Open-Source versus Closed-Source Sytems

Open-Source Systems versus Closed-Source Systems

Contributed by Ahmad Basha <perl_79 AT yahoo DOT com> to EnderUNIX (13 September 2001)

    In this article, I will try to talk generally about Open Source versus Closed
Source systems. But when I have to give examples, I will stick to windows 2000
server as one of the leading closed source systems and GNU Linux system as one
of the very common open source systems.

Bug Free:
    Closed Source Operating Systems don't reveal their source code; as a result the
only people who can debug the source code are some of those who work in the
company. The debugging process depends on the policy of the company and how much
the company is ready to pay - both time and money - for debugging. The budget
for the debugging is always limited.

    The Open Source systems, as the name indicate, make all their source code
available to the public. Every one who knows enough programming skills, and is
willing to read the source code, can debug it. In fact, this makes the debuggers
numerous and worldwide. They read the source and debug it for their own reasons:
maybe to help the Open-Source community or to learn or even to make their own
personalized version of the product; the possibilities are limitless. As the
debugging process gets this much world-wide spread, the Open Source products
become relatively bug free.

Exploits:
    Severe exploits that allows remote or local users to hack the machine are
discovered in closed source operating systems. When such an exploit is
discovered, users will have to wait for the company to release a patch; this
process is usually slow and takes months. So in the meantime, all the users of
the vulnerable "closed source" operating system will suffer this vulnerability
for the time being. For example, IIS exploit allows a 13 year old kid to hack
into Windows NT 4 and 2000 servers!

    Open source operating systems might be vulnerable as well - maybe not as much as
the closed source systems. But what will happen if such an exploit is found?
Many the open source community will run to help. Patches are released faster
than you can imagine; in a matter of days or even hours.

Price:
    Not only that you have to pay for the OS, but also for all the add-ons. For
example, when I installed windows 2000, I wanted to install a firewall too.
After some searching on the net, I found out that all good firewalls cost great
amounts of money that I am not ready to pay. Of course, I can not use something
as limited as Zone Alarm to secure my windows 2000 server!! Then when it comes
to IDS (Intrusion Detection Systems), the situation just got worse. Any of the
known and effective IDS solutions are available for large amounts of money that
I am not ready to pay.

    On the other hand, I didn't face this problem with my Linux system. Actually I
had found a lot of firewall solutions under GNU license. I know that if I read
enough on the internet, I will be able to install my highly secure firewall. And
about IDS, there are plenty too that are free of cost. And now the latest
firewall technology is being ported to the GNU Linux kernel; kernels versions
2.4.x have support for stateful firewalls which renders your system more
intelligent.

Trust:
    After installing Windows 2000 Server, I knew that there are many encryption
solutions embedded in it. Actually encrypting a file is embedded in a right
click! I even installed the "128 bit high encryption pack"... but wait a minute,
I don't trust MS. Actually, I have read many articles talking about backdoors in
MS Windows and MS products. I feel afraid especially that what I am installing
is a closed source program.

    If we return to the Open Source community, well we have literally 10's of very
good encryption packages. I will name a few GPG, CFS, PPDD, etc... I can trust
these packages although I am neither a programmer nor a cryptanalyst. You might
be asking why I would trust them then. because if there were any single backdoor
in such packages, then one of the Open Source encryption gurus will find it and
announce it.

Control:
    In Closed source systems, since you don't have the source code, then you will
never know what you have on your machine! Actually you have to trust MS or Sun*
or any of these proprietary companies on your life.

    In Open source systems, the whole thing is much more under your control. If the
entire source is at your finger tips, then you have bigger control. Now you can
read the source for yourself and make your own changes (supposing that you are a
skillful programmer). I have seen programs altered for particular reasons and
made available over the net.

* Lately Sun has released the source code for their Solaris system, but many
countries are not allowed to download it because US states that these countries
are terrorists! So, it is not accessible to great number of vivid programmers
who are willing to learn and contribute.

Friendliness:
In open source systems, you see that many the other users of the community are
friendly and helpful. For example, when I face any problem and can't find the
solution over the internet, all I have to do is to log the IRC server
irc.openprojects.net where I can always find a channel related to my problem. If
you log to sourceforge.net, you will find many great open source projects where
you can either participate in, or just download and use! If you go to
www.linuxdoc.org you will find enough books and how-to to make you a Linux Guru!
Many people who use open source systems, feel that they owe this great community
and want to contribute back - and each contribute on his own way.

    In closed source systems, you cannot expect this kind of help and support.
Actually if you are a windows 2000 server user, then the only real help you can
get is from MS support staff. There are channels and forums and web pages
dedicated to windows 2000 server, but this can't be compared to the help that
you can find concerning GNU Linux for exmample. And NO there is no such thing as
linuxdoc.org for MS products!