Obscurity is not a viable defense.

To claim otherwise is snake oil. Please note - I am not saying anybody 
here is making this claim. I'm saying, to Lori's point, it's urban 
legend not backed up by anything. And can't be until there are as many 
Linux desktops as Windows desktops. [Further complicated that by the 
time we get there, better strategies will be put in place to better 
mitigate impacts.]

More information about the kwlug-disc mailing list