comodo antivirus opensource

[Guest]

[gibran]

In the end the licensing model doesn't imply whatsoever form of security. If I have to guess the security of a software is bound to the coding standards, the procedures, the skills of developers, financial support and the quality and number of the community.

I read few anti-closed source statements elsewhere on this forum but I found one of those particularly disturbing because it goes along these lines: "If you have nothing to hide let us look at it"...

As for opensource, code-availability has many good points but it does not really make a software more secure. Anyway if a closed source software is written by unskilled developers it would be far more difficult to tell that it would be for an opensouce one.

But if we have to use a real scenario Firefox javascript engine had 280 flaws. Those flaws were not discovered looking at the code but using a fuzzer.

Fuzz-testing is a technique to discover flaws commonly used to test closed source security.

• Is opensource always free? Nope it is NOT. Many good opensource projects charge for support (sounds fair to me ) or grant few privileges to paying members.
  
• Is opensource always secure? Nope it is NOT. Many good opensource projects involve financial support from big corporations and involve professional skilled (paid) programmers. Does opensource imply this?

From a technical standpoint opensouce it is only a licensing model (business) but it is true that it was born to comply with a knowledge ethics insight (philosophy): what truly opensource endorse is knowledge sharing and collective intelligence and the binary (software) is a by-product of this process. All opensource projects range from these two ends: business and philosophy.

Is an end-user really interested in them ?

[Pedro*]

Gibran, i agree with you on a point, as i said security is code and architecture, not licensing as you put it.
But, a whole confusion arises when you say in the last big paragraph open source. What matters to me the most is the concept of free software, not open source.

Melih, how many users review the code? Common. It will depend on how attractive the project is. But does that question make sense i ask you?
About the central authority,

2)Whose word should one trust when reviewing open source code? Is there a central authority who reviews open source and says there is nothing wrong in it? How about competitors disgusied as reviewers knocking the sofware?

Melih this is a community, it takes a complex answer for that question. I shouldn't need to provide one anyway...
But i'll give you a quick one: should i trust your digital signatures? Do you review every single one of them? How? And so on.
No matter what answer you give me, i'm telling you it's never as good as why i should trust popular free software. Ever.
I'm not implying anything concerning Comodo's database, i'm putting it in your own terms though.

[gibran]

Gibran, i agree with you on a point, as i said security is code and architecture, not licensing as you put it.
But, a whole confusion arises when you say in the last big paragraph open source. What matters to me the most is the concept of free software, not open source.

This comment seems like a fully indirect agreement to me
I never said that security is a licensing model but opensource is a licensing model and security could not be considered an intrinsic quality of a licensing model. Regarding the points in my last paragraph I could develop them more thoroughly if you would like it and you'll open a new topic about Opensource. Anyway if you account of opensource innermost philosophy you should consider the software only a byproduct. If you account of a business standpoint there is a marketing hype and an available codebase to adapt to suit your needs, plus the joint efforts will cut your costs .

An internet page is really an example of opensource every browser has a source viewer, how many users are looking at the code?
Do they really complain if a site is using some nonstandard proprietary construct?
How many opensource-funding corporations rely only on opensource? Do they opensource all their products? Why is that?

[Melih]

Gibran, i agree with you on a point, as i said security is code and architecture, not licensing as you put it.
But, a whole confusion arises when you say in the last big paragraph open source. What matters to me the most is the concept of free software, not open source.

Melih, how many users review the code? Common. It will depend on how attractive the project is. But does that question make sense i ask you?
About the central authority,Melih this is a community, it takes a complex answer for that question. I shouldn't need to provide one anyway...
But i'll give you a quick one: should i trust your digital signatures? Do you review every single one of them? How? And so on.
No matter what answer you give me, i'm telling you it's never as good as why i should trust popular free software. Ever.
I'm not implying anything concerning Comodo's database, i'm putting it in your own terms though.

Pedro

I would find it difficult that there will be many people who will review the code for security for open source projects. What kind of security background do those reviewers have, If they have reviewed it thoroughly, why can't they spot the vulnerabalities that the hackers find (case in point: Firefox: it has as many security patches as IE, don't get me wrong, I do like FF). 

