"DevX’s Executive Editor A. Russell Jones suggests that governments avoid jumping on the Open Source bandwagon because Open Source software, by its very openness, is more vulnerable to exploitation. This attitude reflects a deep misunderstanding about how both security procedures work, and about how Open Source projects work.

His argument rests on three ideas:

* Someone who is part of a project can place an exploit within the code: “the security breach will be placed into the open source software from inside, by someone working on the project.”
* While there is sufficient scrutiny on major projects to prevent this kind of exploit, since Open Source permits anyone to create their own distribution, a smaller, less scrutinized spin-off can easily have this kind of exploit: “distributions will be created and advertised for free, or created with the express purpose of marketing them to governments at cut-rate pricing. As anyone can create and market a distribution, it’s not far-fetched to imagine a version subsidized and supported by organizations that may not have U.S. or other government interests at heart.”
* The extensive peer review to which Open Source code is subjected doesn’t suffice to uncover such exploits, because these exploits can be withheld from the publicly available source code: ” the model breaks down as soon as the core group involved in a project or distribution decides to corrupt the source, because they simply won’t make the corrupted version public.”

Jones’ conclusion: governments simply cannot afford to take the risk of using Open Source, even given the benefits its flexibility provides, because of these security risks: “To limit their vulnerability, governments can’t afford to give everyone a choice, nor can they afford to provide access to the source code for their software."

http://www.oreillynet.com/linux/blog/2004/02/is_open_source_secure.html

 out of  found this valuable. Do you find this valuable?    

AROS Research Operating System (AROS) is a free software/open source implementation of the AmigaOS 3.1 APIs. Designed to be portable and flexible, ports are currently available for x86-based and PowerPC-based PCs in native and hosted flavors, with other architectures in development.

Berkeley Software Distribution (BSD, sometimes called Berkeley Unix) is the Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995. Historically, BSD has been considered a branch of UNIX. In the 1980s, BSD was widely adopted by vendors of workstation-class systems in the form of proprietary UNIX variants such as DEC ULTRIX and Sun Microsystems SunOS. This can be attributed to the ease with which it could be licensed, and the familiarity it found among the founders of many technology companies of this era. Today, the term of "BSD" is often non-specifically used to refer to any of these BSD descendants, e.g. FreeBSD, NetBSD or OpenBSD, which together form a branch of the family of Unix-like operating systems.

Darwin is an open source POSIX-compliant computer operating system released by Apple Inc. in 2000. It is composed of code developed by Apple, as well as code derived from NEXTSTEP, FreeBSD, and other free software projects. Darwin forms the core set of components upon which Mac OS X and iPhone OS are based. It is compatible with the Single UNIX Specification version 3 (SUSv3) and POSIX UNIX applications and utilities.

FreeDOS is an operating system for IBM PC compatible computers. FreeDOS is made up of many different, separate programs that act as "packages" to the overall FreeDOS Project. It provides mainly disk access through its kernel, and partial memory management, but no default GUI.

There is also GNU, Haiku, Mach, MINIX, OpenSolaris, and ReactOS.

 out of  found this valuable. Do you find this valuable?    

Show Last Reply

They include open source code in their products.-Have you forgotten the first TCP/IP implementation in Windows? It was based on open source code that Windows XP still contains remnants of. Need proof? Point your favorite hex editor at ftp.exe. You’ll find the 1983 copyright statement from the Regents of the University of California.
They support open source vendors-MySQL, SugarCRM, Jboss, and many other open source development efforts benefit from Microsoft’s support through programs created to test and verify open source applications on Microsoft platforms.
They benefit from open source everyday.-Two words: free press. Microsoft gets tons of press from their “battle” with open source. This month alone there are over 2000 articles related to “Microsoft and open source.” Add countless blogs like mine, and the value of this free chatter goes through the roof.
They open source code.-No, not shared source. I’m referring to Microsoft’s Unix tools for Windows; they provide the source code to most of these tools. Sure, we all wish they would do more, but we should acknowledge what they’ve done to date.
They are adopting open source culture.-The Mix conference is billed as a “72 hour conversation.” Remind anyone of BarCamp? There are other examples: the Microsoft Community Blogs, Channel 9, CodePlex, etc. They’re embracing openness.
They aren’t threatened by open source.
Open source is not the threat; Linux is. Don’t confuse the two. Open source is growing rapidly, but Linux has several distinguishing features that make it the real challenger. It’s more mature than other projects, it has a larger, more organized developer base, and it’s well financed. IBM has spent hundreds of millions of dollars developing, distributing, and advertising Linux, not open source. Microsoft doesn’t fear open source; it fears what the competition can do with it. Citation-http://talk.bmc.com/blogs/blog-whurley/whurley/seven-reasons-microsoft-loves-open-source

 out of  found this valuable. Do you find this valuable?    

