General discussion

Locked

Who's responsible for OpenSource OS's

By HAL 9000 Moderator ·
It is somewhere else as I saw this question a few days ago and as usual paid very little attention to it however it did get me thinking evnetually. Exactly who is responsible for Open Sorce Codes Security. This question on first glance seems simple enough and I even was of the opinion that someone was trying to deflect critisinum from good old MS but on thinking about it I cane to this conclusion.

As all this open source code is downloadable whoever downloads and installs it is responsible, however if you by a boxed set then the supplier should be responsible. Sounds simple enough all right? Then I thought about the licence agrement that comes whit every bit of open sorurce software I have ever used and I am talking Unix/Linux here. There is one very big difference between Open Source Os's and the MS alternative. The open source encorouges you to go into the sorce code and plug any holes you find and they only ask that you post these changes for everybody else to use. MS on the other hand has the corporates world most closely guarded secret and that is its Windows whatever sorce code they actually write it in their own machine language nothing wrong there But I would not like to be the person who approched Microsoft and told them I had found a flaw in one of thier OS's. This is the real difference in Open Source you are welcome to make changes not only that but are actually encouraged MS on the other hand I do not think would treat you very nicely if you approched them with a security improvement I personally think they would at the very least be highly offended and take steps against you.

I am open to your coments on this. Any ideas?

This conversation is currently closed to new comments.

18 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Not at all.

by Cactus Pete In reply to Who's responsible for Ope ...

Microsoft has always been completely professional towards me and those I know who have approached them conerning security.

Collapse -

I/m not talking here

by HAL 9000 Moderator In reply to Not at all.

about simply informing MS about a security flaw you may have found what I am talking about is decompiling the original sorce code and then finding something. This is expressely forbidden in MS's EULA. If you where to do this and admit it to MS do you really think they would still be as responsive?

Collapse -

This is all

by HAL 9000 Moderator In reply to Not at all.

Several months ago MS anounced they had captured a massive amount of Pirat XP Pro and other MS Software they actually notified all their partners here in Australia with jpeg images of both the pirate and geninue product. Honestly I could not see thedifference but then again it was only a jpeg image for internet posting so it wasn't all that good. So I contacted MS here and asked could they please supply me with the covers of the pirate manuals and at least a disabled copy of the pirats XP diskso I could at least see the differences and then show them to my customers just to maintian my pratice of not supporting pirates. MS on the other hand where lets say less than impressed they actually accused me of trying to pirate their software which was never the aim I only wanted to see the differences so I could be absoultly sure that I was not buying unknowenly pirate software and also to promote brand awarness to the general public. To me it seems a fools errand to decry piracy and then at every chance keep you distributers in the dark. Their reply was to look up their web page to find authorised suppliers. That was all well and good if you wanted to buy several thousand copies of whatever but the smaller resellers are not listed so I can not beyond resonable doubt confirm that I am actually buying geninue product, although I am sure that I am it is with these very good copies where the problem arrises on the XP front cover the only listed difference was the space between the W and the indows which is impossible to see in a jpeg image no matter how large you make it. The other question is amI capable of decompiling thier source code? Well yes I just not that interested and I certianly don't have the time.

Collapse -

This is getting off the point

by HAL 9000 Moderator In reply to This is all

I am only adding this as reference to the above Rolls Royce Aero when ever they find pirat parts around make these bits freely available to all their end ussers with the part, packaging and full docqumantation. How do I know this? It is because I dosome work for the Senior Enginer at Quantas Brisbane and one time that I was at the airport he showed me a turbine blade or actually two and asked if I could tell which one was conterfiet. As usuall I ran off at the mouth and said sure just show me the packaging and certifaction certificits. This should have been an easy one right? Well no it wasn't everything was identical and I do mean idenital there was absoutly no difference between the two blades one however did have a dab of white paint on it and as nothing more than an educated guess I picked that one as it would not have gone into use in this manner. I was right but only because RR had marked the counterfit part. When I looked at the magnaflux {something like x-ray}images you couldeasly see the difference the pirate part was full of inperfections and would certinally fail if it where to be used. However the packaging and certifacitation are susposed to prove the part is what it claims to be and this is a very highly regulatedarea as we can't have planes in this case a 747 having a engine shut down on takeoff. If it is possible to duplicate Government certificits without flaw how are we average joe's susposed to get by? RR insists on sharing this with their users, on theother hand MS imeaditelly thought I was trying to pirate their in this case OS even though I asked for a crippled copy and it is not hard to cripple a CD and front and back covers of the manual. They where destroying the stuff anyway so what harm could come from having this out to protect their name? RR thinks this way however MS is wrapped up in some sought of bubble wrap always thinking you are out to get them.

