[leglug-users] BSD vs Linux, 1st machine and general knwoledge question

[BashLogic]

>i've had this question since
> my early days with linux and most of whom i asked b4 didn't give me an
> answer that satisfied me: If a system is open source meaning everyone can
> get to the source know/understand how it works wouldn't it be easier to
> "design" a way to crash it? i know that there are crash safe scenarios and
> safe plans but aren't these also open source?
>  i admit that i want a linux system that is eye candy and a "looker" as much
> as its functional and flexible, i enjoy playing games on my pc too

whether the targeted system is open or closed source, it always will
fall a victim to an attack. the reasons are simple:
e.g. windows, unix and linux all connect to the internet via the ip
stack rfc standard. this standard is not OS centric and the simplest
"bug" in the protocol can easily apply to any OS. specific
implementation of the protocol differs in different OS hence other
bugs do not apply to all OS, so you see whether it is open or closed
doesnt matter.

a design that is open has more hands at addressing the issue and
resolves it quickly, we still see it today with microsoft where during
the last two years it has had several fixes for earlier released fixes
only to prove that even closed source does not bring quality or
security any better than a closed source. anyone who says otherwise is
missleading you.

if you look at security companies, they equally wheigh close and open
source OS and applications as for each have their own vulnerabilities.

linux is secure and vulnerable, and so is windows, solaris and bsd.
everything is as secure as you make it. solaris is of the most secure
for its "automized" hardening features which has partially exited in
linux and is becomming better and better with the introduction of
apparmor and selinux etc. windows on the otherhand is not flexible for
hardening, everytime you harden one part, you are doing it at the
expence of another resource of the OS contrary to linux or unix.

it is true that opensource can be interpreted to be vulnerable. the
vulnerability exists only if there is a bad architectural design in
the implementation and coding. but when that is noted, either it is
fixed or improved or then again a competing project would rise and
correct the issue.

with closed source such as microsoft, they might have a fix in the
build tree for up to two years prior for it to be compiled and
released either as a full remastered version of the OS or as a service
pack. if the bug comes to ppls attention prior to that and even at
that point microsoft might not find it from within the build tree and
would recreate it hence doing the job twice and possibly having to
fail at it twice. it remains to be unknown how well the code is
implemented but having spoken with various developers, many find
features and stupid implimentations that not many are aware of and no
one does anything about it unless you are a jumbo sized corporate to
which microsoft would release a custom fix to fix your problem.

regards
BL