[ale] [OT] good FREE windisease anti-virus software (Thanx!)

Geoffrey lists at serioustechnology.com
Wed Feb 17 06:59:09 EST 2010 

Michael B. Trausch wrote:
> On 02/16/2010 02:46 PM, m-aaron-r wrote:
>> -- The most trustworthy software choices will be those that
>> are  OPEN SOURCE, where the author(s) have publicly
>> published the source code for their products such that ANY
>> programmers, peers or users can readily see if there are any
>> serious errors, vulnerabilities or malicious components in
>> their programs.  An additional strong indicator that an Open
>> Source program is trustworthy is when it is distributed at no
>> cost (free) or with payment on the honor system at the user's
>> discretion (shareware) or with request that payment be
>> honored by donating to a charity (donation-ware).
>>   
> I cannot say that I agree with this statement as is.  For starters, you 
> mention open source here.  The qualification is something that is nice, 
> but most people have a tendency to not look past labels, and if 
> something is labeled open source, they'll take that for what it is (and 
> let's also not forget that open source software, even completely 
> redistributable open source software, is not always free).
> 
> Now, I will tell you that there is a whole suite of software on my 
> computer that I trust.  I trust GNU's coreutils, because I have used it 
> for years, and I have never known it to do anything wrong.  But that 
> does not mean that I trust it absolutely.  I cannot trust it 
> absolutely—I have neither read (all of) its source code, nor do I know 
> any one individual whom I trust who has.
> 
> Just because free software has the source code available to read does 
> not mean that it has been read.  I am willing to wager that there is not 
> one single person on this mailing list that has audited every single 
> line of code that is running on their system.  Or, for that matter, 
> every single line of core system code that runs either at ring 0 or with 
> UID 0 privilege, which while smaller, is still a very large amount of 
> code to audit through.  Trust requires knowledge.

I don't think that is Aaron's point.  The point is, OTHER developers 
have peer reviewed the code.  You don't get code into the kernel without 
it be reviewed by other folks.

> This is the premise, of course, behind certain types of trust models.  
> The reason that companies do not adopt brand-new software (and 
> especially just-released operating systems outside of testing 
> situations) is because they have no reason to trust it.  Like it or not, 
> Windows XP is a lot more trustworthy than Windows 7 is, because more 
> people know it better.  The same can be said of an LTS release of 
> Ubuntu, one year after it is released compared to the LTS+2 release that 
> just came out.

The number of people who have reviewed XP and/or Windows 7 source is 
still extremely limited because of it's non-open status.

> It's of course a difficult subject to adequately address, but it is one 
> that requires some pretty careful and in-depth thought.
> 
> On the flip side of the coin, it is entirely possible for non-free 
> software to be completely trustworthy.  Just as it takes time to trust 
> free software that is running on a computer system and for whatever 
> purpose the user has for using it, it takes time to trust proprietary 
> software.  Of course, it is harder to trust proprietary software, since 
> we can not look into it and see how things are done inside of it.  Or at 
> least, we can, but not in pure source code form.  After all, we can 
> always disassemble code to see what it does, and if we have issues 
> trusting it, there is no better way to gain trust than to do that.

I am a whole lot more comfortable with open source.  Just the fact that 
I have the opportunity to review the source is a comfort to me and has 
to be some incentive to the developer NOT to try to hide something nasty 
in there.

-- 
Until later, Geoffrey

"I predict future happiness for America if they can prevent
the government from wasting the labors of the people under
the pretense of taking care of them."
- Thomas Jefferson

More information about the Ale mailing list