Attention: We are retiring the ASP.NET Community Blogs. Learn more >

Source code leak fears apply to Linux too

Foxtrot cartoon

I'm a little sick about how the industry press is reporting on the source code leak.  The first reports were rip with speculation that competitors with Microsoft's applications would finally have a inside look and be able to compete fairly.

That kind of thinking is just plain silly.  It seems sinister, that some how the Windows developers can add things that help the Microsoft applications, but not document or make those additions publically available.  Trust me, there is no MakeExcelRecalcFaster() API in Win32, documented or otherwise.

The other fear that the trade press is presenting is that having the source code out in the wild will result in more security risks.  Here's one comment from a Ziff-Davis writer:

Now thousands of virus writers can scan the code for flaws and weaknesses instead of relying on trial and error.

Okay, I can understand that.  However, I've yet to see this point brought up when discussing open source software, specifically Linux.  I've often thought that one of the downsides to open source is that it is completely transparent and lacks coding standards.

Of course, the “trail and error“ that virus writers do really isn't present.  It's speculated that most rogue developers start out by reverse-engineering the patches Microsoft puts out and discovers the flaws present.  Then they take advantage of the vunerability on unpatched machines.

7 Comments

  • Well stated, and I completely agree.

  • oh you gotta hate those "rouge" developers. Developers should NEVER wear primary colours. They are much better off wearing mottled greens, greys or black, to demonstrate their rebellious sides.

  • Yeah, I said the same thing before too. If you're Linux, open source code is a security feature (which is false anyway, but let's go with it for a second) and if you're Microsoft, open source code is a security nightmare. Sheesh. The bigotry is astounding.

  • Thanks for the spellling advice - "rouge" is now "rogue".

  • I agree that there are more potential fixers of software in the open software realm. However, I think you're assuming that is a patch/update is available, that it will be installed by a reasonable majority.



    In the Windows realm, patches have generally been available quickly, and in most cases ahead of the exploits they fix. However, the adoption rate has been less than ideal.



    In the Linux world it seems like adoption might be higher, I suspect that's due to the nature of the user (admins and power users vs. Windows desktop users).



    However, I think number of distributions and methods of updating makes the problem of actually updating the systems worse. So, in the end, it's not a apples-to-apples comparision. Thanks for the excellent comment!

  • It's a concept taken from cryptography, basically, though perhaps not as well-founded when you're talking code. In crypto, you're much more secure using public algorithms and code....the stuff that's been hammered by security experts and cryptanalysts. Proprietary crypto gets broken fast.



    General-purpose code generally doesn't get the detailed security reviews, even if opensource, so open code isn't quite the advantage they make it out to be...but even so, one thing you do know is that whatever security Linux has, it doesn't depend on the source being secret.



    There will never be a time where hackers suddenly have more information about Linux than they do now. The Windows codeleak means hackers do suddenly have a lot more information than before...so it's reasonable to think some new exploits might show up in the near future.

  • In my posting, I said that I agree that new exploits might come as a result of the Windows source code leak. I believe that one exploit has already appeared.



    My rant however, is that industry press doesn't hold Linux to the same standard.

Comments have been disabled for this content.