[Edu-sig] UPDATE: High School Network Security

[Frank Noschese]

Hello again,

Thanks to everyone that gave input to my Vpython installation roadblock. Like
Arthur said, this is not a situation which will be fixed by a little
"education." I asked the tech coordinator to outline the reasons why installing
open source is not in the school's best interest. Here is the reply:

=======
"In Reference to our ticket #313, there are a number of reasons why we (the
technical team) decided that it would not be in keeping with the "best
practices" of the district to install open source software on the districts
computers and network. Four key reasons are as follows:

1) Lack of technical support from the 'vendor'. Since most open source software
is provided 'free' and is not maintained by a central vendor, technical support
is limited if not non existent. With this lack of technical support of the
software products in question, we have no way of getting help when the software
has a problem or is the cause of problems with the network.

2) Product testing was another reason. Since there are so many contributors to
open source software, in many cases, the software is not tested for
compatibility and stability. As such, there is no level of expectation that the
product will function as stated. Further more, with the limited testing of the
software, we have no idea of what problems or ill effects the software may have
on the computers and network.

3) Legal issues. According to the American Bar Association, Contributors do not
vouch for the cleanliness of the code they contribute to the project; in fact,
the opposite is true -- the standard open source license is designed to be very
protective of the contributor. The typical license form does not include any
intellectual property representations, warranties or indemnities in favor of
the licensee; it contains a broad disclaimer of all warranties that benefits
the licensor/contributors. Seeing in that there is no way for us to verify that
the code that contributors are adding is there own, we may be opening up the
district to legal actions should the software or portions there of are
copyrighted and being used illegally or improperly. See attachment for more
detail...

4) Security of the "system." Since in most cases, anyone can obtain a copy of
the source code of the software (OPEN SOURCE), we are running the risk of a
user being able to modify the software on the network and manipulated it in
such a manor to produce undesired effects. Since we have to look out for the
stability and security of the network, this was viewed as a possible security
issue. Another security concern is the ability of virus introduction. Since the
source code is open, anyone so inclined, could create a virus to exploit the
software without much difficulty. This ability to introduce a virus or other
malicious code to the system can have the effect of bringing the system "down"
and possible data loss or corruption."
===========

Also included in the email was information from the American Bar Association
at: <http://www.abanet.org/intelprop/opensource.html>

Any thoughts from you folks? Do they have any truly valid points? Perhaps a
"Live CD" is my best (only?) option.

Many thanks again,
Frank Noschese
John Jay High School
Cross River, NY