The big problem with Linux is seen wrongly seen as secure. And it isn't for the same reason as Mac OS is, or at least was; that was purely and simply because it was worth hackers time in attempting to attack the system.

No, the problems with Linux go far below that. By definition, open source software is such that anyone can look at any part of the code and make changes to make it better. That has a huge flaw. It means anyone can go in and work out how to slot their malicious code into the software more easily.

Imagine Windows, Mac OS and Linux all being different types of locks. With Windows, sure, there are a lot of break in but that's because so many people use that lock and its better for a burglar to focus on learning how to break that lock to make the most money.

Mac OS is used less, but some people are beginning to target those locks as a specialization and are proving that because they haven't been targeted in the past and so security measures aren't really in place, one you know how to break it, it's done very easily.

The key thing to remember (no pun intended) is that unless you make the lock and the key, you have no idea how to break in to those houses without brute force.

Now look at Linux. I can go on to the web and find the plans for how your lock works and directions on how to cut your key from all over the world. Hell, I can even order a carbon copy of your lock at no cost to me to make sure that my duplicate key works. Then I can simply go up to your do and open it with my fake key...

And that's the fundamental flaw in the idea of open source software. If I can see how you OS works and what 'key' I need to design to simply open it up to attack then Windows and Mac OS are infinitely safer.

I don't want to admit it but he's got a point

I'd never looked at it like that. I'm sure it wouldn't be as easy as Herbert makes out but it does sound plausible

If you really want security, there is only one sane choice, and it's not Windows or any variant or derivative of Unix.
OpenVMS.
True it is proprietary, but then, so is Windows, and Windows cannot claim either multi-year uptime or demonstrable system integrity.
Granted it does not have the range of desktop applications to satisfy that market, but as a server O/S it has no peer.

True John, but the major problem there is, it doesn't have critical mass to have attacks aimed at it. It's secure in the same way Apple was years ago... not because the software is invincible � it's just never been tested.

Those arguments were put forward by Microsoft in a marketing campaign years ago when their OS was beginning to look like a security disaster to even the most die hard Microsoft fan. Looks like it worked as years later Herbert repeats the argument verbatim.

Here's a snippet from the Register dated 2004 which came out around the same time as the Microsoft marketing people came up with the arguments used above.

Myth Windows only gets attacked most because it's such a big target, and if Linux use (or indeed OS X use) grew then so would the number of attacks.

Fact When it comes to web servers, the biggest target is Apache, the Internet's server of choice. Attacks on Apache are nevertheless far fewer in number, and cause less damage. And in some case Apache-related attacks have the most serious effect on Windows machines. Attacks are of course aimed at Windows because of the numbers of users, but its design makes it a much easier target, and much easier for an attack to wreak havoc. Windows' widespread (and often unnecessary) use of features such as RPC meanwhile adds vulnerabilities that really need not be there. Linux's design is not vulnerable in the same ways, and no matter how successful it eventually becomes it simply cannot experience attacks to similar levels, inflicting similar levels of damage, to Windows.

Myth Open Source Software is inherently dangerous because its source code is widely available, whereas Windows 'blueprints' are carefully guarded by Microsoft.
Fact This 'inherent danger' clearly has not manifested itself in terms of actual attacks. Windows-specific viruses, Trojans, worms and malicious programs exist in huge numbers, so if one gives any credence at all to this claim, one would do better to phrase it 'Open Source Software ought to be more dangerous'. But the claim itself hinges on the view - rejected by reputable security professionals - that obscurity aids security. Obscurity/secrecy can also make it more difficult for the vendors themselves to identify vulnerabilities in their own products, and can lead to security issues being neglected because they are not widely-known. The Open Source model, on the other hand, facilitates widespread review and makes it easier to identify and correct flaws. Modular design principles support this, while the overall approach is far more in line with security industry thinking than is 'security through obscurity.'

Suggest you read that report it's quite good.

http://www.theregi...inux/

You can get the blue-prints to a castle, but it doesn't mean you can break in to it.

Linux security is not perfect, nothing is, but think about this: Typically most security holes are caused by 'sloppy coding'; if you knew that you're code was going to be made public and have people pour over it, would you write 'sloppy code' and get a bad reputation as a coder? If you could hide your code behind a wall of obscurity who would notice a few short cuts?