Linux Today: Linux News On Internet Time.

LinuxWorld: Open source closes backdoors - Security through code obscurity provides false confidence

Nov 12, 2000, 17:17 (0 Talkback[s])
(Other stories by Nicholas Petreley)

"Microsoft denies that the _NSAKEY provides the National Security Agency with a backdoor to Windows files, and reassures customers that the recent crack of its network does not endanger Windows security. But unless Microsoft opens the source code for Windows so we can see for ourselves, we can never really have confidence in Windows security again."

"[W]hen a software company will not make the source code for a product available, one must put one's faith in something called security through obscurity. The argument for security through obscurity is simple. If crackers could get to the source code, it would be easy for them to find ways to exploit weaknesses in the product."

"While that sounds like a logical argument, it is easily refuted. If you are not already convinced by the numerous Windows, Internet Explorer, and Microsoft Outlook exploits, then pay a visit to Game Copy World (see Resources for a link) sometime. You'll see just how easy it is for people to break the copy protection for games without having to see the source code. The site often publishes copy protection workarounds the same day a game is released. (By the way, I believe Game Copy World is actually providing a legitimate and valuable service. As someone with young children, I can confirm the need to make backup copies of games that get scratched and ruined by reckless little fingers.)"

Complete Story

Related Stories: