Correct. Because Linux is not used to do any of the important work, only as server or routing functions. All important applications and data and the mission-critical information resides on Windows machines.
Correct. Because Linux is not used to do any of the important work, only as server or routing functions. All important applications and data and the mission-critical information resides on Windows machines.
This is purely Linux's fault. Linux still refuses to add support to run the Excel macros which are responsible for processing almost all of today's enterprise data.
The problem with Linux is that anybody with money can easily infiltrate the developer network and there isn't enough money in open source to actually audit massive amounts of code enough, which was kind of part of the promise of it's benefit.
SURE, the code is there to look at, but as your develop an OS that's millions of lines of code interacting with each other the ONLY way to keep it secure is to constantly audit the code and there isn't even enough money in the private sector to get that done.
We've seen bugs stay in code for decades now, so we know a lack of auditing is a problem. Maybe better code tools and machine learning can do code auditing for us someday and improve the security of more complex projects for a price and time investment that makes quality code auditing more common, but as it stands I think private nor opensource project can actually check their code effectively and often enough.
I think it's easier to infiltrate the low pay opensource community than a private corporation and that is a real problem with mission critical volenteer effort opensource projects. Paid ones are fine and theoretically provide more auditing potential, but again simply have the code open doesn't mean qualified people are regurarly reviewing it. Just glancing at piece of code to see how things work isn't going to reveal bugs left or even put in there.
How hard would is be for China or Russia or the NSA to get one or more people on key development teams? How likely is that to be picked up from an audit? With all these projects just run however they want to be it's hard to know which ones are trying hard to audit code and which ones are just throwing out code and hoping it's good. Just because it doesn't crash doesn't mean it's good code anymore, we are long past those days.
There is no magic bullet to writing secure code and keeping it updated other than have tons of money to throw at the problem AND actually bother to do so. Perhaps some day AI will help us audit and write out code, but that's not today.
Yeah I love open source but the millions of eyes thing is a little wishful. I've been coding for 40 years but I sure as shit don't bother looking at the source code of systems I use unless I want to fix or modify it, which is extremely EXTREMELY rare.
Of course looking at the source code won't help shit if the build system has been hacked.
Interesting point. How do you know countries or criminal organizations haven't bribed or blackmailed developers who work for proprietary companies? If they have lots of money, they can pay for people wherever they want. So your argument is kind of moot.
Dude who the fuck looks at the code, you simply compare it to an earlier safe version and check all the code that changed, not the rest of it. You do not reinvent the wheel over and over again.
What Kaspersky wants to do is work on the offensive side of defence. You can not have a good defence without a good offence. That means designing honey pot specfic software that runs attackable virtual machines on a network to draw in attacks and once at attack is registered, depending upon type, the authorities can i
The only possible interpretation of any research whatever in the `social
sciences' is: some do, some don't.
-- Ernest Rutherford
He comes the Wolf! - cried the boy (Score:4, Insightful)
So... resuming: the supposed danger does basically nothing in Linux and the REAL issue is that they use it to attack Windows and iOS attached to it...
WOW!
Re: (Score:-1)
Re: (Score:5, Funny)
Correct. Because Linux is not used to do any of the important work, only as server or routing functions. All important applications and data and the mission-critical information resides on Windows machines.
This is purely Linux's fault. Linux still refuses to add support to run the Excel macros which are responsible for processing almost all of today's enterprise data.
Re:He comes the Wolf! - cried the boy (Score:3)
Re: (Score:3)
Of course looking at the source code won't help shit if the build system has been hacked.
Re: (Score:3)
Re: (Score:2)
Dude who the fuck looks at the code, you simply compare it to an earlier safe version and check all the code that changed, not the rest of it. You do not reinvent the wheel over and over again.
What Kaspersky wants to do is work on the offensive side of defence. You can not have a good defence without a good offence. That means designing honey pot specfic software that runs attackable virtual machines on a network to draw in attacks and once at attack is registered, depending upon type, the authorities can i