Symantec weighs in to open source security debate

Microsoft has continually had the dunce cap pulled over its ears as the Internet struggles with a deluge of virus and spam activity, accused of leaving a smorgasbord of vulnerabilities in its products for miscreants to exploit.

However, commenting on the situation at IDC Security Vision event in Sydney, Symantec Asia-Pacific vice-president Vince Steckler said today's open source operating systems wouldn't fare any better if they were more dominant than their proprietary counterparts.

"If 90 percent of the world started using open source tomorrow we'd still have the same problems," said Steckler.

Steckler also claimed that "some would argue" that the situation would be worse were the shoe to be on the other foot, but did not name his sources.

Richard Cullen, technical manager with SurfControl, who was also present at the event, agreed that Microsoft's ubiquity placed it under more scrutiny from crackers, but he was less definitive about the question at the heart of the issue: which operating system is more secure?

"[Open source] is more open to public scrutiny because the source code is always available, but it tends to be created by an ad hoc collection of software developers, rather than a dedicated team," said Cullen.

"I'm not sure I have an answer for you".

• Related stories

• Alerts

Add your opinion

1. The Linux Fanatics' claims that the OS is more secure than Windows is laughable at best... It's comparable to me writing my own operating system, distributing it to a few close friends and calling it the most secure OS in the world. If nobody is trying t Anonymous -- 18/03/04

   The Linux Fanatics' claims that the OS is more secure than Windows is laughable at best... It's comparable to me writing my own operating system, distributing it to a few close friends and calling it the most secure OS in the world. If nobody is trying to break it, of course it appears secure!!!

   • Reply to comment
   • Reply to story
   • Report offensive content

2. Jason Green, you're about the only fanatic I tend to see on this whole forum. Get a grip, dude! The other side may not be right all the time, but sheesh, you don't see them badmouthing like you do every time there's a Linux article. Anonymous -- 18/03/04

   Jason Green, you're about the only fanatic I tend to see on this whole forum. Get a grip, dude!
   
   The other side may not be right all the time, but sheesh, you don't see them badmouthing like you do every time there's a Linux article.

   • Reply to comment
   • Reply to story
   • Report offensive content

3. Let me prove the Symantec guy dead wrong. His thesis is that the platform with the larger market share will attract the greater percentage of malware? Bulldust. Check out Apache. It has 70% market penetration and have a gues Anonymous -- 18/03/04

   Let me prove the Symantec guy dead wrong.
   
   His thesis is that the platform with the larger market share will attract the greater percentage of malware?
   
   Bulldust.
   
   Check out Apache. It has 70% market penetration and have a guess which of Apache and Microsoft's IIS has more security problems? Yes, that's right, not Apache.
   
   Open source _is no immediate guarantee_ that software will be secure. It _is_ a guarantee that _it will be made secure_ if it matters to someone enough.
   
   You can't make that claim for _any_ closed source software technology.
   
   Only open source _gives users any rights_
   
   The, rest, as the say in the classics, is malarchy.

   • Reply to comment
   • Reply to story
   • Report offensive content

4. Even for ZD Net this is poor work. I can put up with the pro-proprietary (read MS) bias that filters into most of ZD Nets articles. I understand that they have to keep the big money advertisers happy and yet they have to at least appear evenhanded with Anonymous -- 18/03/04

   Even for ZD Net this is poor work. I can put up with the pro-proprietary (read MS) bias that filters into most of ZD Nets articles. I understand that they have to keep the big money advertisers happy and yet they have to at least appear evenhanded with most articles so as not to loose all credibility with their readers. Even a complements to the OSS community in ZD Nets Linux section usually come in "Left Handed" fashion.
   
   I can tolerate this and even enjoy reading the articles since ZD Net is not my only source for information. I Just laugh at the inaccuracies. However this piece would not even qualify as a sound byte. It does not back up the claims of either the author or verify the interviewee's sources.
   
   If I had turned this piece of work in as a junior-high school assignment in writing class, all I would have received is a very low grade, a pat on the head and encouragement to try again harder. And for a freshman college journalism it would have been laughed at so hard that the instructor would have fallen out of his chair before making the paper bleed with red pen.
   
   What has happened to true reporting?
   
   Who? What? When? Where? Why? How?
   
   and then verify and backup each of the above questions from multiple independent sources.
   
   This "article" is only a flamboyant eye catching a single statement headline with nothing substantive to back it up. But it does bring eyes to the page to show off the advertising, and in the end I think that is the only thing that truly matters to ZD Net.
   
   John

   • Reply to comment
   • Reply to story
   • Report offensive content

5. "If 90 percent of the world started using open source tomorrow we'd still have the same problems," said Steckler. How can he justify this? So, overnight (he did say tomorrow) the same volume of devastating exploits would just 'happen' Anonymous -- 18/03/04

   "If 90 percent of the world started using open source tomorrow we'd still have the same problems," said Steckler.
   
