comodo antivirus opensource

i think comodo should be open source so more ppl can contribute to its code what do you think

clamav is pretty successful and its open source same goes for firefox

if comodo av was open source it would almost certainly become the number 1 antivirus

post wether you think it should or should not be open source

why should it? ClamAv is opensource and it’s not the number one.
linux is opensource, but my uncle Bill is still the richest person on earth ;D

That’s a decision for the developers in my opinion, and it seems they have already taken it, presumably for a reason.

ganda, how abt FF, browser which has largest number of loyal supporters; or Keepass, best password manager. And by the way, ClamAV is the best AV for linux machine tho.

linux is opensource, but my uncle Bill is still the richest person on earth ;D
cannot take linux to compare w Bill's ■■■■ coz da ■■■■ nice guy who created linux gav his piece for free, and dat's da purpose of an open-source program.

Open source implies giving the product for free (and many other things whose desirability may be questionable), but giving the product for free doesn’t imply opening the source code (see Comodo).

Making a security application open source is like asking every person in the world to come inside and let you know whether they think your doorlocks secure you well enough. The main problem is that you have no control over who is looking, why they are looking and what they will do with any information they gain from looking.

Open source security = open door policy.

JMHO
Ewen

Oh my, that just reminded me of some hilarious stuff:

http://www.nuklearpower.com/daily.php?date=071009

yeah, i mean M$ windows (not open source,not free) have more users than linux. long live uncle bill :■■■■
Ganda

tru, dats why i said free is a purpose of open-source (or another way: open-source is free). I didn’t say its free, therefore its open-source.

yep, Its better doesnt mean it has mor users…
In order for a product to be popular, it needs mor dan jus quality. Sumtimes we tried burger or chicken w fries in some small foodhouse and regconized: “■■■■, this is a lot better dan McDonald’s or KFC.” but dat small foodhouse is stil there and u mite never see it becomes popular.

Most ops (open-source) is developed and run by some volunteers who obviously dun haf enuf resource to mak their products popular to compete w some closed-source apps which r owned by companies (meaning money and professional).

But Comodo has resource to do so (mak its products become most popular).

However, like ewen said, i’m not sure if its a good idea to mak comodo’s ops.

McDonald’s also started as one small foodhouse, and it was successful because its food was tasty. (EDIT: And apparently because it was fast above all, see here for the facts. The Wikipedia article has MD’s bashing instead of objective information 88) --the editors have placed a warning in it.) And if another small business had the same success, I’m sure its food would become so-so just like McDonald’s. (But perhaps more, uh, sterile. :smiley: )

Most ops (open-source) is developed and run by some volunteers who obviously dun haf enuf resource to mak their products popular to compete w some closed-source apps which r owned by companies (meaning money and professional).

I don’t think it’s only a matter of resources. Of course open source limits the income you can get from a product, because to start with you won’t be able to sell it outright. But you can have other sources of big buck income (like Mozilla Corporation or Sun’s and IBM’s involvement with OpenOffice). Sometimes open-source is a ■■■■ good idea even with big resources. Well it’s true that theoretically you could always hire all the helping hands you may get from the community, but still.

This is an example, it’s not about a program but about formats:

http://www.opendesign.com/membership/sustain.htm

Many big business are members of the Open Design Alliance. When AutoCAD became so popular, other vendors were forced to work with its format if they wanted a piece of the market. So they ended up forming a foundation (actually a non-profit corporation) whose purpose was basically to ■■■■■ AutoCAD’s format! :slight_smile: This benefits all the members of the alliance, and in the end the customer who will get to choose from more programs than just AutoCAD (what is really nice for 3D CAD). (BTW AutoCAD now also has its own open format along with the closed one.)

Since the issue of open source security arises now and then, I just added a link to the cartoon to my signature… :stuck_out_tongue: ;D

Security by obscurity does not work
The evil people you are referring to are going to have a go at the
code of any security-software they can get their hands on and most of them wont tell about it,
just exploit it. better to make it easy for the real hacks to look at the code as they will tell
about their findings (or even provide solutions)

Your equation is just wrong : what is safest ? Open Source software running on open-source OS
or closed source software running on closed-source m$-OS ?
When was the last time you heard a Linux-user complain about viruses,worms and spyware ?

Malware, in whatever form, is now about commercial gain. They attack Windows because Windows is the dominant platform and provides the greatest potential gain. As soon as Linux becomes simple enough for Mr. and Mrs. Average to install, use and administer and it gains sufficient penetration, some of the malware focus will shift to it.

Whether we like it or not, an intrinsic part of security is obscurity. The very nature of security is based around a need-to-know. Those who need to know - do. Those who don’t - are obscured.

On our 3500-odd seat LAN at work, there are only 19 people who have the big picture on how our IT security is strung together. The lowest level of users are aware that there are security measures in place, but don’t understand it. They don’t need to understand it, nor should they have to.

In a perfect world, everything would be open. Similarly, I would be tall, thin, handsome, rich and perpetually youthful. :wink:

Cheers,
Ewen

Open to be audited.
Obscure to be obscure.
Security - code, architecture.

