TEAM-ADA Archives

Team Ada: Ada Programming Language Advocacy


Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Reply To:
Alexandre E. Kopilovitch
Tue, 20 Feb 2001 22:06:07 +0300
text/plain (37 lines)
>> But perhaps, Linux isn't immune to cyber warfare. And Open Source
>> products in general are potentially more vulnerable to that. And many
>I disagree, The major open source server OS's (FreeBSD, OpenBSD... The
>problem with Linux is that it defaults to a pretty insecure install).
>are more secure then the commercial M$ counterparts (NT, Win2000).

It depends on the nature of a stress, the source of attack. Your statement
may be right in the current, mostly peaceful Net, where the threats are
generated by the lightly-armed persons (or small groups) only. But it may become
wrong when applied to the "warfare" circumstanses, where a threat is engineered
by a dedicated institution, which employs highly skilled (not only in CS)
personnel and is supported with the resources of the government of some country.

> When a
>vulnerability is discovered in an open source OS, the code is fixed quickly
>and made available to the community more quickly then M$ can respond with a
>service pack / patch (If they so desire). M$ can't even keep their own sites
>secure as the resent cracker attacks have pointed out.

Well, perhaps this is right. But again, a fix in 2-3 days is good now, but it
isn't good enough in "warfare". "Warfare" requirements ask for hours, sometimes
even minutes for manual fix, and Open Source development style certainly can't
provide that.

>BTW: As the web site ( says "Three years without a remote
>hole in the default install!" is a pretty impressive statement!

Here we touch the most valuable factor - "static resistance" against an
attack. And exactly here the Open Source operating systems are especially
vulnerable in a warfare circumstances -- because they provide enough source
data to a skillful and resourceful "cyber warfare institution" (let's call it
CWI -;) . Such a CWI may use powerful computers for simulation, employ serious
experts in Operations Research etc, and may have few years for engineering
an attack. So, I'm not talking about the wild students or even terrorist groups
of various kinds.