   How can he justify this? So, overnight (he did say tomorrow) the same volume of devastating exploits would just 'happen'?
   
   The problems are not there *today*, so they won't be there *tomorrow* either; they may eventually appear, but not overnight.
   
   Maybe Andrew Colley could do some *real* research and find out, for instance, how many exploits were in circulation at the time that the installation base of, Windows (say win95 maybe) was the same size as it is for Linux now.
   
   It really *isn't* about market share, install base or even the number and/or seriousness of flaws; it's about support and resources - how quickly bugs get fixed when they're found. This is a thing that the F/OSS community does better than the corporations can.
   
   Commercial enterprises are more concerned with *getting* new customers than keeping existing, locked-in customers happy, or selling (and thus supporting) the 'latest version' of their product. This means that users needs and the developer's interests are not aligned; when the user is part of the developer community, the alignment is much better.
   
   -cybervegan

   • Reply to comment
   • Reply to story
   • Report offensive content

6. Good to see common-sense rear its head from time to time. All you open source weenies, go compile your kernel. Anonymous -- 19/03/04

   Good to see common-sense rear its head from time to time. All you open source weenies, go compile your kernel.

   • Reply to comment
   • Reply to story
   • Report offensive content

7. All slogan but NO arguements, is this ADVERTISEMENT? For one minute, their business DEPEND critically on the 'success' of a CRIPPLE, INSECURE operating system. If everything is good and well, why need Symantec at all? Compare the number of vuln Anonymous -- 19/03/04

   All slogan but NO arguements, is this ADVERTISEMENT?
   For one minute, their business DEPEND critically on the 'success' of a CRIPPLE, INSECURE operating system. If everything is good and well, why need Symantec at all?
   Compare the number of vulnerabilities and the time to fix you will find out the TRUTH. Never believe a word from coporation that has interest to gain from its 'news'!

   • Reply to comment
   • Reply to story
   • Report offensive content

8. Consider the source of the statement. A security company that would be out of business if we had a 100% Open Systems world. Anonymous -- 19/03/04

   Consider the source of the statement. A security company that would be out of business if we had a 100% Open Systems world.

   • Reply to comment
   • Reply to story
   • Report offensive content

9. Oh no, more of this "if Linux were the dominant OS, it would be screwy" nonsense. As a previous post reads, where IS the evidence? We hear this nonsense all the time and there are always "undisclosed expert sources" and never any hard Anonymous -- 19/03/04

   Oh no, more of this "if Linux were the dominant OS, it would be screwy" nonsense. As a previous post reads, where IS the evidence? We hear this nonsense all the time and there are always "undisclosed expert sources" and never any hard facts. Here are a few facts that are relatively easy to verify (just check out the CERT site):
   1. MS Windows has a plethora of local AND remote exploits, many of which are built directly into the operating system.
   2. The GNU/Linux system has no known remote exploits which result in "owning" the box -- one know exploit (only recently discovered and patched within days) allowed a Denial-of-Service attack. There are a few local exploits which have been discovered lately (and also abused). All known remote exploits are in other programs; naturally "server" applications are the obvious target of remote exploits. You can bet there are a lot of people out there who want to break through Apache, but that's an incredibly tough job and the Apache team have been great at identifying and fixing problems.
   
   Don't be fooled by the seeming endless list of CERT bulletins on OpenSource things as opposed to Microsoft -- we're talking thousands of software packages as opposed to the few that Microsoft develop and sell.

   • Reply to comment
   • Reply to story
   • Report offensive content

10. Which is more secure, Linux or Windows? Let's argue that Windows is more secure out-of-the-box than Linux, my bet would still be with Linux because Linux distributors release their patches sooner instead of trying to keep a good face like Microsoft does. Anonymous -- 20/03/04

    Which is more secure, Linux or Windows? Let's argue that Windows is more secure out-of-the-box than Linux, my bet would still be with Linux because Linux distributors release their patches sooner instead of trying to keep a good face like Microsoft does. I want substance instead of FUD (Fear, Uncertainty and Denial).

    • Reply to comment
    • Reply to story
    • Report offensive content

11. Of course, if Symantec is wrong and Linux is more secure, and people start using Linux instead of Windows, Symantec mught just be left with a product they can't sell. Doesn't really inspire me as unbiased advice. Anonymous -- 21/03/04

    Of course, if Symantec is wrong and Linux is more secure, and people start using Linux instead of Windows, Symantec mught just be left with a product they can't sell.
    
    Doesn't really inspire me as unbiased advice.

    • Reply to comment
    • Reply to story
    • Report offensive content

• Just In

• Most Popular

• Most Discussed

Hot Spot - What's Important

Footy Club switches to Single Business Communications Solution

Connect growing business demands using Next Dimension Working™

Click here to find out more about Telstra's single solution vendor capabilities

Find out how to combine network connectivity with mobile broadband and IP telephony

Reader Services

Popular Topics

Essentials