Headline Feeds
Open source applications have come into their own. For some time, open source programmers held much the same reputation as shareware authors. They were little more than experimenters and programming geeks who chose the alternate code-writing route because they could not or did not want to compete in the real software industry of commercial programming.
Now many software developers rely on open source code either in whole or in part. A very workable business model has developed around the concept of building programs around shared or publicly available code.
Often, open source programs are available for free with some free support available from online communities. Users desiring more enhanced features can buy into commercial-grade open source applications via commercial versions or paying for support for the free version.
Submission Shunned
Nowhere is this open source option more crucial than when it is applied to security applications. While open source products are generally in good supply today in business suites, some quarters in the software industry still carry a bias against the credibility of open source security applications.
Open source network gateway developer Untangle did not expect to find its request for certified testing of the popular open source virus security product ClamAV shunned. When it was, Untangle decided to do its own test to see how the open source antivirus product stacked up against proprietary products.
"The age-old debate is rekindled. Which is more secure, open source Clam AV or a commercial antivirus product?" Bob Walters, CEO of Untangle, told LinuxInsider.
The Main Problem
A year ago, open source advocate Dirk Morris, Untangle's founder and CTO, tried to contract with third-party testing houses to compare open source antivirus products against proprietary security products. He was frustrated in his efforts to find a testing house willing to do an independent test.
In Morris's view, the open source community produces an antivirus software database as good or better than proprietary software companies because there are so many more people contributing viruses to the open source database on an ongoing basis. However, ClamAV was the only open source antivirus product he tested because there are very few of them in existence.
Untangle decided two years ago it would add an antivirus product to its open source gateway platform. Morris lined up numerous commercial and open source products to test them before selecting which one the company should use. Morris pulled a bunch of month-old viruses from his office in-box for his own tests.
"I was shocked. The results were not at all what I expected," Morris told LinuxInsider. "I started thinking that maybe all antivirus products are not the same."
Taking the Test
Based on the virus-hunting and removal performance, Morris's own tests led him to determine that ClamAV outperformed all the commercial products he tested. As a result, Untangle decided to go with ClamAV.
However, neither Morris nor Walters was happy about the unsettled debate over open source versus closed source security products. So Morris convinced Walters to take their tests further.
"We found that ClamAV was the quickest with the least drained resources. We also noticed that same thing with other types of open source security products," Morris said. "I didn't believe that open source was better. Now I do."
Walters agreed. His company uses about 90 percent open source in its products, so using ClamAV based on the company's own testing for spam and antivirus performance made sense, he said.
"We couldn't see any differences so we went with the open source option for free. The best of both camps were just as good," said Walters.
Next Round
Morris declined to identify the testing labs. "Some people clearly are not rooting for open source," he said.
Morris and Walters intended to settle the security product debate at the LinuxWorld Conference and Expo this month by conducting a test on various open source and proprietary security products for all to see.
On the open source side, Untangle aimed to test ClamAV and Global Hurry. The proprietary vendors were represented by Norton, McAfee, Fortinet, Watchguard and SonicWall.
In the contest's preliminary results, ClamAV caught every one of the 25 viruses thrown at it. Two of the proprietary applications missed many more; one even failed to catch all but a single virus.
All vendors should have caught all of these viruses -- none were new and all were quite common, said Morris.
"Some of these products are so bad it's a scam to sell them as antivirus solutions," he commented.
Information is available on how the community builds the virus database for ClamAV.
Browser-Based Breaches
Some security experts see the debate of open source versus proprietary security products as incomplete in isolation. One of the most common infection routes for spam and viruses is the Internet. The question of which browser is used -- open source or proprietary -- becomes part of the argument.
"Attacks against both proprietary and open source browsers are somewhat the same," Paul Zimski, senior
director of product and marketing 
strategies for PatchLink, told LinuxInsider. PatchLink provides patch
and vulnerability management solutions.
Browsers have to go on the Internet and fetch mobile code. It is a constant struggle to lock down
applications, regardless of the source of their code, he said.
Talkback: 
