On Mon, 16 Sep 1996, Todd Truitt wrote:
> > > Politely, and IMHO, it's *very* dangerous to use any OS on your firewall
> > > which is freeware or which has it's source easily available.
> > Out of the same politeness i ask why you feel this way? Does source code
> > make an OS more vulnerable? Does that mean an OS with source is developed
> > more insecurly than an OS without src? Take BSDI and Solaris.
> > Which of the 2 is more insecure or which is more secure?
> > Neither come standard with src. To me this is truly baffling.
> The argument moves along the same lines as using sendmail vs. upas.
> upas may not be more secure, but fewer people are as familar with
> any bugs, so the chance of a successful attack are already lower.
Ahh, yes, the infamous 'security through obscurity' argument...
Personally, I would rather be able to tell what is running where
via source, than assume someone else did the job right.
And as an additional bonus.. if an explotation script gets written
for a freeware OS, there is generally a very fast response from its
support community -- I wish we could say the same of the commercial
Michael Baumann Optivus Technology Inc.|Loma Linda University Medical Center
San Bernardino, California. (909)799-8308 |Internet: baumann @