Full Disclosure mailing list archives
Re: clarification - reasons as to why commercial software *could* be better
From: vb () dontpanic ulm ccc de
Date: Thu, 13 Nov 2003 11:58:24 +0100
On Thu, Nov 13, 2003 at 04:41:53AM -0800, Gadi Evron wrote:
First of all, notice the subject.. *could* be better, not *is* better.
Also "could be better" is wrong. There are good (financial) reasons for closed source software also. But I cannot see one of them in your list.
Microsoft, we all don't like Microsoft
Please do not use such generalisations - I already stated that I have nothing against Microsoft, and that I meant seriously.
Microsoft is not a very good representation of commercial software when it comes to security.
For some software fortunately you're right. For some software unfortunately you're wrong.
Many companies chose commercial software because of the arguments I presented earlier, and pasted again below.
But these companies make a mistake.
And excuse me, but with all the respect in the world.. as to my LAST point (3) - when one doesn't have the source code, one finds it more difficult, AGAIN, to a level, to find holes in the software.
Sorry, I cannot see that at all. Obviously you don't know people who do that. Additionally, the opposite is true. You're even more secure with OpenSource, because then many people you can trust in check the code by just reading source. Those people also could check the code by debugging the object code. But they won't do that. Why? Those people usually don't read source for finding security flaws but for personal interest or for developing purposes. And coming by they're detecting possible problems - and publicate them.
1. A serious (note serious) commercial company that has a crew working on addressing security concerns, and updating the product.Note, serious company ?
Yes. I noted. ;-)
2. A commercial company providing with liability (and responsibility) for the software you use (in other words - tech support and someone to blame).Who talked about law suits? I mentioned tech support and blame. </cynic>
You're able to receive tech support and someone to blame for Free Software also. It is a well known lie that for Free Software commercial support does not exist support at all. (I think, we're not talking about OpenSource Software here, but about Free Software, right?)
3. No source (!!) available for people to examine, thus making it, to a level, harder to locate security "holes" - for outsides in any case.Read again what I said - TO a level, harder.
Quite the contrary is true - no source available does not detain anybody from finding security holes, apart from many of the people who care for their removal. VB. -- Volker Birk, Postfach 1540, 88334 Bad Waldsee, Germany Phone +49 (7524) 912142, Fax +49 (7524) 996807, dingens () bumens org http://fdik.org, Deutsches IRCNet fdik!~c_vbirk () wega rz uni-ulm de PGP-Key: http://www.x-pie.de/vb.asc _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Microsoft prepares security assault on Linux, (continued)
- Re: Microsoft prepares security assault on Linux Georgi Guninski (Nov 12)
- Re: Microsoft prepares security assault on Linux Jeremiah Cornelius (Nov 12)
- Re: Microsoft prepares security assault on Linux Gadi Evron (Nov 12)
- [Full-Disclosure] why commcerical software *could* be better [WAS: Re: Microsoft prepares security assault on Linux] Gadi Evron (Nov 12)
- Re: [Full-Disclosure] why commcerical software *could* be better [WAS: Re: Microsoft prepares security assault on Linux] Jeremiah Cornelius (Nov 12)
- Re: [Full-Disclosure] why commcerical software *could* be better [WAS: Re: Microsoft prepares security assault on Linux] vb (Nov 12)
- Re: why commcerical software *could* be better Gadi Evron (Nov 12)
- Re: why commcerical software *could* be better vb (Nov 12)
- clarification - reasons as to why commercial software *could* be better Gadi Evron (Nov 12)
- Re: clarification - reasons as to why commercial software *could* be better Brent J. Nordquist (Nov 13)
- Re: clarification - reasons as to why commercial software *could* be better vb (Nov 13)
- Re: why commcerical software *could* be better David Maynor (Nov 12)
- Re: Microsoft prepares security assault on Linux Georgi Guninski (Nov 12)
- Re: why commcerical software *could* be better [WAS: Re: [Full-Disclosure] Microsoft prepares security assault on Linux] Georgi Guninski (Nov 12)
- Re: why commcerical software *could* be better Gadi Evron (Nov 12)
- Re: Microsoft prepares security assault on Linux Charles E. Hill (Nov 12)
- Re: Microsoft prepares security assault on Linux vb (Nov 13)
- Re: Microsoft prepares security assault on Linux Luis Bruno (Nov 13)