| Eric at Lucii.org on 25 May 2011 07:14:28 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Microsoft's Many Eyeballs? |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My experience is that Linux is far more stable and secure than Windows. Bugs, when discovered, are fixed more rapidly. Also, this behavior applies to Linux AND to the wide range of Open Source applications. I believe that is due, in part, to a philosophy of design that is different from Windows and other Microsoft software. Microsoft strives to make things "easy" and "flashy" (think: ActiveX extensions in the browser) and backwards-compatible with prior versions. Some flaws that are revealed in Windows impact versions going back to Win95. That's because Microsoft carries parts of the code base forward with each iteration of the OS. I would have thought that the complete rewrite that was Windows NT would have left Win95 bugs behind. There is less incentive for Open Source projects to do that. Instead they are likely to adhere to standards and not make general use of proprietary extensions. There is one Microsoft browser but several Open Source browsers (Firefox, Chromium, Mozilla, and Konqueror come to mind but there are many more [1,2]) These browsers are more likely to adhere to web standards, and do more with those standards, than to rely on an "ActiveX type" of solutions. Microsoft's answer to the security issues affecting ActiveX is to institute "kill bits" and give the users an easier way to enumerate the installed ActiveX libraries and disable them if necessary. Still, "drive-by" installs can happen with Internet Explorer. I have not seen these types of exploits with Firefox or Chromium. Eric [1] http://en.wikipedia.org/wiki/Comparison_of_web_browsers [2] http://www.junauza.com/2009/06/5-free-and-open-source-web-browsers.html On 05/23/2011 04:08 PM, Stephen Slaughter wrote: > What do you folks think about this article? > > http://blogs.msdn.com/b/shawnhernan/archive/2010/02/13/microsoft-s-many-eyeballs-and-the-security-development-lifecycle.aspx > > Is it true that open source code is reviewed by many fewer eyes than we might think? > > I'm dubious about the opinion of this article (i.e. proprietary code from > Microsoft is more secure) considering it was written by a Microsoft developer; > however, people who think Linux is more secure are usually Linux developers and > enthusiasts. > > Can anyone point me to an impartial opinion on this subject? > > Thanks, > Stephen > -- > "We can only see a short distance ahead, but we can see plenty there that needs > to be done.” > - Alan Turing > > > > > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug - -- # Eric Lucas # # "Oh, I have slipped the surly bond of earth # And danced the skies on laughter-silvered wings... # -- John Gillespie Magee Jr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3dDxEACgkQ2sGpvXQrZ/7JEQCg0G2LRoXvC5tZFMq1Q54VFplS mkIAn1chizYEO9zQNzRPR6my2ms/8AUc =YxO8 -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug