Cross-platform open source threat: Is open source really more secure?
跨平台开源威胁:开源真的更安全?
Blogger: John McCormick
博客:John McCormick
翻译:endurer
英文出处:http://blogs.techrepublic.com.com/security/?p=237&tag=nl.e101
Category: Security, Microsoft, Hacking, Office, Macintosh, linux, open source
分类:安全,微软,非法访问,办公,苹果机,linux,开源
Tags: Linux, Open Source, Sophos Plc., Microsoft Corp., John McCormick
标签:Linux,开源,Sophos,微软,John McCormick
Sophos has disclosed the existence of a proof-of-concept worm (StarOfficeBadbunny) that attacks through a vulnerability in OpenOffice and other programs using StarBasic macros. According to Sophos, this is a multi-platform threat affecting Windows, Mac OS, and Linux. It is written in several scripting languages, including Perl.
Sophos已经揭示通过使用StarBasic宏的OpenOffice和其它程序的缺陷进行攻击的概念验证蠕虫(StarOfficeBadbunny)的存在。在Sophos看来,这是一个影响Windows、Mac OS和Linux的多平台威胁。它用多种脚本语言编写,包括Perl。 字串7
《endurer注:1。Proof of Concept:概念验证
2。StarOfficeBadbunny:SB/BadBunny-A Worm Description
SB/BadBunny-A is a multi-platform worm written in several scripting languages and distributed as an OpenOffice.org document containing a StarBasic macro.
http://www.sophos.com/security/analyses/sbbadbunnya.html》
While this particular threat is minor, it does illustrate a growing problem. I am all in favor of open source code, but I have never bought into the idea that it was less vulnerable to attack.
尽管此个别威胁较小,但它说明了一个日益增长的问题。我完全支持开源代码,但我从未接受其可被用于攻击的缺陷少的观念。
《endurer注:1。be all:全部
2。in favor of:赞成(支持,有利于,较大)》
Just to start out on the right foot with open source fans, I like OpenOffice, and I often recommend it to small business clients and individuals who need Microsoft Office-like applications but don’t like Microsoft prices. I also like and use Firefox and Linux, and I recommend both as well as other open source software. 字串9
与开源爱好者顺利开始,我喜欢OpenOffice,并且经常向需要类似微软Office的软件但不喜欢微软的定价的小型企业客户和个人推荐。我也喜欢并使用火狐和Linux,并且推荐两者及其它开源软件。
《endurer注:1。start out:开始(出发,着手进行)
2。start off on the right foot: 一开始就顺利(一开始就留下好印象)》
Sometimes the more security-savvy of my friends and customers say to me, “Oh, you recommend OpenOffice (Linux, etc.) because you think it is safer!” In a practical, everyday sense, yes — if you run Linux, you are less likely to be hacked.
有时朋友和客户们的更多安全常识告诉我,“噢,你推荐OpenOffice (Linux, 等。)因为你觉得它更安全!”在实践中,日常体验,是的——如果你运行Linux,被黑的可能就小。
《endurer注:1。everyday sense:日常体验
2。likely to:可能(像是要)》
But I feel the need to explain that I have no idea whether it is inherently safer. I’m not convinced that Firefox or Linux is actually safer than Microsoft products in any absolute meaning of the term. 字串3
但我觉得有必要解释一下,我一点也不知道它是否天生就更安全。在术语没有明确定义的情况下,我不确信火狐或Linux确实比微软产品更安全。
《endurer注:1。have no idea:一点不知道(听也没有听过)》
We seldom hear of big threats to open source platforms, but that isn’t the same thing as saying they are inherently more secure. They may merely be attacked less often. Pointing out that they are “not being targeted as much as Microsoft” doesn’t PROVE they are less vulnerable. They may be less vulnerable, but that only PROVES that they are “not being targeted as much as Microsoft.”
我们很少听说对开源平台的大威胁,但这不等于说它们天生就更安全。它们可能只是不经常被攻击。要指出的是它们“未被当成微软那样的目标”并不证明它们缺陷少。它们可能缺陷少,但这只能证明它们“未被当成微软那样的目标”。
Open source is certainly cheaper if you don’t need much support – although even that is highly debatable if you need to support a lot of users on open source operating systems or applications, especially if you (or they) are trying to do anything even slightly out of the ordinary. (Don’t forget training costs: How many of your new workers learned Linux and OpenOffice in school? Most of the ones I see have been trained — if badly – on Microsoft.)
字串4
如果你不需要支持,开源软件是比较便宜的——然而如果你需要支持使用开源操作系统或应用程序的许多用户时,这很可能成问题,特别是如果你(或他们)正试图做即使是轻微超常的事情时。(别忘记培训成本:有多少新员工在校时学过Linux和OpenOffice?如果严重地话,我想其中大多数已经按微软培训过。)
Open source vs. Microsoft security is an OLD argument, but two recent developments have brought a different focus to the question. First is this multi-platform malware I just described. Second is the fact that Dell just announced it would begin selling Linux-loaded computers at Wal-Mart.