Date: Mon, 14 Aug 2000 18:09:05 +0200 From: Mark Rowlands <mark.rowlands@minmail.net> To: Marc van Woerkom <marc.vanwoerkom@science-factory.com>, christian@jacken.net Cc: questions@FreeBSD.ORG Subject: Re: How safe is FreeBSD? Message-ID: <00081418224200.05631@marbsd.tninet.se> In-Reply-To: <20000814133959.DB1AC2002@nil.science-factory.com> References: <NDBBJMNNEPKCHPDOJAEBAEJJEEAA.christian@jacken.net> <20000814133959.DB1AC2002@nil.science-factory.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 14 Aug 2000, Marc van Woerkom wrote: > > and "you say that Microsoft > > or NSI possibly have a backdoor to Windows2000, but how can we be sure that > > there is no backdoor in Red Hat or FreeBSD"? > > Hmm.. if it is just about backdoors then it is clear that > it is still possible to have hidden vulnerabilities in an open > source code, but it is obviously much, much harder to hide such before > all eyes than with closed code. > > There are a couple of security gurus who say that the strongness > of a security system should not rely on hidden information about > its workings. Look for "security by obscurity". > snip At the risk of being flamed to death, this discussion of which os is more secure or more or less likely to have backdoors than any other is really a little irrelevant. It is not the OS - on its own that is the key, it is the applications you are running on it, the environment you run it in and the administrative procedures you wrap aruond the bundle. The O/S is but a small part of the equation. If you have a mission critical application that is made vulnerable by a single o/s based backdoor then you have no security anyway. It is not the OS - on its own that is the key, it is the applications you are running on it, the environment you run it in and the administrative procedures you wrap around the bundle. I would get this stuff right before I worry about rinkydink backdoors that may or may not exist. As to open source what guarantee do you have that that crucial bit of code has actually been looked at by somebody who has understood it's ramifications and has published their findings. Just because it is open source does not mean per se, it is better or backdoor or bug free. -- Mark Rowlands +4686224510 GMT + 1 _______________________________________________ These opinions are mine, they are just opinions you are free to disagree, please do so quietly _______________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00081418224200.05631>