I’m sure by now you’ve heard of Shellshock, the new computer malware that attacks a key part of an underlying operating system and gives its malefactor essentially complete control over the system. For a change, Windows machines are exempt from the virus; it’s Macs and Linux and Unix systems that are most vulnerable.
The flaw, or “exploit”, is in the Bash Shell, an application that is included with almost all Unix and Linux shipments including the one on which the Mac OS X is based. The malware is being called “Deadly Serious” by experts.
The ink wasn’t even dry on the warning notices about the problem before the lamestream media began shouting about how Open Source is bad-bad-bad and we shouldn’t rely on software “built and maintained by volunteers.” In other words, Open Source. In other words, you morons should be paying gobs of money and enriching our corporate overlords by purchasing software that is maintained by an actual corporation where there is an incentive (read, profit, read, exploitation) to fix these problems.
Open Source systems are no more vulnerable than proprietary systems to exploits of most kinds. And when a problem does arise in an Open Source app or utility, the community of volunteers rushes into respond almost immediately and with a multi-pronged attack. Historically, problems — whether bugs or security flaws — in OS software are fixed far more rapidly than those maintained by a proprietary company. Generally, such companies have a vested interest in covering up bugs and flaws, then prioritizing their repair based not on what most users want or need but based on what a handful of their top customers insist on.
Interestingly, Shellshock provides a microcosm of evidence supporting my position. My buddy Richard Gaskin reports on G+ that he’s fixed his Linux boxes and applied the Linux patch to his Macs. The Linux boxes check out as clear but the Mac box doesn’t. “Why,” he asks, obviously rhetorically, “are Apple security updates frequently slower than others?” (Richard, like me, is a supporter of Apple in general.)
It’s because large companies like Apple can’t just twist a knob, apply a patch and distribute it to their customers immediately. There are lots and lots of hoops through which to jump, legal, marketing and PR considerations to factor in, backward compatibility to be checked. All good reasons for the slow response but clear reasons why OS is often far better than proprietary when it comes to things like Shellshock.