COMPUTER SECURITY: Whats the concept? OFF THE WEAK!

Introduction

Just before I start this all off, I'd just like to clarify that I'm definately a weak guy when it comes to Computer Security, and theres definately loads of other people that you would be getting this information off. This is a poker forum though, and alot of poker players probably wont be taking the time to browse Computer Security forums. And probably not "Other Topics" -> "CTH" either. I'm sure there are loads of people who wouldn't ever realise the importance of Computer Security unless it was made a Sticky (like it has been in all the other forums thanks to my constant nagging! got banned a few times for it but atleast I showed Ryan Beal that mods thought it was a worthwhile topic - unlike him clearly) or a Concept of the Week.

Due to the huge sums of money floating around poker players, its imperative that poker players realise how to secure their computers. However while I was promoting to put stickies in all the forums to stress the importance of security, micro FR, being the nits they are, thought it wasn't a worthy enough topic for its own sticky!

Most of what I have learnt about Computer Security has been from asking questions in IRC security channels and twoplustwo threads and a bit of searching here and there.

i) Viruses

This type of attack likely wont cause a harm to your bankroll. Their main purpose is to spread without user knowledge to detroy the systems files. Hopefully if you get an attack, you get this type of attack, coz hopefully you can just clean up your system and get back to grinding again.

Fairly often even the top antiviruses wont be able to find even half arsed malware. To the best of my limited knowledge, alot of them aren't even desgined to do such things. So dont think because you have an "Antivirus" that ships with your computer, you are safe from malware. You are hugely mistaken. Anyway, here are some of the best freeware antiviruses:

AVAST: http://www.avast.com/eng/avast_4_home.html
AVG: http://www.free-av.com/
AVIRA: http://free.avg.com/


Some googling on antivirus reviews led me to this, http://www.reviewcentre.com/products2167.html .. I personally use/prefer AVIRA.

These could potentially get really messy depending on the type of malware and how well it hides. Malware is specifically designed to not give any signs away that the computer has been compromised. Malware technology can be combined with worm technology to form something that can spread on networks without any user action. Imagine the consequences of this if you
have for example a poker computer, and a computer for webbrowsing and other stuff. You wouldn't be safe having them both on the same network.

Malware can do things such as monitor screen activity and record passwords. This can potentially hurt your roll in 2 ways:
- Somebody may use the malware to grab email/poker account passwords and clean out the account while you are not using it
- Somebody may use the malware to spy on your hole cards, and cheat on you

If the user has anti-malware software installed, and somebody manages to successfully install malware which can be found by this software (through social engineering, man in the middle attacks, access to the computer without your knowledge), then the person who plants that malware there is probably going to take all the money he can as quickly as possible.. If he doesn't then he may lose his chance at a huge score since his malware could be swept away in the next sistem scan. It would be ludicrously amateurish for a guy to get a crappy dll trojan on a computer and not take 25-30k$ or whatever.since theres NO REASON why he wouldn't expect the sisadmin to wipe malware off very promptly( coz when you install this type of software, you'll see it goes off at set times )

If the user has anti-malware software installed, but the malware is sophisticated enough to evade detection, the attacker may choose a more long term approach to stealing, and just use hole card cheating. He doesn't need to worry about the malware getting killed off in a system scan. Thats not a certainty obviously. If theres loads of money online, whether his malware gets detected or not may not matter to him, and he may just be tempted to take whats there. If a player only has a smallish amount online, he may think its better to slowly skim off the top of the players winnings, instead of going for a small heist.

There is plenty of software out there which will find malware. Here are some of them:
MALWAREBYTES (MBAM): http://www.malwarebytes.org/
SUPERANTISPYWARE : http://www.superantispyware.com/

Good malware/the best malware however cannot be found by this software.

In extreme cases you may just have to format your whole computer. Not that you would even know if that malware was there in the first place. A packet sniffer installed on your router might alert you to suspicious activity if you know how to interpret it

Some of the more nasty malware are hidden by "rootkits".

Since websites are a good place for attackers to place malicious code, you need to make sure you aren't using easily exploitable browsers such as Internet Explorer. Even if you dont use IE, which you shuoldn't be, still keep it updated (http://www.microsoft.com/windows/Int...ide-sites.aspx
). Use MOZILLA (http://www.mozilla.com/en-US/firefox/) along with NOSCRIPT (https://addons.mozilla.org/en-US/firefox/addon/722).
Exploits in Java are yet another place how malware can find its way onto your system. Keep Java updated using this link (http://java.com/en/download/). You will have to uninstall other versions first.