About CAVS - this is really up to them, not users.

the reason why people like open source is cos the source code is open to review etc…

now

1)How many users review the code? (I mean, how about the person who wants CAV open source, would you review the source code and know and extract if anything is

2)Whose word should one trust when reviewing open source code? Is there a central authority who reviews open source and says there is nothing wrong in it? How about competitors disgusied as reviewers knocking the sofware?

Don’t get me wrong, i do support open source, however open source does not mean lets get everything open source. It has its uses, like ability to start projects by getting volunteers to help write code etc, however taking an already developed code making it open source, especially when we have our own developers and resources.

Melih

One of the main reasons LINUX has fewer viruses is that obviously if you are trying to attack a software/OS you a going to attack a software/OS that is in greater use thus a greater opportunity for your virus to spread. This is true especially in the case of bots where greater volume means greater power for Spam and DOS attacks.

I too fully support open source. It gives greater variety in development and is a great opportunity to learn how things work. However, I agree with Panic that Open source security is closer to an open door policy.

I would rather it is necessary to work a little to find the possible back doors and open windows

From my experience Comodo is a lot more open with info than many vendors

OD

In the end the licensing model doesn’t imply whatsoever form of security. If I have to guess the security of a software is bound to the coding standards, the procedures, the skills of developers, financial support and the quality and number of the community.

I read few anti-closed source statements elsewhere on this forum but I found one of those particularly disturbing because it goes along these lines: “If you have nothing to hide let us look at it”

As for opensource, code-availability has many good points but it does not really make a software more secure. Anyway if a closed source software is written by unskilled developers it would be far more difficult to tell that it would be for an opensouce one.

But if we have to use a real scenario Firefox javascript engine had 280 flaws. Those flaws were not discovered looking at the code but using a fuzzer.

Fuzz-testing is a technique to discover flaws commonly used to test closed source security.

  • Is opensource always free? Nope it is NOT. Many good opensource projects charge for support (sounds fair to me :)) or grant few privileges to paying members.

  • Is opensource always secure? Nope it is NOT. Many good opensource projects involve financial support from big corporations and involve professional skilled (paid) programmers. Does opensource imply this?

From a technical standpoint opensouce it is only a licensing model (business) but it is true that it was born to comply with a knowledge ethics insight (philosophy): what truly opensource endorse is knowledge sharing and collective intelligence and the binary (software) is a by-product of this process. All opensource projects range from these two ends: business and philosophy.

Is an end-user really interested in them 88)?

Gibran, i agree with you on a point, as i said security is code and architecture, not licensing as you put it.
But, a whole confusion arises when you say in the last big paragraph open source. What matters to me the most is the concept of free software, not open source.

Melih, how many users review the code? Common. It will depend on how attractive the project is. But does that question make sense i ask you?
About the central authority,

2)Whose word should one trust when reviewing open source code? Is there a central authority who reviews open source and says there is nothing wrong in it? How about competitors disgusied as reviewers knocking the sofware?
Melih this is a community, it takes a complex answer for that question. I shouldn't need to provide one anyway... But i'll give you a quick one: should i trust your digital signatures? Do you review every single one of them? How? And so on. No matter what answer you give me, i'm telling you it's never as good as why i should trust popular free software. Ever. I'm not implying anything concerning Comodo's database, i'm putting it in your own terms though.

This comment seems like a fully indirect agreement to me ;D
I never said that security is a licensing model but opensource is a licensing model and security could not be considered an intrinsic quality of a licensing model. Regarding the points in my last paragraph I could develop them more thoroughly if you would like it and you’ll open a new topic about Opensource. Anyway if you account of opensource innermost philosophy you should consider the software only a byproduct. If you account of a business standpoint there is a marketing hype and an available codebase to adapt to suit your needs, plus the joint efforts will cut your costs ;D.

An internet page is really an example of opensource :wink: every browser has a source viewer, how many users are looking at the code?
Do they really complain if a site is using some nonstandard proprietary construct?
How many opensource-funding corporations rely only on opensource? Do they opensource all their products? Why is that?

Pedro

I would find it difficult that there will be many people who will review the code for security for open source projects. What kind of security background do those reviewers have, If they have reviewed it thoroughly, why can’t they spot the vulnerabalities that the hackers find (case in point: Firefox: it has as many security patches as IE, don’t get me wrong, I do like FF).

The problem with Community, is there are no standards for inflitration by malicious people, what protection is there to foil these? (case in point: web of trust… you can easily create a web of trust for fake people).

as to our own certificates: Actually, I initiated a new standards committee in May 05 now called www.cabforum.org this has created even a stronger standard as to how an applicant should be vetted, so yes we do have very high level of standards, we get audited regulary and we are webtrust compliant.

Melih

No, now i see i wrote it wrong. I was really agreeing with you, directly. :slight_smile:

I’m telling you, i care for free software more than open source!

They are the same as for proprietary regarding popular software, and more regarding the rest, since they contribute and help each other BUILDING IT.

It’s not like “poor little community, all alone and lost”. The problems that could exist are the same as with proprietary. I actually think it’s worst in proprietary software (in this extreme thinking!)

Before anything else, good luck for you Melih :slight_smile:
Reply : Debian. BSD. Arch. etc. ;D

Pedro

(maybe we do need a separate topic, but honestly i don’t see the point for the whole CAVS open source or not Q, that’s not an answer for me to give naturally)