Thursday, July 29, 2004

Open Source vs Microsoft

I have had many conversations regarding Linux vs Microsoft and Mozilla vs IE for Digital Signage Software. Webpavement as you know is based on Microsoft technology. Here are some thoughts to ponder:

Since well before the current Mozilla vs IE debate, open-source folks have been loudly proclaiming that their way is better and more secure than closed-source vendors like Microsoft. Typically, there is not much dissention from this position, but I think there should be. There are several contentions that open-source supporters make that are taken as fact when they are really lacking objective evidence in support of theclaims. Here are 3 bigs ones that bear more discussion.

1.      "Open-source developers are inherently superior because they doit from a 'love' for their subject rather than for money." --- HonestlyI have no idea why people even make this claim. It cannot truly be proven and is pretty prejudiced to boot. I know plenty of people who LOVE what they do and happen to get paid for it. In fact, I'd bet most people who work on open-source applications would leap at the chance to give up whatever job they have to get paid to work on the applications they love. No, simply because one group of developers is paid and one is does not logically lead to the conclusion that the free code is better, or more secure than the code that is paid for.

2.      "Open-source code is more secure because so many more "eyes"look at it and study it for flaws." --- Really? Does every person who looks at the code study it for flaws? Aren't some of the folks looking for ways to add things to it? Is EVERY piece of the code studied? I once spoke to an open-source supporter who admitted to me that some code is more interesting than other code and that there are definitely pieces ofthe applications that get much less scrutiny than the rest. The assumption of the argument is that all these "eyes" are looking at everything equally and that is just not the case. One could argue that it is more likely that EVERY piece of an MS application is more likely to be looked at than every piece of open-source code because someone at Microsoft is paid to look at it. More eyes does not necessarily mean more secure if those eyes are ignoring some of the code.

3.      "The fact that so many more security problems arise with IE versus Mozilla proves open-source is more secure." --- Maybe yes and maybe no. Microsoft is a victim of its own success to a point here. Every time there is a problem with IE, the entire world hears about it. There are entire organizations and mechanisms to report such flaws to the community. Worse, Microsoft has to be careful when they "fix"problems because of the potential that they could cause a customer great harm by breaking something else that is not even their software. MS has to report when they issue a patch and test it for some period of timebefore releasing it. The open-source software is under no such constraints. How many security flaws are fixed silently by the open-source community? Don't the folks at places like Mozilla have a vested interest in fixing these things without publicity? Is anyone trying to scrutinize every change they make? In addition, does Mozilla really need to worry about compatibility issues when they fix something? Since you don't buy Mozilla, they have no "customers" as such and are not legally at risk if they "fix"something and break someone's mission critical application. In short, there are more reported flaws with things like IE, but that does not mean Mozilla does not have just as many. There are unquestionably some advantages to open-source software versus closed-source software, but I remain unconvinced that the advantages areas great as claimed. At least with regard to Digital Signage.

src: ntbugtrak


Anonymous said...

The author clearly has no understanding of this subject. Pretty typical of a Microsoft zealot. Maybe next time he'll do some research.

Anonymous said...

^^ Agreed