Open Source Security, Part 1: Securing Credibility
Some quarters in the software industry still carry a bias against the credibility of open source security applications. Open source network gateway developer Untangle did not expect to find its request for certified testing of the popular open source virus security product ClamAV shunned. When it was, Untangle decided to do its own test.
Based on the virus-hunting and removal performance, Morris's own tests led him to determine that ClamAV outperformed all the commercial products he tested. As a result, Untangle decided to go with ClamAV.
Morris declined to identify the testing labs. "Some people clearly are not rooting for open source," he said.
Morris and Walters intended to settle the security product debate at the LinuxWorld Conference and Expo this month by conducting a test on various open source and proprietary security products for all to see.
On the open source side, Untangle aimed to test ClamAV and Global Hurry. The proprietary vendors were represented by Norton, McAfee, Fortinet, Watchguard and SonicWall.
In the contest's preliminary results, ClamAV caught every one of the 25 viruses thrown at it. Two of the proprietary applications missed many more; one even failed to catch all but a single virus.
All vendors should have caught all of these viruses -- none were new and all were quite common, said Morris.
"Some of these products are so bad it's a scam to sell them as antivirus solutions," he commented.



