Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Permalink for comment 430044
To read all comments associated with this story, please click here.
Member since:

How many times have I heard that just because something is open source that it's automatically more secure than closed software? I can't even count how many times that particular story gets tossed about, and this at least should put an end to it at least for those who can think critically. It doesn't matter if your software is foss or not if someone gets into your server and puts a backdoor in it, pure and simple, and for the casual user there is no security difference between open and closed source.

I don't know who was actually telling you that, but if they did they got the story wrong.

The method that distributions employ to provide a guaranteed malware-free set of packages involves not only inspection and testing of the source code as it is accepted into Linux distribution repositories, but it also involves GPG signing of packages and package managers on the user's computers to install packages.

None of the latter were involved in this UnrealIRCd incident. Being open source alone is not enough, and this incident highlights that fact very well indeed.

The only system with an impeccable record of delivery of malware-free software to end user's systems is open source software delivered via distribution repositories and package managers.

Edited 2010-06-15 02:59 UTC

Reply Parent Score: 2