Linked by Thom Holwerda on Wed 5th Jan 2011 22:09 UTC
Windows And this is part two of the story: Microsoft has just confirmed the next version of Windows NT (referring to it as NT for clarity's sake) will be available for ARM - or more specifically, SoCs from NVIDIA, Qualcomm, and Texas Instruments. Also announced today at CES is Microsoft Office for ARM. Both Windows NT and Microsoft Office were shown running on ARM during a press conference for the fact at CES in Las Vegas.
Permalink for comment 456276
To read all comments associated with this story, please click here.
RE[6]: BC
by lemur2 on Fri 7th Jan 2011 01:18 UTC in reply to "RE[5]: BC"
Member since:

"The problem is that almost all malware is also distributed as closed-source binary executables only, and that (being closed source) there is no way that anyone other than the creators of any given piece of such software can tell the difference. No amount of user education will change the fact that no-one (other than the authors of the software) can tell if a given closed-source binary executable does or does not contain new malware.

And that is why you get the software from the original author, and guess what ... if you educate someone to always get the software from the original author ... mmmmm.

The point is that if the original author is a malware author, then even going to the trouble of getting software directly from the original author won't prevent it from containing malware.

Furthermore if someone is so uneducated as to how to to avoid threats how will it being open source help ???

It is a matter of adopting a self-imposed policy. Linux distributions all maintan repositories of source code, and parallel repositories of binary executables compiled from that source code. Anyone at all can download the source code and verify that compiling it produces the corresponding binary executable. This means that people who did not write the code can nevertheless see what it is in the code, they can compile it for themselves to verify the integrity, and they are users of that code on their systems.

Any user adopting a elf-imposed policy of only installing software directly from such repositories is guaranteed to never get a malware infection on his/her system. There is a very long history of vast amounts of open source software delivered via this means which proves this claim.

A malware author can just offer an "alternative download source" and stick a key logger in there for example ... having the source won't help because the uneducated simply won't know any different.

Yes, it will make a difference. Every single user doesn't need to know how source code works, just one user needs to download the source code and discover the keylogger within it, and "blow the whistle" on that code. It can then be added to a blacklist for all users. It only takes one person to spot the malware, out of millions of users.

Also you obviously haven't heard of a checksum then? They use this on Unix/Linux Binary packages as well and also can be used on any file to validate it's integrity.

Certainly. If you use a checksum to verify that you have downloaded a closed source binary package (even directly from the original author) correctly, and the original author did deliberately include malware within that software, then all you have managed to do is confirm that you have a correct copy of the malware-containing package.

For example I remember Windows XP service pack 1 having a checksum key on in the installer properties ... if this didn't match what Microsoft had you had a duff/dodgy download.

Fine. I don't claim that this is not the case, and I do acknowledge that there is a great deal of perfectly legitimate closed-source non-malware software out there for Windows. Windows XP service pack 1 would be one such piece of software, no argument from me. So?

"BTW ... my agenda is merely to point out facts such as these to everybody, so they can make good decisions for themselves regarding which software they choose to run on their hardware. I make absolutely no apology for this agenda.

The thing is you "facts" aren't facts.

Oh yes they are. Each and every one of the claims I have made in this discussion is a verifiable fact.

They are opinions from someone that IMO doesn't really have any practical experience of developing or deploying software.

I am a project engineer by profession, leading projects which develop and deploy bespoke software. I have many years of experience. We supply source code to our customers.

Unless you work directly in the software industry as a developer or a manager for a development team you simply don't understand the landscape and the issues that developers face.

OK, so? I do happen to have many years of engineering experience at leading development teams.

Also you are biased in thinking that open sourcing everything is a cure to all software problems. This IMO couldn't be further from the truth.

You are of course as entitled to your opinion as I am to mine.

BTW, I have made no claim that "open sourcing everything is a cure to all software problems". That is your strawman argument. My claim here is only that users who stick to a self-imposed policy of only installing open source software will be guaranteed that their system never is compromised by malware. If you are going to argue against what I am saying, then this is what you must argue against. Friendly advice ... don't make up something I did not say, and argue against that ... doing that will get you nowhere.

"What exactly is your agenda in trying to disparage mine?

Because I think you are biased and do not presents the facts fairly.

And I think you are even more biased, you have no idea how to assess technical matters, and you simply do not heed what experienced people are telling you. How does this help the actual discussion?

Edited 2011-01-07 01:34 UTC

Reply Parent Score: 2