April 2006 Archives
« March 2006 | Main | May 2006 »

April 27, 2006

open source software and commercial software

A mail reply to a friend about Microsoft Internet Explorer Beta

-------------------

Generally the hacker mentality is different from business mentality. Software at big (or medium/small) companies are written by programmers who are paid to do this work, and want to mainly impress their managers by doing what they asked them to do. They might not necessarily be very interested in making the software work in ideally perfect ways, they care only for its business purpose. "Are we able to sell this software?" is the driving direction.

The hackers write these software because they like to. Some of them have very less social life, and spend hours and hours in front of computers doing what they want to do. The general people who work on open source software like firefox work on them only because they like to work on firefox- nobody is forcing them to do it. (For firefox, some of the developers are in the Mozilla.com group so they may be paid, but they joined because they actually wanted to work on that, and were working in Mozilla Foundation previously)

These hackers are often perfectionists and like to solve problems. So some of the well-made open source software are secure, and well made.

Windows comes from a business point of view, wherein they wanted to get the features in and sell the software.

We (most of us anyway) use Windows with user accounts having administrator priveleges, and hence viruses are more common because when user executes an infected binary they can overwrite system files and system areas. In Linux, since most users dont have root access, they cannot infect/modify programs/data outside their home directory.

I dont know much about this, but I think IE enables features like ActiveX controls which are more powerful, but because of their power are more prone to being used maliciously.

Mozilla had a pop-up blocker much before IE because it is developed by users, and users dont want pop-ups. IE came in later only when they realized that users will stop using their software and move to mozilla because of this, otherwise they didnt care, and anyway pop-ups are pro-business generally speaking.

What other forms of security attacks are done on a browser? I think buffer overflows and those kind of issues are generic to all software, and both firefox and IE may have many. Firefox may have less because hackers may be better programmers than general family-oriented software enginerrs like us, but also true is that hackers have less tools available to them compared to companies.

Not much purpose what I wrote above -- but was just penning rambles in the mind.

-Gaurang.

> did you start using it yet ? Is it good ?
> Its still a Beta release right. Hope all
> the security issues are fixed. I don't think that
> the other browsers are really more secure. But
> its just that, since IE is the most widely
> used browser today ...hackers tend to target it
> for attacks so that they can do maximum damage
> to maximum number of computers.
>
> If they decided to launch an attack on Firefox,
> I am sure they could break its security ...but
> they would not get as much pleasure , since
> the damage would be limited to the few Firefox
> users today !
>

---------------------

display("mt:67"); ?>

Subscribe



Get Blog posts as a feed - Atom, RSS2, or RSS1
Powered by
Movable Type 3.33