The problem with Community, is there are no standards for inflitration by malicious people, what protection is there to foil these? (case in point: web of trust... you can easily create a web of trust for fake people).

as to our own certificates: Actually, I initiated a new standards committee in May 05 now called www.cabforum.org  this has created even a stronger standard as to how an applicant should be vetted, so yes we do have very high level of standards, we get audited regulary and we are webtrust compliant.

Melih

[Pedro*]

This comment seems like a fully indirect agreement to me
I never said that security is a licensing model but opensource is a licensing model and security could not be considered an intrinsic quality of a licensing model.

No, now i see i wrote it wrong. I was really agreeing with you, directly. 

Regarding the points in my last paragraph I could develop them more thoroughly if you would like it and you'll open a new topic about Opensource.

Anyway if you account of opensource innermost philosophy you should consider the software only a byproduct. If you account of a business standpoint there is a marketing hype and an available codebase to adapt to suit your needs, plus the joint efforts will cut your costs .

I'm telling you, i care for free software more than open source!
http://www.gnu.org/philosophy/free-sw.html
http://www.fsf.org/licensing/essays/free-sw.html

Pedro

I would find it difficult that there will be many people who will review the code for security for open source projects. What kind of security background do those reviewers have, If they have reviewed it thoroughly, why can't they spot the vulnerabalities that the hackers find (case in point: Firefox: it has as many security patches as IE, don't get me wrong, I do like FF). 

They are the same as for proprietary regarding popular software, and more regarding the rest, since they contribute and help each other BUILDING IT.

The problem with Community, is there are no standards for inflitration by malicious people, what protection is there to foil these? (case in point: web of trust... you can easily create a web of trust for fake people).

It's not like "poor little community, all alone and lost". The problems that could exist are the same as with proprietary. I actually think it's worst in proprietary software (in this extreme thinking!)

as to our own certificates: Actually, I initiated a new standards committee in May 05 now called www.cabforum.org  this has created even a stronger standard as to how an applicant should be vetted, so yes we do have very high level of standards, we get audited regulary and we are webtrust compliant.

Before anything else, good luck for you Melih 
Reply : Debian. BSD. Arch. etc.

Pedro

(maybe we do need a separate topic, but honestly i don't see the point for the whole CAVS open source or not Q, that's not an answer for me to give naturally)

[gibran]

I'm telling you, i care for free software more than open source!

I see ... that's a sublte teminology difference All members interested in this difference please read Why "Free Software" is better than "Open Source".
Using my previous explanation "Free Software" (using Free Software Foundation meaning) is based on a knowledge ethics insight (philosophy) as it focus on knowledge sharing and collective intelligence. As Free Software Foundation is more biased toward philosophical implications its latest licensing model (GPL3) imposed very strict requirements and many projects will not endorse it.

Anyway any further discussion on Opensource specific aspects should be moved in the general section with an appropriate title and cross linked.
So it will provide an useful resource for all members (present,past and future ones)

[Busyfingers01]

tru, dats why i said free is a purpose of open-source (or another way: open-source is free). I didn't say its free, therefore its open-source.
yep, Its better doesnt mean it has mor users...
In order for a product to be popular, it needs mor dan jus quality. Sumtimes we tried burger or chicken w fries in some small foodhouse and regconized: "damn, this is a lot better dan McDonald's o

 

(:NRD)how do i download the anti-virus???help the buggs are nipping at my feet<><>

[ganda]

(:NRD)how do i download the anti-virus???help the buggs are nipping at my feet<><>

hi busyfingers01
what AV do you mean?

[panic]

(:NRD)how do i download the anti-virus???help the buggs are nipping at my feet<><>

Comodo Anti Virus and Spyware version 2.X can be downloaded from antivirus.comodo.com.

Please be aware that it is still a BETA and, as such, should not be used in a production environment unless you are fully aware of the ramification of doing so and are prepared to accept any consequences.

Cheers,
Ewen :-)

[Tags:]