Recently, several outlets picked up the story that there were hundreds of security flaws in the Android Linux kernel, with 88 of them classified as “severe” – but that wasn’t a surprise to me. All code has flaws and errors. What surprised me were the responses I read in the forums.
Of course, Apple and Windows users were all over the fact that Android has 88 severe security flaws that have just been publicly revealed and remain unfixed. But the Linux faithful, as they so frequently do, left me just shaking my head and wondering how people can become so disconnected from logic and reality in blind devotion to their favorite OS or kernel.
In this case, the arguments centered around the “many eyes” versus “security through obscurity” models of security. Those who defended Linux pointed out that the issues were disclosed, which illustrated the superiority of the “many eyes” approach to kernel patching. They further argued that while iOS, OS X, and Windows 7 / Win 7 mobile certainly have countless security flaws – many of them severe – we can’t compare them to Linux, because those platforms are closed-source and no one knows the total number.
This is where my mind starts doing an endless-loop error cycle and the smoke starts pouring out of my ears. Maybe my non-evolved mind is simply incapable of comprehending the finer intricacies of logic that are the sacred providence of the Linux community – but there’s something in that logic that just doesn’t pan out.
In bullet points, the argument seems to be:
- Linux is open. Many eyes observe the code.
- By observing the code, the issues come to light quickly and are promptly addressed.
- Other platforms are closed. Only privileged eyes observe the code.
- Since only privileged eyes observe the code, issues may be buried and are less likely to be addressed.
Now, I don’t disagree with these basic ideas. In fact, they make sense. But I think we’re missing a couple of points.
Who are we afraid of? Not the privileged eyes who would bury and hide security flaws in code. We’re afraid of people on the outside. But by the very argument above, the people on the outside are at the same disadvantage as the “many eyes” who protect Linux and are unable to protect closed-source platforms.
The reason the “many eyes” model cannot protect closed source is because the code is closed. Likewise, those who would exploit security flaws in closed-source platforms face the same basic obstacle. They don’t have access to the raw source code to scan it for security flaws.
On the other hand, the same reason the “many eyes” model works on open source makes it inherently more vulnerable to those people on the outside who we are afraid will try to exploit security flaws. There is an inescapable logic here – that the first points go hand-in-hand with the counter points.
But there’s still more going on beneath the surface, and this is where it seems more like blind metaphysical faith and less like the rational logic that’s as dry and analytical as you would expect the Linux community to be. There seems to me to be an implied threat here that goes something like this:
“Linux can be self policed by the community of developers who use, enjoy, and support Linux. The source is open for them to review and correct, and this makes Linux a stronger, more secure, safer platform. Other platforms, on the other hand, cannot be reviewed by the end-user and developer community.”
So far, so good… but:
“Closed-source platforms, on the other hand, may obscure their severe security flaws, and the bad guys (who have unlimited skills in being able to find and exploit closed-architecture platforms) will take advantage of this by knowing and exploiting those security flaws for who-knows-how-long while the keepers of the flawed code hide the flaws and risks.”
That is where it goes wrong. If open source is safer because it enjoys the benefits of the “many eyes” security model, it’s also more at risk because the evil eyes can more easily discover and exploit the security flaws that do exist.
The whole fatal-loop exists in this logic. Quite simply, if closed source is less secure because it cannot be reviewed for security weakness, then it is more secure because it cannot be easily reviewed for security weakness. If open source is more secure because it can be reviewed for security weakness, then it is less secure because it can be reviewed for security weakness.
Obviously, the conclusion that “Linux is more secure because it is subject to the ‘many eyes’ security model” argument by itself is a valid, inductive argument (but not necessarily true). It’s only when you expand it to include the (implied) premise that the closed-platform security model is therefore less secure that the argument becomes an invalid, deductive argument (and therefore false).
The Linux community approaches this as a zero-sum “Linux Wins/Other Platforms Lose” discussion, but just because the argument that the “many eyes” security model is valid and inductive (but not proven) doesn’t mean that the “security through obscurity” security model is invalid and disproved. In fact, by itself, the “security through obscurity” security model is also a valid, inductive argument – although it’s ironic that this is only the case until it tries to compare itself against and disprove the “many eyes” security model.
So, we can’t hold the Linux community solely accountable for not paying enough attention in their Logic of Reason 101 classes when they were earning their IS degrees. There are a lot of people in each camp guilty of committing the same logical fallacies when defending their own pet OS. For some reason, though, I think the Linux community should be held accountable to a higher standard of expectations – certainly more than the unschooled masses of Windows users.
I suppose there’s an argument here that a lot of Mac users have higher education and graduate degrees, and maybe they should know better, too – but it seems to me that Linux attracts the kind of devotees who pride themselves on their razor sharp, superior intellect, logic, and reasoning. Is it just Ubuntu watering down the Linux gene pool?
Really, when you get right down to it, there are only a few places where people are willing to suspend logic and reason for blind faith. Many people in the Linux community are the first and most vocal to attack others who behave superstitiously or hopelessly biased along partisan lines. Yet they quickly slip into the same behavior when defending their own platform.
The other thing that a Logic of Reason course will teach you is that it’s impossible to argue a conclusion drawn from metaphysical belief. In the case of platform superiority, it seems clear that conclusions are drawn from the same pool from which people determine their spiritual belief or (frequently) voting preference.
Ultimately, I’m not voicing my opinion about which is superior – the “many eyes” or the “security through obscurity” security models. Instead, I’m proposing that either one is a mystical, spiritual belief that an end user comes to believe not through logic or reason, but through blind faith.
Once you realize that, it becomes pretty clear that it’s futile to try and argue or reason with anyone who has drawn their line in the sand on either side of the discussion. How do they know? “Because I’ve seen it myself,” is probably the best answer you’re going to get, which is effectively the same as, “because I can just feel it inside.” Personal feelings drawn from personal experience do not provide truths.
I haven’t seen a compelling argument either way to convince me one way or another. I’ve read and heard a lot of opinions and a lot of unsupported “evidence” provided as fact, but in the final analysis, the superiority of one security model to the other is largely a matter of personal opinion and conclusions drawn on faith – and that reduces the platform/kernel flame wars to bit-based, binary holy wars.