Saturday, July 3, 2010

Does Open Source Security Make Sense?

    I have been thinking about open source software lately, especially security software, and I thought I would share my thoughts with you.

    First of all, let’s define what open source means.  Open source is the idea in technology, especially software, that says everyone should be able to see the source material used to create it.  This means that if a program is written and distributed as open source, anyone can get a hold of the source code that makes it run.  The idea behind this is that people can take this freely available source material and either build upon it to create their own program or merely improve the existing program.

    Okay, now let’s take a look at what open source means for your computer’s security, primarily anti-virus.  If the source code for an anti-virus program is available, it would be child’s play for a dedicated virus creator, who wants to create havoc, to acquire that code and use it to discover and exploit weaknesses in it.  To me, the whole idea seems seem akin to building a wall around your castle to protect you from an outside enemy and then posting the blueprints for that selfsame wall, complete with all the secret passages and weak points marked, where any invader can easily access them.

    I think the majority of people would and do agree with me on this.  Why?  Because almost all of the anti-virus programs on the market are close source, meaning only the company that created it has access to the code that makes it run.  Think about it.  The top anti-virus companies, Norton, McAfee, Panda, Trends Micro and Avira, all keep the source code for their programs under wraps, probably because they understand the risks.

Clam      In fact, there are very few open source.  One of the best known is  ClamAV.  However, I’m not sure how long this will continue.  It appears that a company called Sourcefire has acquired the trademarks and copyrights to ClamAV, so that may change too.

    In closing, don’t trust the security of your computer to a company who posts the blueprint of your castle for all to see.  You might just get bit.

    Please feel free to comment.