Screaming Penguin

Several supposed security "experts" are claming that Linux is insecure simply because of its open source nature. I disagree. Now I dont want to get off on a complete rant and have everyone shut out before I begin, but I could not resist the moron comment, because they earned it. According to the linked Silicon.com article Phil Roberts, a "systems manager for a network installer" (now there is an expert if I have ever heard of one, quite a set of credentials, does he manage the whole install process, impressive) and Clive Longbottom a strategy analyst (enough said) state that "anyone running Linux on vital systems must be crazy." Do any of these morons know anything about security, anything about UNIX or anything about computing. Making that statement is basically declaring 75% of vital systems in the world insecure. Not that all these sites run Linux (though many do), but regardless what flavor of UNIX you run, you probably use open source tools like Apache, BIND, the ISC DHCP server, etc. These fools probably routinely connect systems with these tools and yet Linux is insecure because it is open source, to borrow from John Stossel, give me a break! Have these experts exposed a particular flaw in Linux? Are they indeed programming gurus themsleves? Do they even have a clue what they are talking about? The answer to all three seems to be, NO! Check the article for details but basically these supposed experts claim that the open source factor makes a product vulnerable. That is completely backwards. These guys are basically clueless mindless drones. Think about it. Forget Linux, just consider the issue without picking on particluar players. Is security better in a closed proprietary system or an open system? In all systems there will be exploits, that is a definite. In the closed system it is true that access to the code is limited, but so what, exploits are still uncovered (and far more in the Windows variety of OS I might add). In the open system there are also exploits, but the code has been stringently tested and tried by the community, almost every possible angle has been scrutinized publicly, all things are known about the open system, good bad and ugly, and generally all exploits are publicized and fixed with alarming efficiency and speed. The closed system has problems, but you cant fix it, you must rely on proprietary patches which are also unknown - need I mention the timeliness and or service level of commercial OS patches? The very nature of the open source movement bolsters the security of a product, it does not deter it. I challenge any of these "experts" to crack a properly configured Linux box. I would be happy to print out the source code and hand it to them, godspeed. On the other side of the coin several true Unix security experts have come forth to proclaim the anti open source experts incorrect. Hopefully there is more sense in the world, maybe Gartner should hire some more "experts." Check the article.   Silicon.Com: Linux Insecure Story