Posted by: Anonymous Coward
on April 11, 2006 11:50 PM
> > I get pretty much any utility at all I want > straight from the source, complete with all the > code). It is either an apt-get of a signed binary > package or a compilation from the original source > (although last time I had to do that was years > ago). Seriously, when was the last time any of > you running Linux or friends ran a questionable > executable on your machine? >
Some random thoughts:
1) Do you read and perfectly understand the source code of each program you install?
2) If you don't (you would be a big liar to say you do ^_^"), are there really other people reading and perfectly understanding the source code, and reporting problems, of each program you install? (and if they report something, will you be aware of this report?)
3) What if you are using binary packages? (and you said you are). Signed packages mean nothing if the individual signing the package is evil... (or if the original source is infected and no one noticed).
The risk is not that much lower on Linux than on Windows... Having the source code available does not mean much if there's no one of trust (already a problem ^_^") reading the whole source code of each released tarball... (yeah, not just tracking the changes... if the CVS or SVN repository is infected, for example, then some changes might not be logged...) and has the power to report the problem for everyone to know...
There is no such thing as security. Never. Nowhere.
Learn about Linux
Download Linux
Get Linux help
Re:Big Difference Between Linux and Windows
Posted by: Anonymous Coward on April 11, 2006 11:50 PM> I get pretty much any utility at all I want
> straight from the source, complete with all the
> code). It is either an apt-get of a signed binary
> package or a compilation from the original source
> (although last time I had to do that was years
> ago). Seriously, when was the last time any of
> you running Linux or friends ran a questionable
> executable on your machine?
>
Some random thoughts:
1) Do you read and perfectly understand the source code of each program you install?
2) If you don't (you would be a big liar to say you do ^_^"), are there really other people reading and perfectly understanding the source code, and reporting problems, of each program you install? (and if they report something, will you be aware of this report?)
3) What if you are using binary packages? (and you said you are). Signed packages mean nothing if the individual signing the package is evil... (or if the original source is infected and no one noticed).
The risk is not that much lower on Linux than on Windows... Having the source code available does not mean much if there's no one of trust (already a problem ^_^") reading the whole source code of each released tarball... (yeah, not just tracking the changes... if the CVS or SVN repository is infected, for example, then some changes might not be logged...) and has the power to report the problem for everyone to know...
There is no such thing as security. Never. Nowhere.
#