« Cash points running Windows are 'easily hacked' | Main | Microsoft 'not at all worried' about Vista SP1 incompatibilities »
Open source: more secure?
I recently interviewed Mike Schroepfer, VP of Engineering at Mozilla, the organisation that produces the Firefox web browser. He was in London to talk about Firefox 3, and you can read about that browser and its new security features in our news section here.
During our discussion, though, Mr Schroepfer made some fairly bold claims. One of the most interesting was that, to put it simply, open source software (such as Firefox or Linux) is inherently more secure than closed-source software (Internet Explorer, or Windows).
Or, as he put it:
“Open source means that it’s an open process. I like to say that you don’t have to trust anything I say – you can go and check it out for yourself. Dial in to one of our meetings, look at our bug tracking system, look at the source code yourself. You don’t have to trust anything I or anyone else says - anyone in the world can verify it, at any point in time. I think that’s a lot more comforting to me than some promise from some executive that, “yes, it is secure, we’re doing a great job”. Well, how do you know? How do I really know for sure?"
This quote was still in my mind when, this morning, I came across this story from the Coding Horror blog. A reader claims that, having examined a shareware utility that downloads Gmail messages for backup purposes he found that it was programmed to email the username and password details of every user's Gmail account to the software author.
It's important to note at this point that the allegation could be untrue - however, were I a user of G-Archiver I'd want to change my Gmail password and stop using the program until more details are available, just to be on the safe side.
In a way, this incident proves that security issues with closed-source software can be found - as long as a technically-minded and curious user decides to poke around. On the other hand, the process would be easier with an open source program - and it could easily be argued that only a fool would create a program to steal passwords, include his own email address in it then post the code for all to see.
That said, I'm not sure that I'm ready to start distrusting all closed-source software in future. Much as I love the idea of OpenOffice and the GIMP, I'm completely lost without my copies of Microsoft Word and Photoshop. I do generally, however, pick free open source software rather than shareware / closed source freeware. What do you think - do you choose open source because it's more secure, because it's free, or not at all? And, ultimately, who do you trust when it comes to the software running on your computer?
TrackBacks
Listed below are links to blogs that reference this entry: Open source: more secure?.
TrackBack URL for this entry: http://blogs-1.gos.vnu.net/mt-tb.cgi/81236
Post a comment