l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2004 Sep 26 04:32

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] [OT] Length of time to infect a Windows computer?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] [OT] Length of time to infect a Windows computer?

On Sat, Sep 25, 2004 at 02:56:16PM -0700, Robert G. Scofield wrote:
> 2)  To what extent, if any, is open source software better in terms of 
> being spied on.

The issue of 'spyware' in Open Source is the same as with easter eggs
and 'malware' (purposeful 'misfeatures'), and bugs and other security problems
(accidental problems, or those caused by simple ignorance of proper coding)
in Open Source software.

A piece of software being 'open' does not implicity improve it's
stability, security, or trustworthiness.

With proprietary software, though, we can't even see inside it to see
exactly what it does.  This must be inferred by examining what it does
when running, disassembling the binaries, sniffing network traffic, etc.

One of the arguments people often use when supporting Open Source software is
that 'many eyes' will help find and fix the bugs.  While this, too, is
technically true, in practise, it really depends on the popularity of the
software (how many people use it to find the bugs in action (users),
as well as how many people want to contribute to the project to both find bugs
in the source itself, and fix the bugs and enhance the code (developers)),
and the competence and trustworthiness of the developers.

i.e., if you download "Super Foobar 0.1" (a make-believe GPL'd application)
off the Internet, it probably contains some bugs, it may be insecure, and
there's the technical possibility that it's malicious (e.g., spyware, or
purposefully decides to delete your home directory when you run it).

If you download FireFox, you know literally a million people are using it,
and there are probably dozens, if not hundreds of contributors working on
it even as I compose this message. :^)

There's social aspect of Open Source, too.  Part of the reason many of
us create OSS is to help improve the world.  Some of us do it for the
ego trip.  :^)

Once it's found that Super Foobar is malicious code, the word will spread,
and any semi-saavy web surfer looking for a piece of OSS will discover that
the app isn't trustable.  (If the app. is otherwise useful, since it's
Open Source, there's a good chance it will get forked into, say,
'Excellent Phoobar,' and the malicious bits taken out.  Software Darwinism at
work, so to speak!)

(Of course, the same can be said for proprietary software, up until that last
bit.  Many people know 'Gator' is spyware [*], and so it can be avoided.
However, whatever useful bits it has can't be forked.)

Anyway, it's 3am, I'm tired, and I think I'm rambling.  I hope this has helped
shed a /little/ light on the subject.  My disclaimer, however: I'm not an OSS
or spyware expert who's done any scientific research on either subject.
I'm just an average-Joe end user who prefers Linux and Open Source, and
a hobbiest software developer who releases his software under an OSS license.



[*] e.g.: http://www.personalfirewall.trustix.com/spyware/gator.html
vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.