What is "Open Source" Software?
Open source software are programs that have the source code used to created them made publicly available for everyone to read. Normally, we call "open source" only programs that can also be modified, forked, and redistributed, i.e. libreware, which means the developers who wrote the source code and thus own the copyright of the code must have published it under a permissive license such as GPL, LGPL, MIT, etc. If a program's source code is made available but you can't create and publish your own version of the program from that source code, then the term used is "source available" instead.
Observation: in the past, most open source applications were hosted on SourceForge, which had a nice, big download button in the homepage of each project so you could download the .exe. Today, people are using GitHub instead, which doesn't have a download button.
Are Open Source Programs Free?
If an application is open source, it's often freeware, but it's not necessarily freeware. The open source licenses don't stop someone who obtains the source code from selling a program built using the source code, but they usually require that the source code be distributed or made available together with the built program.
This means that everyone will have access to the source code for free, so anyone could build the program themselves for free, so long as they know how to do it.
Are Open Source Programs Safe?
A common misconception people have about open source is that open source software is "safer" than closed-source software or simply "safe" in general due to the code being publicly available. There are two problems with this assumption.
First, just because the source code is public, that doesn't mean people are actually going to read it. Even simple programs can have thousands and thousands of lines of code, and even a single line is enough to install malware in your computer. No matter how many stars a project has on GitHub, there is no way to be sure someone has combed over everything to make sure it's safe. Even if they had combed over everything, the code could change in days and all the changes would need to be audited.
Even if it's not malware, sometimes people make mistakes, and sometimes mistakes delete all the files in your user's PC. This can happen with anyone. Any program that can delete files is one mistake away from deleting files by mistake.
If there is enough scrutiny, open source can be safer than closed source, but in general you shouldn't assume people are actually reading the code. Whenever you run a program in your computer, you must trust that the developer isn't a bad guy. There is no way to escape trusting people. If you trust him, it doesn't matter if it's open source or closed source, because you already trust his code.
Second, and equally important, even if you personally combed through all the source code files to make sure there is nothing unusual going on, that doesn't guarantee the program you run was actually generated from that source code. That is, if you download an installer, or an .exe, you assume it's a program created from the source code that is public, but there is no guarantee that is true. It could be someone added malicious code to the installer that doesn't exist in the published source code.
In fact, even if the people behind the project didn't add the malware, someone else could have. If a website is hacked, hackers can replace the program you download with an infected program. This can also happen with closed source software, but it goes to show that there are so many things that can go wrong, that nothing at all is ever going to be safe.
The only thing safe is a backup. If you have something in your computer that you can't afford to lose, you better have a copy of it somewhere, preferably three difference places, just in case a program deletes all your files.
Leave a Reply