Hmm.. the last two people don't seem to have completely understood the article. The point is that the number of viruses that succeed on Linux is surprisingly low compared to the number of sytems. Macintoshes already had more viruses with a much lower user base. That's the _experimental evidence_. Now the question is, why?

When we look at things, it turns out that most Linux viruses don't spread very far or fast, even compared to their design. The same level of virus on Windows would invade most systems. This explains why linux viruses are not such a problem. Now the question is, Why don't Linux viruses spread.

And here we get to the interesting part. Many people, such as the previous two posters, suggest that computing security is mainly technical, however, the article writer is suggesting an interesting theory. The first part of the theory is that minor changes in interface design have a major effect on security. The second part of the theory is that the changes that matter are normally ones which conflict with the marketing aims of large software companies like Microsoft.

The summary of the theory is that: even where the quality of free software is worse than that of proprietry software, the security of free software will be better since the software will mostly be designed in the user's interest and not the interest of the marketing organisation of a large software company.

The key problem with this theory comes from the large amount of experimental and innovative free software which suffers from bad design and poor security. Proprietry software tends to go in for less innovation so tends to be more stable on the average. This can be seen from the fact that for every problem there will be many tens of free solutions available which are not even complete.

The better theory to put forward would probably be something like

"Recent observations show that companies which choose well known and reputable free software will tend to get much better security than those which go for well known and reputable proprietry software. The reason for this is that even with well respected proprietry software, the security aspects of the user interface design tend to be seriously compromised for marketing reasons."

And the advice would be to always choose a free alternative where there are two alternatvies which cover the same need.

It is strange that, yet again, the first posts in such debate are from two apparent microsoft devotees simply trying to discredit what is a reasonable argument.

If this theory is defensible, let alone true, then it is something which is very important to discuss in security focus. Trying to say that it belongs in zdnet is trying to avoid practical security and instead focus on some CS type theoretical security which is not much use in the real world.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/188/22845#22845