Does Open Source Security Make Sense?

    I have been thinking about open source software lately, especially security software, and I thought I would share my thoughts with you.

    First of all, let’s define what open source means.  Open source is the idea in technology, especially software, that says everyone should be able to see the source material used to create it.  This means that if a program is written and distributed as open source, anyone can get a hold of the source code that makes it run.  The idea behind this is that people can take this freely available source material and either build upon it to create their own program or merely improve the existing program.

    Okay, now let’s take a look at what open source means for your computer’s security, primarily anti-virus.  If the source code for an anti-virus program is available, it would be child’s play for a dedicated virus creator, who wants to create havoc, to acquire that code and use it to discover and exploit weaknesses in it.  To me, the whole idea seems seem akin to building a wall around your castle to protect you from an outside enemy and then posting the blueprints for that selfsame wall, complete with all the secret passages and weak points marked, where any invader can easily access them.

    I think the majority of people would and do agree with me on this.  Why?  Because almost all of the anti-virus programs on the market are close source, meaning only the company that created it has access to the code that makes it run.  Think about it.  The top anti-virus companies, Norton, McAfee, Panda, Trends Micro and Avira, all keep the source code for their programs under wraps, probably because they understand the risks.

      In fact, there are very few open source.  One of the best known is  ClamAV.  However, I’m not sure how long this will continue.  It appears that a company called Sourcefire has acquired the trademarks and copyrights to ClamAV, so that may change too.

    In closing, don’t trust the security of your computer to a company who posts the blueprint of your castle for all to see.  You might just get bit.

    Please feel free to comment.

Hackers Zeros in on Apple

For many years, Windows has been the target for the majority of the hacker community.  Because of this many alternative operating systems claimed that they were safer than Windows.  The truth of the matter is that there are just too few people using alternative operating systems to make it worth it for hackers.

Look at it this way.  About 90% of people who use computers use some version of Microsoft Windows.  Apple’s Mac OS has 9.61% of the operating system.  The other less than 2% is split among the many versions of Unix and Linux.  Why would a hacker waste his time breaking into an operating system that .5% of people use?  It’s more logical to do something that would cause the most amount of damage and open the most number of computers to pillage.

That said, hackers are either getting tired of Windows or the security is getting better because Apple has been coming under more attacks in recently.  There have been several bugs that targeted Mac OS.  In recent news, it has been announced that Apple’s browser, Safari, is vulnerable.

The annual hacker contest Pwn2Own is almost here.  Charlie Miller, last year’s winner, said that Apple’s Safari would be “easy pickings”.  He predicted that 4 people would be able to crack the browser.  This does not bode well for Apple, especially in light of their recent release of Safari 4 beta.  This is also bad news for Windows people who use Safari.  It will give hackers a back-door into Windows.

My advice: Apple should stop boasting about the performance and features of both their operating system and browser.  Instead they should hire some of these hackers to help them tighten up security in their products.