Editing Free software (section)

== Security and reliability ==
[[File:ClamTK3.08.jpg|thumb|230x230px|Although nearly all [[computer viruses]] only affect [[Microsoft Windows]],<ref>{{cite book |last1=Mookhey|first1=K.K.|last2=Burghate|first2=Nilesh |title=Linux: Security, Audit and Control Features |publisher=ISACA|year=2005|isbn=9781893209787|page=128 |url=https://books.google.com/books?id=-kD0sxQ0EkIC&pg=PA128}}</ref><ref>{{Cite book|author=Toxen, Bob|title=Real World Linux Security: Intrusion Prevention, Detection, and Recovery|publisher=Prentice Hall Professional |year=2003 |isbn=9780130464569 |page=365 |url=https://books.google.com/books?id=_-1jwRwNaEoC&pg=PA365}}</ref><ref>{{cite news |author=Noyes, Katherine |title=Why Linux Is More Secure Than Windows |work=PCWorld |date=Aug 3, 2010 |url=https://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html |url-status=dead |archive-url=https://web.archive.org/web/20130901151841/http://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html |archive-date=2013-09-01}}</ref> [[antivirus software]] such as [[ClamTk]] (shown here) is still provided for Linux and other Unix-based systems, so that users can detect [[malware]] that might infect Windows hosts.]]
There is debate over the [[Computer security|security]] of free software in comparison to proprietary software, with a major issue being [[security through obscurity]]. A popular quantitative test in computer security is to use relative counting of known unpatched security flaws. Generally, users of this method advise avoiding products that lack fixes for known security flaws, at least until a fix is available.

Free software advocates strongly believe that this methodology is biased by counting more vulnerabilities for the free software systems, since their source code is accessible and their community is more forthcoming about what problems exist as a part of [[full disclosure (computer security)|full disclosure]],<ref name="cnet" /><ref name="albion" /> and proprietary software systems can have undisclosed societal drawbacks, such as disenfranchising less fortunate would-be users of free programs. As users can analyse and trace the source code, many more people with no commercial constraints can inspect the code and find bugs and loopholes than a corporation would find practicable. According to Richard Stallman, user access to the source code makes deploying free software with undesirable hidden [[spyware]] functionality far more difficult than for proprietary software.<ref name="rms-fs-2006-03-09" />

Some quantitative studies have been done on the subject.<ref name="Wheeler" /><ref name="Delio" /><ref name="fuzz-revisited" /><ref name="fuzz-macos" />

===Binary blobs and other proprietary software===
In 2006, [[OpenBSD]] started the first campaign against the use of [[binary blob]]s in [[Kernel (operating system)|kernels]]. Blobs are usually freely distributable [[device driver]]s for hardware from vendors that do not reveal driver source code to users or developers. This restricts the users' freedom effectively to modify the software and distribute modified versions. Also, since the blobs are undocumented and may have [[Software bug|bugs]], they pose a security risk to any [[operating system]] whose kernel includes them. The proclaimed aim of the campaign against blobs is to collect hardware documentation that allows developers to write free software drivers for that hardware, ultimately enabling all free operating systems to become or remain blob-free.

The issue of binary blobs in the [[Linux kernel]] and other device drivers motivated some developers in Ireland to launch [[gNewSense]], a Linux-based distribution with all the binary blobs removed. The project received support from the [[Free Software Foundation]] and stimulated the creation, headed by the [[Free Software Foundation Latin America]], of the [[Linux-libre]] kernel.<ref name="FreeGNULinuxDistributions" /> {{as of|October 2012}}, [[Trisquel]] is the most popular FSF endorsed Linux distribution ranked by Distrowatch (over 12 months).<ref name="DW02" /> While [[Debian]] is not endorsed by the FSF and does not use Linux-libre, it is also a popular distribution available without kernel blobs by default since 2011.<ref name="FreeGNULinuxDistributions" />

The Linux community uses the term "blob" to refer to all nonfree firmware in a kernel whereas OpenBSD uses the term to refer to device drivers. The FSF does not consider OpenBSD to be blob free under the Linux community's definition of blob.<ref name="commondistrosfsf" />