The Standard Group Plc is a multi-media organization with investments in media platforms spanning newspaper print operations, television, radio broadcasting, digital and online services. The Standard Group is recognized as a leading multi-media house in Kenya with a key influence in matters of national and international interest.

Standard Group Plc HQ Office,
The Standard Group Center,Mombasa Road.
P.O Box 30080-00100,Nairobi, Kenya.
Telephone number: 0203222111, 0719012111
Email: [email protected]

NEWS & CURRENT AFFAIRS

The Nairobian

Is open source software safe for your computers?

Financial Standard

By The Standard Business | Aug 10, 2010

By Irene Warui

The IT department where my friend Tina works won’t let him use open source software because they believe it’s a security risk. Is it?

No. If anything, open-source software has the potential to be safer. Not that it always is, of course.

An open-source programme is one whose source code is open to anyone who wishes to study it — or improve upon it. Open-source software is usually free and often public domain. Popular open-source programmes include Linux, OpenOffice, and a programme you’re quite likely using to go about your Internet searches: Mozilla Firefox.

I might also add that two of my favorite security programmes, Password Safe and TrueCrypt, are open source. I wouldn’t trade them for anything.

Keep Reading business

At first glance, this seems counter-intuitive. If any hacker can read your code, why can’t they use that knowledge against you? Think of what the Rebel Alliance did with the Death Star plans in the original Star Wars.

source code

Reality and Star Wars don’t always coincide. When everyone has access to the source code, a great many experts are able to examine that code thoroughly and determine if it really is secure. That’s prohibitively expensive if the only people with access to the code are on the payroll. And it is not as if closed-source programmes are especially secure. People find exploits in Windows all the time.

Back in 1999, security expert Bruce Schneier wrote that "Public security is always more secure than proprietary security.

But to cyber security experts, open source isn’t just a business model; it’s smart engineering practice."

So organisations should not be too hard on their IT department. They have to approve every programme put on company computers, and checking out new programmes is time-consuming.

Open-source or not, they don’t want programmes on their PCs that they haven’t vetted, and they don’t have time to research or test everything.

Besides, they may have to answer to executives who think that k is an effective password.

The writer ([email protected]) is Sales Accounts Manager with Isolutions Associates, a Network Security Consultancy Firm.