Wednesday, June 14, 2006

"Open source is more secure. Period."


Trend Micro, the antivirus vendor, claims that open-source software (OSS) is more secure than its proprietary cousin.

Antivirus vendor Trend Micro is claiming that open-source software is inherently more secure than proprietary software such as Microsoft Windows.

Trend said that one reason open-source software has fewer security issues is the variety of Linux distributions. Although they use the same kernel, if one distribution is compromised the same piece of malicious software may not work on a different distribution, the company said Monday.

"Open source is more secure. Period," Raimund Genes, chief technical officer for anti-malware at Trend, told ZDNet UK. "More people control the code base; they can react immediately to vulnerabilities; and open source doesn't have so much of a problem with legacy code because of the number of distributions."

Genes said open-source developers "openly talk about security," so patches are "immediate--as soon as something happens," whereas proprietary vendors with closed code have to rely purely on their own resources to push patches out.

Genes goes on to say that Linux boxes should be further hardened; at a minimum, the default security settings must be altered to ensure a truly deployable configuration.

A few months ago, I wrote about SE Linux and AppArmor, two Linux configurations designed to enforce mandatory access controls. More and more companies -- in industries ranging from financial services to telecommunications -- are using this type of hardened platform to minimize risk of compromise.

Postscript: InformationWeek columnist John Soat mulls over some IT career choices for his son in the latest IT Confidential column: "Database support? Network security? I've got it--Windows patch management. There's a secure career path."

No comments: