Username: Save?
Password:
Home Forum Links Search Login Register*
    News: Welcome to the TechnoWorldInc! Community!
Recent Updates
[September 09, 2024, 12:27:25 PM]

[September 09, 2024, 12:27:25 PM]

[September 09, 2024, 12:27:25 PM]

[September 09, 2024, 12:27:25 PM]

[August 10, 2024, 12:34:30 PM]

[August 10, 2024, 12:34:30 PM]

[August 10, 2024, 12:34:30 PM]

[August 10, 2024, 12:34:30 PM]

[July 05, 2024, 02:11:09 PM]

[July 05, 2024, 02:11:09 PM]

[July 05, 2024, 02:11:09 PM]

[June 21, 2024, 01:43:48 PM]

[June 21, 2024, 01:43:48 PM]
Subscriptions
Get Latest Tech Updates For Free!
Resources
   Travelikers
   Funistan
   PrettyGalz
   Techlap
   FreeThemes
   Videsta
   Glamistan
   BachatMela
   GlamGalz
   Techzug
   Vidsage
   Funzug
   WorldHostInc
   Funfani
   FilmyMama
   Uploaded.Tech
   MegaPixelShop
   Netens
   Funotic
   FreeJobsInc
   FilesPark
Participate in the fastest growing Technical Encyclopedia! This website is 100% Free. Please register or login using the login box above if you have already registered. You will need to be logged in to reply, make new topics and to access all the areas. Registration is free! Click Here To Register.
+ Techno World Inc - The Best Technical Encyclopedia Online! » Forum » THE TECHNO CLUB [ TECHNOWORLDINC.COM ] » Ethical Hacking / Security / Viruses
 Is Open Source Really More Secure?
Pages: [1]   Go Down
  Print  
Author Topic: Is Open Source Really More Secure?  (Read 1451 times)
Admin
Administrator
Adv. Member
*****



Karma: 208
Offline Offline

Posts: 496

TWI Admin

159511729 vatsal2002 superwebchampz
View Profile WWW
Is Open Source Really More Secure?
« Posted: October 08, 2006, 07:56:40 PM »


Is Open Source more secure? That?s a question that can be answered with both yes and no. Not only that, but the reasons for the ?yes? and the ?no? are fairly much the same. Because you can see the source the task of hacking or exploiting it is made easier, but at the same time because its open, and more easily exploited the problems are more likely to be found.

When it comes to open source the hackers and crackers are doing us a favour, they find the problems and bring them to the attention of the world, where some bright spark will make a fix and let us all have that to. All well and good.

However I think this could also be a problem, because lets face it. Any monkey can download ?free? software to use for this or that, with little or no idea how it actually works. They don?t check for fixes and updates, often believing ?it will never happen to me?. In part this is because they just don?t see any reason for some one to hack them. But in the modern world where any script kiddie little git can download a virus construction kit, or a bot to run exploits on lists of servers its no longer a case of being targeted. They don?t care who you are, it?s the box they are after.

Recently a friend of mine suffered from this very problem, he didn?t believe he was worth the effort to hack. But simply by using an Open source web app he unwittingly made him self a target. Though a fix was available, he wasn?t aware of it. It was only when the host contacted him about problems that he even realised he?d been exploited.

With the growing popularity of the internet and open source solutions more and more unskilled users are installing software they don?t even understand. Even worse as any one application grows in popularity it grows as a worth while target for the low life script kiddies out there.

The problem has been exacerbated but the simple truth that with modern scripting languages such as PHP it is getting easier and easier to make some thing, being able to hack code together until it works might be fun, and you might make some thing that does the job, but its not a way to make safe secure software.

Most often exploits are based on stupid mistakes, errors that should have been found early on but weren?t because the code evolved, expanded and changed. No design, no planning? just code it until it works. This is the original meaning of ?hacking?.

Now, with out mentioning names, I have pulled apart the code used in the CMS the friend I mention earlier used, and with out doubt I can say its poorly written. But it was free, so no one can complain.

I am sure there is some very good open source applications, linux, apache to name a few, but there is even more ?open source? that?s just garbage. Just because its free doesn?t mean its good. Just because it popular doesn?t make it better. In fact as far as I can tell, if you want to use open source applications your probably better of choosing one no one else has really bothered with, that why your less likely to become a victim.

Closed source always has the advantage of being a little harder to find the problems, how ever, and this is important. It doesn?t mean its any better. As a friend of mine pointed out, Open source might be easier to hack in some ways, but because of that the problems come to light and generally are fixed quickly. Where as with a closed source application its actually in the interests of the authors to keep any problems hidden, if its not a common problem it may even go unfixed, because the author sees is as being unlikely any one else will ever find it. Or a fix will be bundled up with a later version and thus many people will never even know they could be at risk.

In the end I do believe open source is good for us all, but its important to check regularly for updates, patches and fixes. If you don?t, on your own head be it.

Logged

Pages: [1]   Go Up
  Print  
 
Jump to:  

Copyright © 2006-2023 TechnoWorldInc.com. All Rights Reserved. Privacy Policy | Disclaimer
Page created in 0.097 seconds with 23 queries.