The GNU operating system is a complete free software system, upward-compatible with Unix. GNU stands for “GNU's Not Unix”. Richard Stallman made the Initial Announcement of the GNU Project in September 1983. A longer version called the GNU Manifesto was published in September 1985. It has been translated into several other languages.

The name “GNU” was chosen because it met a few requirements; first, it was a recursive acronym for “GNU's Not Unix”, second, because it was a real word, and third, it was fun to say (or Sing).

The project to develop the GNU system is called the “GNU Project”. The GNU Project was conceived in 1983 as a way of bringing back the cooperative spirit that prevailed in the computing community in earlier days—to make cooperation possible once again by removing the obstacles to cooperation imposed by the owners of proprietary software.

By the 1980s, almost all software was proprietary, which means that it had owners who forbid and prevent cooperation by users. This made the GNU Project necessary.

An Unix-like operating system is much more than a kernel; it also includes compilers, editors, text formatters, mail software, and many other things. Thus, writing a whole operating system is a very large job. We started in January 1984. It took many years. The Free Software Foundation was founded in October 1985, initially to raise funds to help develop GNU.

Source: http://www.gnu.org/gnu/gnu-history.html

 out of  found this valuable. Do you find this valuable?    

Is OSS Secure?
I personally believe that when a program began as closed source and is then first made open source, it often starts less secure for any users, but has the potential to be much more secure than a closed program. If the program began as open source software, the public scrutiny is more likely to improve its security before it's ready for use by significant numbers of users, but just making a program open source doesn't suddenly make a program secure:
• First, people have to actually review the code. This is one of the key points of debate - will people really review code in an open source project? All sorts of factors can reduce the amount of review: being a niche or rarely-used product (where there are few potential reviewers), having few developers, and use of a rarely-used computer language. In general, if there are more reviewers, there's generally a higher likelihood that someone will identify a flaw.
• Second, at least some of the people developing and reviewing the code must know how to write secure programs. Clearly, it doesn't matter if there are ``many eyeballs'' if none of the eyeballs know what to look for.
• Third, these problems need to be fixed quickly and their fixes distributed. Open source systems tend to fix the problems quickly, but the distribution is not always smooth. I believe this problem is lessening over time, since no one ``downstream'' likes to repeatedly fix the same problem
In short, the effect on security of open source software is still a major debate in the security community, though a large number of prominent experts believe that it has great potential to be more secure.

http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/open-source-security.html

 out of  found this valuable. Do you find this valuable?    

The promise of open source software is best quality, flexibility and reliability. This is the best open source software in the world.

Firefox delivers helpful new features to make your online experience more productive. Chose from over a thousand useful add-ons to personalize and make it your own.

Pidgin - is a multi-protocol Instant Messaging client that allows you to use all of your IM accounts at once: AIM, Bonjour, Gadu-Gadu, Google Talk, Groupwise, ICQ, IRC, MSN, QQ, SILC, SIMPLE, Sametime, XMPP, Yahoo!, Zephyr

FeedReader - is a news aggregation solution that provides robust, state-of-the-art features in an intuitive, user-friendly environment. FeedBurner offers advanced, cutting-edge capabilities, including the most comprehensive podcasting support available today, as well as unique smart feed technology that puts the information you need right at your fingertips.

Azureus - implements the BitTorrent protocol using java and comes bundled with many features : Multiple torrent downloads, Upload and download speed limiting, both globally and per torrent, Advanced seeding rules, Adjustable disk cache, Only uses one port for all the torrents, UPnP sets the forward on your router and more…

FileZilla - is a fast and reliable FTP client and server with lots of useful features and an intuitive interface.

OpenOffice - is a multi platform and multi lingual office suite and an open-source project. Compatible with all other major office suites, the product is free to download, use, and distribute

Thunderbird help you better manage your unruly inbox, scales to the most sophisticated organizational needs while making it easy to find what you need.

(Source: http://lifehacker.biz/articles/best-open-source-software/ )

 out of  found this valuable. Do you find this valuable?    

-Four alternative operating systems-

SkyOS
Started in 1996 and still in beta, SkyOS is primarily developed by just one person, Robert Szeleney. This proprietary OS has a lot of good things going for it, such as symmetric multiprocessing support, an integrated media subsystem, and a journaled 64-bit file system that lets you recover a partition in the event of a crash. Application support is limited, but SkyOS offers Mozilla Firefox and Thunderbird, AbiWord, Gaim, Nvu, and Pixel, among others. Installing application software is simple via the SkyOS Software Store; all it takes is a few clicks of the mouse.

Haiku
After Be Inc.'s assets were bought Palm in 2001, a group of BeOS fans created the OpenBeOS project to write an open source operating system (under the MIT license) that would be backward-compatible with BeOS 5. The project, now known as Haiku, has made some progress since it started. A lot of programs can run on the system, including Mozilla Firefox and SeaMonkey, as well as some games and other programs.

Syllable
Syllable, created in 2002 as a fork of the now-defunct AtheOS, is a GPL-licensed open source desktop OS. It has modest hardware requirements and boots quickly. Although the choice of application software is limited, there are Web browsers, email programs, games, and a media player. To install the majority of the software, you just move a binary file out of an archive. Syllable also includes a 64-bit file system, the AtheOS File System.

Visopsys
Visopsys, the Visual Operating System, is an open source OS licensed under the GPL and LGPL that was started in 1997. However, if you're thinking of running Visopsys as a desktop OS, you might think again, as this is more of a hobby OS developed primarily by Andy McLaughlin. Visopsys offers fewer applications and much more restricted hardware support than the others in this list.
(Source:http://www.linux.com/feature/54892)

 out of  found this valuable. Do you find this valuable?    

How Open Source Software Is Developed
For those new to the idea of open source or unfamiliar with the way software gets developed, here's how it works most of the time:
• One or more developers--meaning people who have the skills to create software--get an idea about creating software to solve a problem.
• The developers start writing code to create a solution. This is frequently called "scratching an itch."
• The developers put this code where other developers can find out about it, download it, and play with it. There are many locations, such as SourceForge.com, where people post their projects.
• Usually the source code is published under one of several popular open source licenses that ensure that the source code and any derivative works remain open source.
• Through an informal process of sharing ideas, fiddling with each others' code, and trial and error, the software gets better and better, sometimes changing direction to solve new problems as new people discover the software.
• At some point, the software gets finished or doesn't. It becomes popular, stays obscure, or fades away. Programs like Linux and Apache have had thousands of contributors. Other projects have been created by one or two people.
• As time goes on, developers come and go, and projects become active or dormant.
A huge amount of amazing software has been created through this loose process. While much of open source development has focused on creating tools for software developers, an increasing amount of effort is being put into creating programs to solve less technical problems like publishing blogs or keeping track of skydiving activity.( http://www.onlamp.com/pub/a/onlamp/2005/09/15/what-is-opensource.html#how_developed )

 out of  found this valuable. Do you find this valuable?    

First, Linux was developed as a multi-user system. Therefore users are isolated from applications, files and directories that could damage the operating system. Each user has their own directory where system configuration and data files are stored. Another user cannot access or change anything within these directories without administrative access. This results in greater protection from system penetration from viruses, trojans, malware, etc because only the users files can be damaged while the overall system remains protected.

Next, as mentioned above, Linux was designed as a modular operating system. This means that most parts of the operating system operate independently of one another. As a result, a vulnerability in one part of the operating system may not harm another application on that same system. This is because few applications depend on one another to operate effectively.

Finally, unlike Windows which uses the RPC model, most Linux based distributions of programs have their network access turned off by default when they are installed on the users system. If the user wants the application to access the network, the user must manually activate this feature. The user is then required to clearly define the users and machines allowed to access the system. Even when Linux applications are installed with network access turned on by default (as some are), they are usually set up to ignore any requests from other machines on the network unless they are clearly defined by the user as previously mentioned. Additionally, Linux gives the user the ability to disable nearly all network-related RPC services and still have a fully functional machine.

 out of  found this valuable. Do you find this valuable?    

One has to question whether the attacks occur so often on Windows because of its overwhelming market share, or because there are flaws in its design? There are several reasons for this.

First, Windows has only recently developed a true multi-user system with Windows Vista and even that is debatable. Prior to that, malicious software was able to penetrate critical system programs or files, because Windows did not limit user access from these parts of the operating system. It was not until the release of Windows XP that Microsoft showed real effort to address these security issues. Windows XP did offer significantly better access restrictions and memory protection. However, Windows set the Administrator account as the default account. Therefore, the user has to set up a standard account which had limited system privileges. Most users did not create a standard account, but instead choose to run under their Administrator account. Windows made more improvements with Windows Server 2003, but it was still plagued by security vulnerabilities.

Next, Windows is monolithic by design unlike Linux, which is modular. A monolithic architecture is where processing, data and the user interface all reside on the same system. Microsoft builds most features offered by competitors into its operating systems. While this makes it harder for rivals to compete with Microsoft, the integration of the operating system exposes the user’s system to significant risks. A monolithic system can be unstable. You can introduce many risks when even one piece of the system is changed (intentionally or not). This can create a domino effect with other system applications. In this environment, even something as simple as adding a patch or security update can fix one part of Windows, but cause problems in others.

 out of  found this valuable. Do you find this valuable?