On Tue, Jul 06, 2004 at 10:21:08PM +0100, Richard Baker wrote: > That's not the only factor at work. Designing secure protocols and > secure systems is incredibly hard, and the only way to have any degree > of confidence at all is to subject the design or implementation to a > wide range of examinations and criticisms.
True, in principle. But in practice, by far the most important and dominating factor is the sysadmin and how much care has been put into locking down the system. I've seen quite secure and pathetically insecure systems of all the major operating systems. In every case the major difference was the sysadmin -- whether they were familiar (or took the time to become familiar) with the system in detail, and whether they cared enough to take the time to lock the system down. While I agree that with closed source there can be security holes hard-coded in, and one is thus at the mercy of the maintainer of the code, that only comes into play in a small fraction of the systems I have seen or heard about. That is because the level of experience and time required to lock down an open source system to the point where it is more secure than the "glass ceiling" on the closed source system is considerable. But in principle, you are certainly right. -- Erik Reuter http://www.erikreuter.net/ _______________________________________________ http://www.mccmedia.com/mailman/listinfo/brin-l