Comments on: Open source a natural for anti-virus software?
Some argue that open source could actually make the world's virus problems worse. Those people are smoking something.
Most Popular
The browser battles go on and on
roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.
3G wireless still holds promise
The next generation of 4G wireless may get all the headlines, but advanced 3G technology will likely dominate services for the next few years.
About The Open Road
Matt Asay brings a decade of in-the-trenches open-source business and legal experience to the Open Road, with an emphasis on emerging open-source business strategies and opportunities. Matt is general manager of the Americas division and vice president of business development at Alfresco, a company that develops open-source software for content management. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.
Add this feed to your online news reader
The Open Road topics
Amit
http://www.amit-deshpande.com/
viral_b_panchal@yahoo.com
viral_b_panchal@hotmail.com
viral_b_panchal@indiatimes.com
viral_panchal2007@yahoo.com
viral.b.panchal.london@gmail.com
info@viralpanchal.com
"
an open source community wouldn?t have the dedicated resources that a company does to produce consistent, worthwhile, and stable-running AV software
"
Haven't we heard that line before?
[http://Second - what if the guy responsible for releasing new signatures has a problem at work or with girlfriend/wife/cat that day? I'm not persuaded that there would be sufficient motivation to see it's covered. So we are exposed. Third - there is an increased risk that a VXer masquerading as a legit contributor could add code for his/her own purposes.|http://Second - what if the guy responsible for releasing new signatures has a problem at work or with girlfriend/wife/cat that day? I'm not persuaded that there would be sufficient motivation to see it's covered. So we are exposed. Third - there is an increased risk that a VXer masquerading as a legit contributor could add code for his/her own purposes.]
What if the guy working at a corporate anti-virus vendor has a bad day? Since their code and processes are a black box to us, we'd never know.
The point of OSS is that their are many (sometimes hundreds) of eyeballs looking at code committals. Any deceptive practice by one individual will likely not pass the smell test.
[http://What if the guy working at a corporate anti-virus vendor has a bad day? Since their code and processes are a black box to us, we'd never know.|http://What if the guy working at a corporate anti-virus vendor has a bad day? Since their code and processes are a black box to us, we'd never know.] First: any top-tier a/v provider will have rotas and plans to cover situations like this, they can afford to, and they can't afford not to, and they didn't become top-tier by screwing that kind of thing up. My argument is not concerned with resources, it's the management of those resources, which IMHO is necessarily too diffuse in an open source community. Second: If an OS a/v vendor's processes are open, that is again giving too much information to VXers, allowing them for example to pick their moment to launch a more effective attack because fred and barbara are away for the weekend.
[http://deceptive practice by one individual will likely not pass the smell test.|http://deceptive practice by one individual will likely not pass the smell test.] Yes ok I accept that.
Still ... it just feels wrong to me to open this stuff up, like saying it's ok to leave your car unlocked because it has an immobiliser.
- Hot is hot
- by royrusso September 3, 2007 4:50 PM PDT
- @fatal
- Like this Reply to this comment
-
(7 Comments)[First: any top-tier a/v provider will have rotas and plans to cover situations like this, they can afford to, and they can't afford not to, and they didn't become top-tier by screwing that kind of thing up.]
If they're so awesome, why do we still have an ongoing virus problem, and why are their products becoming infinitely bloated? I can tell you from personal experience, from years of training and consulting in corporate environments... I've dealt with an awful lot of pinhead developers and IT managers at very large corporations. Just because they're "big and successful" doesn't mean they exactly have decent coding practices. (Often, good marketing + inertia wins over good tech).
[Second: If an OS a/v vendor's processes are open, that is again giving too much information to VXers, allowing them for example to pick their moment to launch a more effective attack because fred and barbara are away for the weekend.]
Then why is Linux so much more secure than Windows? (Note: I am a Windows user and not a Linux shill)
[http://Still ... it just feels wrong to me to open this stuff up, like saying it's ok to leave your car unlocked because it has an immobiliser.|http://Still ... it just feels wrong to me to open this stuff up, like saying it's ok to leave your car unlocked because it has an immobiliser.]
A better analogy, I'd argue, is saying your car is much safer with a neighborhood watch program than with the local police watching it. I'd bet on the neighbors, as they have a vested interest in keeping the neighborhood clean.