6

I came across this blog (I guess) that's mostly critique about the security of major open source projects. The author claims to be a security researcher.

At least some of the claims seem to have merit, but how much? Opinions?

https://madaidans-insecurities.github.io/...

Comments
  • 3
    Seems like just bashing on Foss just for the sake of edginess.
    The mentioned potential attack vectors are reasonable and obvious, except a lot of them needs the OS/Program to be misconfigured for possibility of an attack.
  • 4
    He does have some points in that OSS' security is overrated. Even the famous "many eyeballs debugging" doesn't work, as evidenced by major bugs that had been there for years. If everyone relies on each other's eyballs, nobody looks.

    On the other hand, Windows is malware victim number one. OK, it is also the most attractive desktop target, BUT! Android rules the smartphone domain and doesn't have problems to that extent.

    Also, servers usually run under Linux and are not hacked on OS level. Typically, that works on application level such as Wordpress, and that isn't the OS' fault. If Linux actually had a security problem, we would see that on servers, no?
  • 4
    Coming to desktop Linux, it has four things that make up a large part of the security (besides being unattractive as target due to low desktop market share):

    1) No MS Office with macro viruses.

    2) It doesn't give executable rights to downloaded files just because of the file extension (the .desktop file problem has been resolved through disabling the feature IIRC) and then even hiding the file extension by default.

    Note that relying on the file's icon is nonsense because any icon can be compiled into a Windows application.

    3) Software installation doesn't routinely involve downloading stuff from all over the internet - that is the exception under Linux, not the norm.

    4) Many different distros and DEs instead of one Windows make things difficult not only for authors of regular software, but also for malware ones.
Add Comment