CIO
Open source security ‘not good enough’
Rodney Gedda (Computerworld)  19 March, 2004 15:41:14

Open source software will have to lift its security game if it is to match that of proprietary software, particularly if its use proliferates, according to representatives from global information security companies.

Asia Pacific vice president of security giant Symantec, Vincent Steckler, said open source is “not the silver bullet”.

“The reason viruses are written for Microsoft is because most people use it,” Steckler said. “If 90 percent [of software] was open source there would be just as many attacks, only worse. Imagine smart hackers with [access to] source code.”

Speaking at IDC’s SecurityVision 2004 conference in Sydney, Steckler compared the motives of operating system intruders and virus writers to that of the infamous New York bank robber Willy Sutton who, when asked why he robbed banks, said, “’Cause that’s where all the money is”. Steckler said, “Replacing Microsoft with open source won’t solve the security problem.

“Why would anyone write viruses for OS/2?”

SurfControl’s technical manager for e-mail products and technology, Richard Cullen, seconded this argument of increased proliferation leading to more security issues.

Open source and Linux hasn’t seen as many exploits because of market penetration,” Cullen said. “There are viruses for Linux but Microsoft is a bigger target.”

On the topic of source code access, Cullen said: “Recently, some of Microsoft’s source code was leaked and an exploit was discovered within days. This happened because the code was open.”

NSW Fisheries’ principal IT services manager Gregory Krasovitsky agreed that market penetration is an important factor when comparing open versus closed source security.

“We don’t see as many [security] patches for open source because of its market penetration and security companies are writing software for 90 percent of the market,” Krasovitsky said.

“For example, Debian (Debian GNU/Linux) has left vulnerabilities there and didn’t release any patches for them.”

Krasovitsky, who participates in state government open source and security forums, said it is “very clear” that the number of patches for Microsoft is more stable than that for open source software, which are growing rapidly.

"Open source and community-driven security is not good enough,” he said. “I have a funny feeling that open source is now being developed by major vendors like Novell and IBM. In a year or two open source will start matching the penetration of Microsoft. Then we will see more patches being developed.”

Global information security vendor Check Point made a conscious decision to adopt the open source Linux operating system and that it is up to the task, according to the company’s Australia and New Zealand regional director Scott Ferguson.

“We are proud of the fact that we use Linux and it is delivered in a ‘hardened’ way,” Ferguson said. “We are also confident that it is more secure than Microsoft [Windows] or other proprietary operating systems.”

More about Surfcontrol, IBM, Microsoft, Novell, Symantec, Debian, IDC

Comments

Post new comment

Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Add to Google
Related Topics
(CIO Government)
Additional Resources
Executive Guides
Whitepapers
white paper Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Zones
Zone logoZones provide focussed content from CIO and leading technology partners.
Newsletter Subscription
Sign up for our CIO newsletters!
RSS Feeds
Syndicate content

HP Data Center Transformation solutions offer practical ways to overcome the energy and capacity limitations, operational vulnerabilities and technology constraints that can plague your data center. Choosing from a portfolio of solutions matched to your business needs, we can help you transform your data center into a business-driven, process-smart and future-ready asset.

Latest on Data Centre

  • +

    Inside Internode's data centre 05 June, 2009 14:39:00

    Computerworld gets an exclusive behind the scenes look inside Internode's Adelaide data centre with network guru Mark Newton
    Computerworld gets an exclusive behind the scenes look inside Internode's Adelaide data centre with network guru Mark Newton
  • +

    HP uses outside air, big fans, 12-foot raised floor to cool servers 03 June, 2009 07:44:00

    It's also cutting data center power use by painting server racks white
    Just off the North Sea coast in the United Kingdom, Hewlett-Packard Co.'s EDS unit has built a data center that largely relies on cold sea air to keep servers chilled and -- by doing so -- cut the center's cooling power needs in half.
  • +

    HP targets the cloud with new hardware 12 June, 2009 08:27:00

    HP offers complete cloud computing package for businesses
    HP has designed a new portfolio of hardware, software, and services, aimed at reducing costs and saving resource, particularly for businesses involved in Web 2.0, cloud and high-performance computing.
  • +

    Defence to spend $700m on ICT reform 05 June, 2009 11:13:00

    Strategic Reform Program report reveals only half of defence IT budget visible to CIO
    Less than half of the annual $1.2 billion spent by Defence on its ICT is visible to its chief information officer, Greg Farr, a new report has revealed.
  • +

    Inside Telstra's Virtualisation Strategy 11 May, 2009 14:12:00

    Need to cut infrastructure costs driving the strategy
    Telstra is increasingly turning to virtualisation as its core strategy to both manage the rising costs of, and growth in, its data centres, according the company’s CIO, John McInerney.
  • +

    Defence to Initiate ICT Reform Program, Expand CIO Role 05 May, 2009 11:56:00

    ERP rollout, data centre consolidation, single architecture all on the cards, according to the Department of Defence’s strategic policy white paper
    The Defence department has signaled a raft of changes to its approach to information technology under a new ICT reform program.

Free Resource Library

Data Centre Assessments

The First step to Optimising

Speeding business innovation

Removing barriers to growth, increasing agility and driving out costs

Assessments: Ammunition for Facts-Based Decision Making
by Richard L. Sawyer, Senior Principal, HP Critical Facilities Services
Download Podcast Download Transcript
 

CIO Summit The New World Order Opportunities and Challenges for CIOs

23rd July 2009
The Westin Sydney


A content-rich networking event where CIOs and senior executives collaborate on business and technology issues ranging from the impact of the economic downturn to the most pressing trends affecting IT in the enterprise.

Register Now

  • +

    New scam email uses Australian Federal Police to gain victims' trust 03 July, 2009 10:49:00

    Fake offers of free AFP monitoring service to stop "cybernetic attacks"
    Cyber criminals have changed tack in their ongoing scam campaign against banks, moving to the use of government agencies to gain the trust of unsuspecting email recipients.
  • +

    AFP hits $6 million identity fraud syndicate 03 July, 2009 08:25:00

    $500,000 of goods per week purchased with fake credit cards
    The Australian Federal Police (AFP) claims to have struck a major blow to a multi-million identity fraud syndicate.
  • +

    5 steps to secure a new PC 30 June, 2009 00:19:00

    Just unwrapped a brand-new PC? Security pros share their secrets for making your system Internet-safe.
    A common misconception is that a shiny new computer is more or less secure because it hasn't yet been exposed to the Internet's sinister underbelly. But the truth is, these machines come out of the box needing scores of patches, some basic security software downloads and the disabling or replacing of items security pros don't typically trust.
  • +

    Facebook simplifies privacy settings, calls them too complex 02 July, 2009 05:48:00

    The social-networking site is also getting ready to let members share content with anyone on the Internet
    Facebook will simplify the way in which it offers privacy options to its users, as it gets ready to give its members for the first time the option to make the content they post on their profiles available to anyone on the Internet.
  • +

    DR a growing concern for A/NZ CIOs: Symantec 02 July, 2009 09:16:00

    Mission critical apps and cost of down-time major drivers
    CIOs in Australia and New Zealand are increasingly getting involved in the disaster recovery planning of their organisations, according to a new survey from Symantec.
Most Popular
Media Releases
Most Popular Whitepapers
Upcoming Industry Events
  • CIO SummitNSW - Sydney | 23/07/2009 | Hosted by CIO Magazine, IDC & the CIO Executive Council
more
Whitepaper


Read Whitepaper

Reducing the risk of insider abuse

The potential for insider abuse can never be eliminated completely, but the steps outlined in this white paper can reduce the potential for such abuse. Read on to ensure no one person can alter your operations to their personal advantage or to the detriment of your organisation.


CIO Industry Insight Podcast #4: Kerry Stratton, Managing Director of Healthcare, InterSystems
Listen to the latest edition of CIO Live which is now available for download.
Listen to the podcast
Sign up to the CIO Live email
Videos
Get a job Careerone