There are also reports of quite serious bugs in some commercial products, as in big-iron O/S: VM was reported (check comp.risks) to have a serious security related flaw; VM and MVS had a utility program (the name of which I don't recall) which bypassed all system security. Potential buffer overflows are pandemic in C code.

Dave Marcus of McAfee has a vested interest in both bashing Linux (and FreeBSD, OpenBSD, and NetBSD): his company's market is basically Windows machines (especially those where IE is the primary web browser and Outlook the primary email application).

In response to pcomitz@gmail.com:

Yes, some of the relative invulnerability of Linux and *BSD to malware is relatively low penetration in the marketplace. Quite a bit is due to Windows' flawed security model, where normal desktop use requires write access to some fairly critical system files, such as the registry (this is were most apps keep information such as the last few files opened, default folders, etc), and installing any kind of software requires write access to the equivalent of /usr/bin.

Major open source products are deferent - it is a joy for software engineer to work with it because of consistent design. You really need just source code to understand how it works! People try hard to have pleasure working with it and they succeed :)

Bugs and malware - it just comes unnoticed for commercial products, for years probably.

Open-source giant's are a bit scared of, but they will have to fear more as the time passes by and open-source becomes more easy to use.

Open source has nothing to do with malware, but priced software "mostly has". If the big boys tell the truth "they software has bugs" malware programers woldn't have a point to prove by making malware.

I don't believe if ever they say they don't use open source snippets in their software development. So that mean, they are creating malware to be able to sell their software to cure those malware created/developed with using open source...
(Catch 22 eh!)

Plus when the time come to beta test their software, why they turn to the open source programmers (mainly) and ask their help to test these software.

I wish I had a chance to talk face to face those who believe open source is a source for malicious software (malware)
Curse on you who believes that...
Angry again

but then again
Happy coding
Al

The reason root kits, virus technology and malware proliferate is that the subculture of developers collaborate. The method of collaboration is funamentally DIFFERENT to open source - as a lot of the collaboration is done using ADA! (Disassembler)

All the same - there exists for malware a community which shares ideas, supports each other and examines each other's work. This community-centric focus is what propels ALL HUMAN INVENTIVENESS - not just the Open Source community. Look at painters of the renaissance, or jazz musicians of the 50's. They form a community and have a collaborative process for development and ingenuity.

Its also important to look at the flipside - what makes Open Source is not just collaboration - its also a specific organizational structure, a peer reviewed development process and most importantly a specific licensing structure (of which there are many dialects - but the premise is the same).

So, yeah - flawed logic does annoy me. People need to spend some time looking at the deeper truth instead of going for buzzwords to make a headline.

Open-source is not the origin of malware or virus, or any other, look-a-like stuff. Malware developers are mostly kid's that read something on the internet and figured out how to to write a vrius, or something like that. I do develop software under GNU GPL, but I dont develop malware. The internet was maded to share ideias not to make virus, for me the triky part on this is that "malware creators" evaluate the efect of their "software" my the impact it causes on the media. Giving malware to much "impact" on the news gives motive for other malware developer's to develop.

In my humble opinion open-source has nothing to do with malware.