ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Open Source and security
rmorey


Joined: 17 Nov 2006
Posts: 1
Location: CT
Reply with quote
Just curious, but how secure is a virus protection program if the source is public domain?
Couldn't someone figure out how to evade virus detection by looking at the source?
And couldn't someone secretly make open source programs malicious?

Sorry if these are obvious questions. I get paranoid about viruses (viri?) and trusting other people's software.

RM
View user's profileSend private message
Is Public Domain Secure?
GuitarBob


Joined: 09 Jul 2006
Posts: 4370
Location: USA
Reply with quote
"Just curious, but how secure is a virus protection program if the source is public domain? "

That's a good question. I'm just a plain ole PC user that started with McAfee Antivirus back in 1988, and I don't know the definitive answer, but I have an opinion. I've been interested in computer security ever since then. Until ClamAV/ClamWin there doesn't seem to have been very strong open source movements in the antivirus field--although McAfee was "shareware" when it started.

Opinion: open source is just as secure as the "other" antivirus stuff. Some of the open source people say the fact that they get input from the community makes their products better. I expect that anyone who wants to go to the trouble and has the knowledge, resources and the motivation to do so can look into the code of the other stuff as well. For the moment, ClamAV/ClamWin may be fairly secure from the "bad guys" because of their much smaller user base (and visibility)." In addition, the ClamAV people seem pretty responsible to covering "exploits" in their product. I would also point out that you recently had "exploits" publicized in Kaspersky and other antivirus stuff as well. Finally, just as the virus writers are one step ahead of the antivirus writers in viruses, the Clam teams can be one step ahead of the virus writers in protecting/securing/hardening their installed antivirus products. the Clam teams can develop protective measures that the virus writers have to see before they can attack. For instance, I saw that Grisoft had renamed one of the files in its AVG antivirus product to "harden" it so the virus writers couldn't depend upon the name in writing any "exploits" against it.

Just my opinion.

Regards,
View user's profileSend private message
Open Source and security
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic