TEAM-ADA Archives

Team Ada: Ada Programming Language Advocacy

TEAM-ADA@LISTSERV.ACM.ORG

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
"Team Ada: Ada Advocacy Issues (83 & 95)" <[log in to unmask]>
X-To:
Date:
Tue, 20 Feb 2001 22:06:07 +0300
Reply-To:
"Alexandre E. Kopilovitch" <[log in to unmask]>
Subject:
From:
"Alexandre E. Kopilovitch" <[log in to unmask]>
Content-Type:
text/plain; charset=us-ascii
In-Reply-To:
<[log in to unmask]>; from Robin P Reagan at Mon, 19 Feb 2001 18:38:33 -0700
Organization:
h w c employees, b f
MIME-Version:
1.0
Parts/Attachments:
text/plain (37 lines)
>> But perhaps, Linux isn't immune to cyber warfare. And Open Source
>> products in general are potentially more vulnerable to that. And many
>
>I disagree, The major open source server OS's (FreeBSD, OpenBSD... The
>problem with Linux is that it defaults to a pretty insecure install).
>are more secure then the commercial M$ counterparts (NT, Win2000).

It depends on the nature of a stress, the source of attack. Your statement
may be right in the current, mostly peaceful Net, where the threats are
generated by the lightly-armed persons (or small groups) only. But it may become
wrong when applied to the "warfare" circumstanses, where a threat is engineered
by a dedicated institution, which employs highly skilled (not only in CS)
personnel and is supported with the resources of the government of some country.

> When a
>vulnerability is discovered in an open source OS, the code is fixed quickly
>and made available to the community more quickly then M$ can respond with a
>service pack / patch (If they so desire). M$ can't even keep their own sites
>secure as the resent cracker attacks have pointed out.

Well, perhaps this is right. But again, a fix in 2-3 days is good now, but it
isn't good enough in "warfare". "Warfare" requirements ask for hours, sometimes
even minutes for manual fix, and Open Source development style certainly can't
provide that.

>BTW: As the web site (www.openbsd.org) says "Three years without a remote
>hole in the default install!" is a pretty impressive statement!

Here we touch the most valuable factor - "static resistance" against an
attack. And exactly here the Open Source operating systems are especially
vulnerable in a warfare circumstances -- because they provide enough source
data to a skillful and resourceful "cyber warfare institution" (let's call it
CWI -;) . Such a CWI may use powerful computers for simulation, employ serious
experts in Operations Research etc, and may have few years for engineering
an attack. So, I'm not talking about the wild students or even terrorist groups
of various kinds.

ATOM RSS1 RSS2