Thursday, July 28, 2011

Why Closed Source Software is More Secure

One of the things open source advocates often pride themselves on is their software of choice being more secure than the closed source alternatives. I'm beginning to wonder if we shouldn't though. You see I got into a discussion with a Windows system administrator the other day and it got me thinking. I've come to realize there are a number of ways closed source software is more secure than open source alternatives.

It secures a safer code base, ensuring that the software cannot be exploited.

A small team with limited resources can easily find and resolve issues faster than a limitless number of people are able to. With this in mind having a code base that only a small development team has access to is clearly safer than having an open project.

It secures a proprietary market lock for the company making said software.

Having a lock on your given market is important. If market locks didn't exist companies wouldn't be able to charge outrageous prices for their inventions. If software was open it would lead to standardized protocols. Standardized protocols would force market leaders to continue to be innovative and provide the overall best product to maintain their standing.

With closed source software a company needs to simply be the first to provide a decent piece of software for a given task. Once they capture a majority of the market, the software is able to degrade without losing many users.

It secures more money every update release for the company making said software.

It's clear that a company with an open source business model could never succeed. Once you lock your users into using your product you can charge them whatever you want each time you release a new version. This is OK though, big cooperations would never want to hurt their users! I mean it's not like anyone would ever charge thousands of dollars for a new version of their software right?

While it seems there might be some argument for closed source software being more secure, I'm not sure that this Linux advocate is fully convinced as of yet. What is your take on the subject?

~Jeff Hoogland

17 comments:

  1. Almost had me there

    ReplyDelete
  2. I loved reading this article. Every statement started off as being somewhat reasonable, but then quickly spun out as absurd. Thanks for this!
    --
    a Linux Mint user since 2009 May 1

    ReplyDelete
  3. The first is not applicable to all closed source software. Think about MS Windows and many other apps that are closed source and at the same time are victims of exploits, cracking, hacking and malware.

    The second and the third points of your post are very known because they reflect the reality of propietary software.

    ReplyDelete
  4. More secure, hmmmm...

    Financial security, right?

    ReplyDelete
  5. I hear ya..... we were running nt4 FOREVER(internal only) at my office for our file server (we used old school custom apps for customer records etc) and had to have 25 computers able to access the file share at the same time......well were comming to a crossroad since NT would not work with modern hardware etc.

    long story short we ended up running debian and samba :) the alternative was to pay M$ $2000 for server 2008 PLUS cal's JUST FOR BASIC FILE SHARING.

    ReplyDelete
  6. We all love backdoors :)

    ReplyDelete
  7. Wow, given your views I think I should stop using Bodhi.

    ReplyDelete
  8. @Anonymous - Pro Tip: Google sarcasm.

    ReplyDelete
  9. LOL, Almost had me there Jeff.. =) No one tell Red Hat they're not a billion dollar company that's still growing while Redmond's stock has been flat for 10 years.

    ReplyDelete
  10. hehe, great post! had to read it twice though as the sarcasm didn't get through to me in the early morning.
    though I have to say, in my work as Windows sys admin (but I do see myself as a Linux advocate), I don't come across a lot of people advocating the security of closed source. perhaps security isn't really their priority? ;)

    ReplyDelete
  11. Jeff, sarcasm is not a wellunderstood concept. Expect a lot of misguided flack and trolling.

    But excellent read nontheless!

    ReplyDelete
  12. Closed Source Software is More Secure for your wallet :(

    ReplyDelete
  13. Your arguments are sound. The closed source is clearly more secure - for the vendor!

    ReplyDelete
  14. Good article.
    I was thinking about it while looking at some closed source vs open-source RDBMS.
    Oracle provides a very good Relational Database Management System highly priced and now also "owns" mysql.
    From experience I can tell you that software support from Oracle is far from what you can expect for the price.
    The software features are huge but the software quality is questionable nowadays.
    You may see faster bug resolution on open-source software even if there's no "paid" guaranty that they have to provide a solution.
    You can even fix the code yourself and make your own patch. That's impossible with closed source software.
    Opensource opens the market to specialized bug-fixer companies in total legality and transparency.
    I have a bug or miss a feature with mysql, if the main developers would not include it, I can hire another company that could make a fork or add a plugin.
    Opensource doesn't mean free, it just means you have the code, you still have to build it / understand it if you want control it.
    When a software become complex, it will take time for one to understand the flow in the code and adapt it.
    Within closed source software, a new contributor will need to have some knowledge transfert to be effective.
    It takes time.
    Same goes with open source, except that you may find someone who already knows most of it.
    I think nobody will contribute in a opensource project if he got no interest, either financial / intellectual.
    So it makes the candidates to contribute / hack a small niche, but larger than closed source.

    So to comment on the most "secure" model.
    Closed source, at most you need to reverse engineer the binary to exploit it, everything is a bit in a computer.
    who will do that to make the software safer ? Probably only the vendor.
    Opensource, you read the code and find an exploit, you can exploit.
    Someone else do the same, he can fix it.
    So it's both side, less people can hack, less people can fix.
    It doesn't mean closed source is safer, only it may be more difficult to find an exploit.

    Regarding the market lock, I totaly agree. But open source opens the market to concurrency.
    I do the code, you only sell it compiled. If you can't improve it or fix it, I keep the credit and merit and probably the market in the mid term.
    You still depend on me to update the code.
    It's like a "perfect" fake, cheaper but not the real thing even if equivalent.
    Look at Redhat vs Centos vs Oracle vs Scientific Linux distributions.

    With Redhat you have support, with Oracle you have support also but it's now more a fork, not the same product anymore.
    Centos and SL are still depending on the original, source code is only released once produced.
    Maybe it would be fair to have some law protecting the original contributor.


    Also, testing is what may make the difference.
    Most softwares are filled with bugs, equally increased by the complexity of it.
    Software evolves, in features and bufixes.
    Bugs are human errors or conceptualization errors.
    The quality of a soft depends on the amount of people thinking of it and following strict rules to make it safe.
    So methodology, programming skills/experience, testing make better software.
    More users give more tests.
    More code readers may give more code optimization / simplification and solve conceptual bugs.
    I think an open source software with good project lead / methodology and contributors will always win over a closed source software with same resources.
    Any external view / comments on it will bring benefits, it's not possible with closed source.

    One could imagine a very high level programming language called for instance "Requirements" that would allow the end user to inject new features/fixes when they need it.

    ReplyDelete
  15. WARNING: Sarcasm ahead ;-)
    Another clear advantage of closed source is that when your Windows box gets hit and you must reformat the HD, some of the unlocking codes of programs are no longer accepted, which forces the user to pay again. This sends the message that piracy is wrong and benefits the production of software.

    Great article. For a moment, I couldn't believe my eyes as I read.

    ReplyDelete
  16. the author should stop using software for his own good

    ReplyDelete
  17. Primitivo seila mas vamos os nativos danossa bela terra
    Indios na sua cultura todas irforma;oes sao passadas para todos todo o conhecimento e para todos nehnum integrante pode ter o conhecimento para si mesmo tem que compartilhar e assim todos sao cultos na sua cultura
    Viva a terra tupi niquin viva a liberdade do conhecimento se errei no portugues desculpe-me mas tenho cetrtesa que acertei no pensamento viva o linux

    ReplyDelete