[Edu-sig] UPDATE: High School Network Security

Lee Harr missive at hotmail.com
Mon May 16 23:41:28 CEST 2005


>1) Lack of technical support from the 'vendor'. Since most open source 
>software
>is provided 'free' and is not maintained by a central vendor, technical 
>support
>is limited if not non existent.

I don't know about you, but I think I'd rather have all my teeth pulled
than have to go through front-line tech support on any commercial
product. Any time I've had a real problem with an open source product
I've had nearly instantaneous access (through mailing lists and
newsgroups) to the actual developers of the software. Talk about
service!


>2) Product testing was another reason. Since there are so many contributors 
>to
>open source software, in many cases, the software is not tested for
>compatibility and stability. As such, there is no level of expectation that 
>the
>product will function as stated. Further more, with the limited testing of 
>the
>software, we have no idea of what problems or ill effects the software may 
>have
>on the computers and network.

Ever had a windows service pack break a piece of software? Happens
all the time. In fact, many businesses have been resisting the install
of sp2 for just this reason. Now microsoft has made sp2 mandatory.


>3) Legal issues. According to the American Bar Association, Contributors do 
>not
>vouch for the cleanliness of the code they contribute to the project; in 
>fact,
>the opposite is true -- the standard open source license is designed to be 
>very
>protective of the contributor.

Wrong. The license is very protective of the USER.

>From the preamble to the GPL:

"""
The licenses for most software are designed to take away your
freedom to share and change it.  By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users.
"""

You can't be free to use and share if there are patent problems,
now can you?

Sounds like someone needs to go read the GPL. Chances are, of
course, they are used to just clicking "Next" on any and all installs
and have never read any of the licenses. Most open source licenses
are at least readable. They should give it a try.

If they took the time to read the EULAs for their other software, I
bet they would find even more stringent disclaimers of responsibility
than the ones found in open source licenses.

Reading their ABA link, it sounds like the lawyers probably do not
like that fact that a human being could be so bold as to write in
plain terms. Kinda cuts in to their profits. Too bad.

>From their article:

"""
Open source licenses also do not contain the kinds of representations
and warranties of quality or fitness for a particular purpose that
commercial software vendors sometimes negotiate into agreements
among themselves.
"""

This sounds more like something that would happen between a producer
and a reseller. The school is probably in more danger of having the BSA
come in and search for (possibly nonexistant) pirateware.

In fact, this may be exactly what they fear. I've heard some school 
districts
are being bullied in just this way. Run free software, get audited. There
was a recent article which said that schools are "afraid" of microsoft.
That is just awful. It has to stop.


>4) Security of the "system." Since in most cases, anyone can obtain a copy 
>of
>the source code of the software (OPEN SOURCE), we are running the risk of a
>user being able to modify the software on the network and manipulated it in
>such a manor to produce undesired effects.

Pure stupidity. CAPITALIZING it does not make it any less stupid.

I could write a write a program (using the closed source microsoft
compiler, even) that removes system files and rename it
iexplore.exe but that does not affect system security in any way.


>  Another security concern is the ability of virus introduction. Since the
>source code is open, anyone so inclined, could create a virus to exploit 
>the
>software without much difficulty.

Oh?  I guess that is why there are so many Linux, and BSD viruses flying
around the 'net. Clearly, access to source code is not a prerequisite for
creating viruses. In fact, empirical evidence seems to point the other way.

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/



More information about the Edu-sig mailing list