Sunbeltblog comments
Open software, in my opinion, does not make it more secure. Not unless the community your sharing it with are all willing to review the source code, plough through it and find bugs and the like.
For the vast majority of people who use open source, that is a no no. What most people see when they see open source, is free software.
Most people want the freeware rather than particularly wanting the open source. So while I may not go for an open source Firewall, I would put my trust in a freeware firewall, such as Sunbelt, Comodo or Zone Alarm.
I have seen what open source does to programs, and as you rightly says, it makes for add-ons and features, but not really more security.
I don't really bash windows and I certainly would not advocate Linux over Windows 
There are a few factual errors here:
The ironic thing is that many of those same people who tell me that open source software is more secure are also warning us that we can't rely on information we find in Wikipedia. Why? Because it's open to any and everyone to post articles. It follows the same "peer review" model as open source software. So why is being open a bad thing in one case and a good thing in the other?
Not familiar with any that operate in any way/shape/form like Wikipedia. In virtually all, in order for a patch to be added to the project it must be submitted and reviewed. Otherwise it's just a text file sitting on a server somewhere. Wikipedia everyone commits changes to the live instance immediately. Most who contribute to open source projects spend several hundred hours before they can commit to cvs/subversion themselves... and still it's reviewed by others. For everyone else: you've got to win someone over.
But open source doesn't always mean it's free, either. Let's take a look at Linux, for example. Depending on the distribution, prices run the gamut from free download to hundreds of dollars. Open source server software can be quite expensive. Even when the software doesn't cost anything upfront, there may be hidden costs involved in using it. Because the free versions don't provide any technical support, there are plenty of people making money supporting open source products. And if your time is worth money (mine certainly is), time spent compiling a kernel or writing your own drivers is going to cost you.
Pretty much all free. You only pay for support. If you want RedHat Enterprise Linux, you can just use CentOS (which is RedHat minus the branding). What your paying for is a support contact.
I don't recall MS providing much free support either... so your pretty much on your own either way. Newsgroups, forums, etc. exist for both. For any decent IT person, it's good enough. If you have an IT staff and still need more, odds are your staff is inadequate for your needs.
There's nothing stopping those folks from wiping Windows right off their hard disks and running open source. So why don't they?
Very simple: most non-technical users insist on proprietary formats, and vendors cater to them. From Flash on linux being pretty bad to lack of WMV, QuickTime, and peoples insistence of using self-extracting zip files even though they haven't been necessary since the early 90's among many other annoyances.
Driving is pretty easy when you don't have to worry about drunk drivers, or someone who is paying more attention to the radio than the road. Unfortunately the driving itself is a minor task when behind the wheel.
And if you really believe in "freedom" when it comes to software, how about letting those of us who prefer to use Windows do so without condemning us for that choice? It doesn't matter to me what software anyone else uses. So why are the open sourcerers always trying so hard to convert me?
Nobodys stopping you from using windows... but many are annoyed when Windows crashes and someone needs help because they don't want to pay MS for support, or because Genuine Advantage incorrectly determined their copy to be pirated. That's the cost of commercial software. As I recall the Windows license does permit them to charge for any support (or patches) they choose, and even to decide if your copy is pirated or not.
Considering how many products have ended up phoning home, or doing other shady things, I vastly prefer that I can audit any part that I wish. Most "freeware" and even some commercial products are suspicious at best. Why should I trust something from sunbelt software? There isn't any reputation out there to say it's legitimate that can't be forged (we know companies rate their own products, and even buzz about them on forums to make them look good). Nobody knows what they really do inside anyway. So why buy? How does Sunbelt prove their products don't do anything other than what they claim? Sunbelt could make a lot of money selling demographic info they capture from web surfing habits, etc. Not accusing them of anything like that (I've used Kerio firewall myself), but I don't have anything to say the software doesn't do anything I wouldn't approve of.
Also note many open source projects are audited by Coverity Stanford and Symantec (sponsored by Homeland security):
http:// www.washingtontechnology....opic=daily_news
How many commercial products have undergone such audits? To use the same example again, I haven't seen any documentation from Sunbelt on the results of the last years worth of daily audits. I presume they do them... but don't really know.
Like all things you should choose the right tool for the right job. Is open source software more secure? It can be - take OpenBSD for example - in 10 years 2 remotely abuseable bugs in the default install. SOmething both Windows and Linux could only dream about. But that comes at a cost in terms of hardware and software support. So this is only applicable if it does what you need. There are some open source tools and apps I love, but not in every space. In this sense I think I'm more pragmatic than many people that are either so pro or so anti that they lose sight of the middle.
In my company we use a mix of Windows and FreeBSD systems and are currently looking at adding one or more Macs. As a tech support company though we don't currently deploy *nix systems at clients because the majority of them are far happier paying for something they know and expect. Call it the Microsoft tax if you will, but it doesn't matter when someone's idea of a computer is word, excel and outlook, and they make their money from using it.