Collapse -

Alternative request for info

by generalist In reply to This is getting off the p ...

You might try asking for a bit map, one-to-one scale image of the CD and front/back pages if the JPEG image marginal. And for good measure, request the same for the legitimate copies.

Unfortunately, I suspect that the holographic techniques usedfor the real MS products may not reproduce well.

Collapse -

That probably a good idea

by HAL 9000 Moderator In reply to Alternative request for i ...

But at least I know I have genune MS Product as they sent it to me so I at least have a reference point. If it is actually pirate then MS is sending out the pirate stuff well I don't think so! But if it is possible to reproduce a Government Documentwithout flaw then anything is possible. After all the problem is not a new one as all Governments have been facing the very same problem since time began only they don't call it pirate they call it counterfeit {thats our money and now our plastic aswell}. Even Governments make available the conterfeit product to some areas just so the public can see the difference. Naturally these are places who absoultly garantie not to use the product for anything more than display like Banks and Police. Actually when counterfiet currency is found the first thing that Governments do is to notify the banks and send sample copies. Then the Police again they send sample copies if they have found enough. But he banks always with out exception get at least one copy so their staff can see the difference. And while I hate to feed the current paronia what would stop a forigen Government from producing anothers countries currency to destroy that countrys after all both the Germans and British did it durringWW2.

Collapse -

As far as the Holographic

by HAL 9000 Moderator In reply to That probably a good idea

Well I personally don't think it would be too hard to reproduce it you really wanted to. I will give you an interesting true story abut a susposely uncopiable currency. Here in Australia the Government changed all our folding money from paper to plastic a few years ago 1 it was cheeper to make 2 it was cheeper to use as it lasted longer and 3 it susposelly had an uncopiable security feature a clear piece of plastic with a watermark in it so you could actually look through at least an area of the money. Anyway 2 weeks after its much publisised launch a 10 year old kid fooling aroung on his fathers company colour photo coppier actually managed to run of several thousand copies and they looked idenical. Now there was no malice here it was nothing more that a kid playing around but it did show just how insecure the currency actually was. It seems the old paper was far harder to reproduce than the new beuat stuff. I actually have a copy of one side of a bank note framed on my office wall where I work "Part time in a bank" So what I say if its possible to so easily reproduce currency then anything that even a company like MS does really dosen't stand a chance. And by the way the original MS bulletin only refered to the front cover of the manaul for 1 difference and there was no mention of the CD. I can only think it was a"perfict copy" and MS didn't want it getting out just how easily they had been beaten.

Collapse -

Acording to a MS paper I recieved

by HAL 9000 Moderator In reply to As far as the Holographic

Yesterday MS has changed the Holographic cover of their CD's for Windows XP again from reading between the lines it appears that these where not as secure as first thought so they have added A Copper face of the Edge to Edge {E2E} hologram CD. {Previously it was aluminum.} They have also "feathered" or soft transition from the copper to an aluminum outer band around the edge of the CD-Rom and the inner mirror band has text in 2 places that switch from Microsoft to Genuine and from Secure to Media when tilted in the light. I haven't actually seen one yet however at least the picture looks good even though it can't show you what they are actually trying to show. But thats the nature of the beast when you rely on photos to replace the real thing. Isn't it?

Collapse -

by djent In reply to Who's responsible for Ope ...

When you submit Linux modifications they are reviewed and tested before consideration for inclusion in the next patch or kernal release. Look at linux.org for more detailed info. MS is extremely paranoid about piracy. the MS version of terrorism.

Collapse -

That's the way it should be

by HAL 9000 Moderator In reply to

Isn't it. After all we don't want someone placing some malicious code into a system of any kind unchecked. Anyway MS still sends out Beta copies for evalution and testing or maybe its just me as I constantly get Betta copies of all of MS OS's for testing/report purposes. MS accepts that you have to go outside your own shop for help sometimes that's why they have Beta rwaleses. But I suspose the point there is why an I helping MS to develope their software without getting paid for it? Or at least acknolledged for my work after all my time is still as valuable as any one at MS who's getting the big bucks for writting the code in the first place. Lets face it where being used as nothing more than the preverbial Lab Rat by MS when they give usBeta versions but we still play with them don't we! Anyway the day I'm not interested anymore it will be time to give it all away.

Back to Security Forum
18 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums