Commercial vs. Open Source

Discussion of non-phpBB related topics with other phpBB.com users.
Forum rules
General Discussion is a bonus forum for discussion of non-phpBB related topics with other phpBB.com users. All site rules apply.
User avatar
Stallyon
Registered User
Posts: 270
Joined: Sun May 23, 2004 6:40 am
Location: Brisbane, Australia
Name: Chris Bell
Contact:

Commercial vs. Open Source

Post by Stallyon » Fri Jun 23, 2006 11:15 pm

I saw some interesting dribble over on IPS's official forums. They are saying "commercial is far more secure". I'd like to challenge that.

They are basicly bagging phpBB2/3, saying it's a buggy piece of garbage, full of exploits that can be hacked by children. I realise at this forum, bagging other software is against the rules. I asked them why they don't have that rule and they said because its a superior product and everyone knows so its OK to bag phpBB. *coughs* Anyhow .. back to the subject ...

Do you agree that commercial software is far more secure than Open Source or GPL software? They argue that because they pay a dedicated team of bug removers and exploit finders that it's more secure.

I offered them the Windows / Linux comparison.

Whats your thoughs on this far out claim? Which is generally more secure and bug-free when a product goes Gold? Commercial or Open Source?

P.S PLEASE don't turn this into a slagging match between software.

User avatar
MHobbit
Former Team Member
Posts: 4761
Joined: Thu Mar 18, 2004 5:32 pm
Location: There and Back Again

Post by MHobbit » Sat Jun 24, 2006 12:16 am

I wouldn't say that security, or the lack of it, can be determined by its status of being a commercial or open-source product. (Actually, if you consider RedHat's business model, commercial is not necessarily separate from open-source, unlike the common false dichotomy.) The old security through obscurity belief is flawed; open-source software is not inherently [more] insecure because of being open to the public's eyes.
Former phpBB MOD Team member
No private support is offered.
"There’s too many things to get done, and I’m running out of days..."

Newfie
Registered User
Posts: 221
Joined: Mon Feb 20, 2006 12:08 am
Location: A Canadian Province - guess which one?

Post by Newfie » Sat Jun 24, 2006 12:30 am

An open-source software, like phpBB for example, might even have an extra advantage (example: if the Development Team all quit tomorrow, someone else would likely step up and fix bugs/security holes out of the sheer demand for a reliable phpBB).

Closed-source depends entirely on the company and its own capabilities and strengths (example if Microsoft went on strike for 2 or 3 months, hacker holes would remain open since the source code is unavailable - or the older Windows versions, since MS discontinued support, they are as is).

User avatar
MHobbit
Former Team Member
Posts: 4761
Joined: Thu Mar 18, 2004 5:32 pm
Location: There and Back Again

Post by MHobbit » Sat Jun 24, 2006 12:41 am

Newfie wrote: An open-source software, like phpBB for example, might even have an extra advantage (example: if the Development Team all quit tomorrow, someone else would likely step up and fix bugs/security holes out of the sheer demand for a reliable phpBB).


With closed-source and/or commercial software, the companies could merely hire someone new.
Former phpBB MOD Team member
No private support is offered.
"There’s too many things to get done, and I’m running out of days..."

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Sat Jun 24, 2006 1:06 am

Commercial doesn't necessarily mean the source is closed. Last I checked, IPB hadn't encrypted their source code and neither does vB. However, you are still held to a commercial entity, like you are to Microsoft.

As for security concerns, commercial software is no more protected than open source software. Sure, you have commercial backing, until the company folds. A good example of this is the script called phpImageHost. I purchased a license to setup a website for the purpose of selling image hosting space. However, soon after I purchased a license, the only developer disappeared, leaving the users to fix each others bugs. After a while, he reappeared only to lock his customers out for good.

Closed source software is not going to be safe from exploitation either. Humans still code the software, and therefore make mistakes. It happens. [shameless plug]. In that instance I had 0 access to the source code and yet I found a vulnerability. Other examples are (not mine):

http://securitytracker.com/archives/category/688.html
http://secunia.com/advisories/20153/
http://www.zerodayinitiative.com/adviso ... 6-018.html
http://www.zerodayinitiative.com/adviso ... 6-017.html
http://www.zerodayinitiative.com/adviso ... 6-012.html
http://www.zerodayinitiative.com/adviso ... 6-004.html
http://www.zerodayinitiative.com/adviso ... 6-002.html

Then of course there are a number of vulnerabilities for IPB and vB and others. The point to all of this being that commercial software doesn't make you safer from vulnerbilities, be it software bugs or the company closing up shop.
Proven Offensive Security Expertise. OSCP - GXPN

beatme101
Registered User
Posts: 2866
Joined: Sat Jan 01, 2005 6:20 am
Location: The country cold comes from; Canada.
Contact:

Post by beatme101 » Sat Jun 24, 2006 1:13 am

MennoniteHobbit wrote: With closed-source and/or commercial software, the companies could merely hire someone new.


Usually they do not hire someone new. They just expect everyone who uses their software to suddenly lose all interest in their software and uninstall it and forget about it. I've run into this situation only too many times. For example, Starsiege Tribes. Full of bugs, no longer updated, dev team disbanded. No source code.

User avatar
Stallyon
Registered User
Posts: 270
Joined: Sun May 23, 2004 6:40 am
Location: Brisbane, Australia
Name: Chris Bell
Contact:

Post by Stallyon » Sat Jun 24, 2006 4:08 am

I think it's pretty much for muchness. I just laugh at the idea that commercial is the ONLY way to go. Only reason I run Windows XP Pro is because it only cost me AU$98.00. I also run CentOS 4.3 (on my web server), Gentoo 2006 and Fedora Core 5. The only reason I own both vB and IPB licences is because thats what was wanted by co-owners and customers.

sempai
Registered User
Posts: 58
Joined: Tue May 20, 2003 3:15 am
Contact:

Post by sempai » Sat Jun 24, 2006 4:41 am

Not really, although I'm a not that a techie myself. It depends how many people using the software, you're not going to find that much hidden bugs. Like phpBB, where more than 66,000+ websites using it, one can see something somewhere... When a "free" software becomes so popular like PhpBB, some jealous people wanted to exploit it.

I think commercial is better in terms of support-wise. You may get faster replies. Correct me if I'm wrong, One time, I did seek help on the PhpBB support forum, it takes days instead of hours for someone to reply on my topic - really. :(

Bottomline, there are always pros and cons between Commercial and Open-source. And the web users have the opportunity to balance them.
Dual! Parallel Trouble Adventure Fan Site
http://dualfans.host.sk

cooleo100d
Registered User
Posts: 113
Joined: Wed Sep 03, 2003 7:49 pm
Contact:

Post by cooleo100d » Sat Jun 24, 2006 5:58 am

I think open source would be much more secure. You have a ton of users using the software which means security holes get found promptly, and get fixed quickly because updates can be released whenever.

David Robinson
Registered User
Posts: 369
Joined: Wed Jul 23, 2003 11:39 pm
Location: Omaha, Nebraska, USA
Contact:

Post by David Robinson » Sat Jun 24, 2006 7:11 am

It's not a black and white situation. Under the same conditions (same users, same types of users, same amount, same type of software, even the same software, same everything), closed source could prove more secure, or open source could prove more secure. It depends on the developers.

User avatar
hoochiedemon
Registered User
Posts: 13
Joined: Thu Apr 07, 2005 6:52 pm

Post by hoochiedemon » Sat Jun 24, 2006 4:30 pm

i'll keep my point very short.

Microsoft windows is not open source even though they have been order to show some of there source to competitors anywayz back to the point.

How many known viruses are there for windows? This comment alone should prove that just cuz it isn't open source that it's had alot of hate pointed towards it.

It's not a simple question open Vs closed.

I think a better one would be why pay when you dont have to.

User avatar
Elias
Registered User
Posts: 4625
Joined: Sat Feb 25, 2006 4:31 pm
Location: In the Water!
Name: Elias

Post by Elias » Sat Jun 24, 2006 4:47 pm

I think a better one would be why pay when you dont have to


Maybe people find the payed ones are eaiser to use. Or maybe they got what they are looking for and have what they need..
"Mystery creates wonder, and wonder is the basis of man's desire to understand." - Neil Armstrong
|Installing Extensions|Writing Extensions|Extension Validation Policy|

User avatar
hoochiedemon
Registered User
Posts: 13
Joined: Thu Apr 07, 2005 6:52 pm

Post by hoochiedemon » Sat Jun 24, 2006 4:49 pm

Possibly but my php skills are pathetic and I find that with the community access I can fix and sort out anything that comes to mind.

So am not easily going to part with money after i ready have to pay for my domain name and space.

bishnu
Registered User
Posts: 2
Joined: Tue Jul 04, 2006 8:12 am
Location: Kolkata

mysql

Post by bishnu » Tue Jul 04, 2006 9:00 am

hi , is it possible to run php with mysql5,

bishnu
Registered User
Posts: 2
Joined: Tue Jul 04, 2006 8:12 am
Location: Kolkata

Re: mysql

Post by bishnu » Tue Jul 04, 2006 9:15 am

bishnu wrote: hi , is it possible to run php with mysql5,



yes It is possible to run mysql with php

Locked

Return to “General Discussion”