Personally I'm tired of the OS wars ... never really interested me. Yeah I moan about Windows and MS often enough and when push came to shove opted for BSD over Windows or Linux for some new servers. The reality is that so far they are far more maintenance free than any Windows system I support. But replace my desktop? ... not at this time thank you.
In your concluding paragraph, you pose a couple of questions, and I'm not sure if you intended the points to be related or not. Specifically:
"Do you buy the idea that being "open" makes software more secure, or automatically makes it "better" or somehow morally superior to closed source software?"
The idea of being "open" or "free" (as in speech) is a license issue. It does not make the software anything. It can be good, bad, or indifferent. Whether software is secure or not is not related to whether it's free or not. However, there are inherent characteristics of open/free software that give the user the FREEDOM to be more secure than with closed source, whether or not he or she chooses to exercise that freedom. Non-free software robs you of that freedom. It forces you to make the choice to accept the vendor's security mistakes or not use the software at all. (To quickly address the obvious rebuttal, the freedom to make that choice is not a freedom any more than, say, the freedom to eat rotten meat or starve.)
As far as being morally superior, YES, free software is morally superior to closed software. Richard Stallman has developed and documented this argument well enough that it's not worth repeating here, but I highly recommend you read through and understand the information at http://www.gnu.org/philosophy/.
I think looking for one operating system to act as a panacea for every computing need is a bit naive. Each OS has it's own strengths and weaknesses depending on their application. So to "throw the baby out with the bath water" just because an Open Source advocate doesn't exclusively use Open Source solutions is silly. What's also silly is that this blog is powered by Blogspot which is running Linux.
Others have already made excellent points regarding various aspects of Open Source, because to some extent some education is needed about exactly what Free and Open Source software is and isn't. On that note, I highly recommend the TWIT podcast FLOSS Weekly (http://www.twit.tv/FLOSS). The first couple of episodes are very informative and worth a listen.
As or my own opinion, I think that FLOSS solutions are just starting to come "into their own" with corporate culture and being recognized as solid solutions. I think projects such as Firefox and Thunderbird are good examples and illustrate that business models exist for FLOSS software. For this reason, I think that corporations are coming around to considering certain Open Source solutions that provide answers to SPECIFIC problems. Many companies like knowing that someone is "on the hook" should something go wrong and having a profitable company behind a product is tantamount.
Does this mean that in short order we'll see every desktop running Linux? Heck no, but to think that is to jump to conclusions. Conclusions that are based on a lack of information and perhaps a bit of a Freudian slip that highlight some of your underlying fears? If you haven't already, I suggest you read Larry Augustin's article "Time for a New Software Model" (http://www.sandhill.com/opinion/editorial.php?
id=54).
From a corporate US perspective, Microsoft solutions have traditionally made good business sense and thankfully there's a plethora of vendors and service providers that assist to support that decision -- such as Sunbelt Software as well as myself. Your entire corporation exists because of Microsoft so to write about the Open Source source space reeks a bit of sensationalism. That fact that Alex feels the need to preference your article only compounds that fact.
That issue aside, what Open Source software provides is freedom. Freedom to choose. People that feel that Microsoft is the right choice for them are free to make that choice. However, there are just as many companies, schools, and individuals whose needs require a different choice and Open Source gives them just that.
Lastly, in regards to wether FLOSS is better, more secure, or superior, it just seems like we're using broad strokes to oversimplify an issue whose only intent is to insight an argument. Is ALL closed source software bad? No. Is ALL Open Source software more secure? No. I think it boils down to a case-by-case basis of specific software addressing specific technology problems. Problems that are unique to the user/business/government making the decision.
If you really wanted to get them riled up you should have said something like "BSD is more free than GPL".
My feeling is that people should use whatever is best for them (however you define "best"). About morality...I think that if two parties willingly agree to licensing terms (whether proprietary, GPL, or anything else) then there is no moral issue. Maybe someone external to that situation would see it as immoral, but that's like some redneck getting offended by a gay couple because it goes against his belief system. Of course the hole in this argument is that proprietary software usually doesn't present a license until installation and most retailers won't accept opened software for return. Regardless, there are always going to be people who get offended by other people due to various belief systems. I could not care less if somebody else uses/writes proprietary, GPL, or other software; my only concern is what I use/write. Issuing a blanket statement like "proprietary software is immoral" is no better than saying that "homosexuality is immoral". For certain belief systems it may be true, but it may not be true for the only belief system that matters: mine. Murder is virtually the only thing seen as immoral by all civilizations. Everything else is up for debate.
Comparing the morality judgement against proprietary software to bigotry against homosexuals is a weak straw man argument. You clearly are not familiar with the reasoning behind the belief that proprietary software is evilimmoral, certainly not enough to decide whether you are for or against such an argument in a rational and objective manner. If you believe that people are entitled to freedom, then proprietary software is inherently immoral. You have the right to believe that people are NOT entitled to freedom, but I would argue THAT would be much more analagous to saying something like "homosexuality is immoral."
Commenting by HaloScan
