Re: What's the story with the "end of XP"?

In article <467631bd$0$1455$8404b019@xxxxxxxxxxxxxxx>, David Brown <david@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> writes
Chris Hills wrote:
In article <4672A842.6F818F44@xxxxxxxxx>, CBFalconer <cbfalconer@xxxxxxxxx> writes
The Real Andy wrote:
Steve wrote:

... snip ...

Net security is best looked at pro-actively, not re-actively.
Block everything coming in using a proper firewall - trying to
get the latest windows updates to patch known holes is a
never-ending battle.

And this differs from linux and Mac exactly how?

To start with, the source is available for Linux. MAC ??
The availability of the source is completely irrelevant.


The availability of the source is only irrelevant to security *if* the people behind the source are so good at their job, so dedicated to the security of the product regardless of functionality, ease-of-use, time, cost, marketing, sales, public image, etc., and so good at secure programming, that no one else would be able to do a better job even with source code access. Thus you could reasonably claim that Opera would not be more secure if the source were available, but the same can't be said for certain other well-known closed source browsers.

Of course, no one (I hope!) thinks that making the source available automatically makes a program secure - it's only one part of the process.

Much similar has been said about crypto Sw.

I have the source for PGP BUT how many people would be able to recognise any whole or flaw in it?

Interestingly I have some customers who buy in some commercial SW where they get the source code. When the found a problem they reported it. The company started to investigate the fix and sent a patch. In the mean time the customers programmers also worked on it. They too produced a patch.

The production of the patch from he end user cost them more in money ( ie paid time for the engineers) than the years support charge. Also whilst they are fixing the bug they were not working on the project they were supposed to be. Finally whilst the fix did fix the bug it caused other problems. The patch supplied did not.

I have never seen any time that having the code available for 3rd party tools was of use to any commercial project.



--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ chris@xxxxxxxxxxxx www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/



.

Relevant Pages

  • Re: ipfw: LOR/panic with uid rules
    ... (I've committed the patch since it's definitely necessary, even if it doesn't fix the specific instance of the problem you're seeing). ... The panic backtrace is slightly different: ... None of the line numbers in this trace seem to line up with expected things in the source code. ...
    (freebsd-current)
  • Re: qstor driver -> irq 193: nobody cared
    ... testing or help on the programming. ... I'm also including the old "printk" patch, ... tell whether the "fix" is actually working or not. ...
    (Linux-Kernel)
  • Linux 2.6.19
    ... knowing that it's all your own d*mn fault, and you should just fix your ... [SCSI] ... [PATCH] ... USB: ipaq: Add HTC Modem Support ...
    (Linux-Kernel)
  • Re: Linux 2.6.19
    ... knowing that it's all your own d*mn fault, and you should just fix your ... [SCSI] ... [PATCH] ... USB: ipaq: Add HTC Modem Support ...
    (Linux-Kernel)
  • Re: problem with 200GB hard drive
    ... > the partition and then run mkfs.ext3 and format the partition, ... - add patch from Dave Jones ... - fix error message, do block size checking on s390 only ... - automated rebuild ...
    (Fedora)