Hopefully by now I got you pretty worried about malware. BUT;

YOU STILL NEED TO MAINTAIN PHYSICAL SECURITY; Just because you have some software to catch viruses/malware, doesn't mean people wont be around waiting for you to pop to the kitchen so they can stick a rootkit on your machine. If they know what they are doing you wont find it. Even if they dont have access to firmware rootkits. There are plenty of readily availible rootkits which cant be found with software afaik. Thats why I recommend having different computers for work/play.

Rootkits have taken a huge dive forward in advancement in the last few years, and there is cutting edge technology which allows rootkits/malware to remain on your computer even after you have totally formatted the harddrve. I know this is scary. They are known as PCI Rootkits, and the rootkit resides on the firmware of PCI cards or the BIOS. I know it seems somewhat unbelievable since this stuff hasn't been seen in the wild before, but I'm working on creating a demonstration of this. I have had a firmware rootkit put on my machine. The only way to find them I can think of is to have all that computers traffic go through one box with a packet sniffer. I have machines which when fully formatted and not connected to any infected network are still sending malicious traffic somewhere. I will make a video of this soon, and I'm sure its gonna cause a huge stir in the poker world and rightfully scare the **** out of alot of people.

Here is the link to a demonstration of a firmware rootkit on one my machines: <XXX COMING SOON XXXX>

Even though these effect firmware, a software program can do it. Meaning if somebody can hack your computer remotely through any one of these attack vectors.
- Social engineering to get you to run something dodgy like a exploited pdf in adobe
- malicious websites
- targetting ip address attacks
- OS bugs
then that remote software exploit can change firmware.

iii) Denial of Service

Wont spend too much time on this, but its basically where somebody has the intention of denying you of your internet service. They either use vulnerabilties in how the internet works, or just by sending shear mass amounts of data to your "IP Address" (your unique identifier on the internet), in order to get you disconnected. Imagine somebody knew your IP address, through speaking you on Skype for example, and then they are playing a big pot with you. They could launch an attack on your IP address, hoping you time out.

As mentioned before I'm not really an expert on computer Security at all, I'm mainly just writing this thread so that something gets mentioned in Micro FR about Computer Security

AFAIK, there isn't really much you can do about people sending massive amounts of data to your connection in order to disconnect you.

The best you can do is hide your IP address. I'll talk more about doing this later. FYI, anytime any website you go to will have your IP address. It is the first thing a hacker needs if he wants to remotely hack into your computer, without you running any malicious stuff client side.

iv) Password Security

- Use strong unguessable passwords. Combination of uppercase/lowercase/numbers atleast 10letters IMO
- Create a poker only email account so you dont get people trying to hack your normal email account (maybe with an easily answerable secret question that shouldn't be there in the first place) which eventually leads to your poker account access
- Keepass password tool is something which creates an encrypted database of all your passwords incase you forget them. Handy for lots of reasons apparently I haven't looked into it myself. www.keepass.info

v) Use decent software and keep them updated.

- Sourceforge (http://www.****************) has a bunch of decent opensource stuff for all sorts of things. No need to use things like Adobe which is riddled with exploits.
- Osalt helps recommend an open source alterative for a software you mgiht already have (http://www.osalt.com)
- Keep your software updated by using something like http://secunia.com/vulnerability_scanning/personal/ SECUNIA PSI

KEEPING ANONYMOUS ONLINE AND NOT REVEALING YOUR IP ADDRESS

- I STILL THINK ITS IMPERATIVE TO GET A ROUTER FOR YOUR INTERNET CONNECTION REGARDLESS

-If somebody wants to hack you, they need something called your IP Address (which is your unique internet identifier), which is how people will attempt to send you malicious things if they aren't telling you on MSN/AIM to go to "www.gotomyvirus.com" or something a little more subtle than that. Alot of the remote hacking section is very important if you are in a situation where somebody can find out your IP Address. Whether thats your Local Area Network IP Address (which cant be accessed from the outside world - just by other people on the LAN), or your external WideAN IP Address.

Think of it like this, if you are a poker player and you are advertising your IP address, you are more or less advertising You are a walking safe, begging to be cracked. Do you really wanna play that game of making sure you are secure enough to not get hacked, or would you rather just avoid the situation in the first place?

So who would know your IP Address? Any place you visit on the internet will get your IP Address, if you aren't making any effort to route it through somewhere else so nobody can see your true IP. Seeing as poker players are walking safes, who would know you are a poker player?

- People you know, people on MSN/AIM/SKYPE. Some of these chat messaging programs send directly to the other persons IP Address. I know Skype does. AFAIK MSN goes through the central microsoft server so anybody you are speaking to on MSN wont be able to get your IP address. Do some research on whatever messaging systems you are using with friends to make sure you are not advertising your poker playing connection's IP address. Even if it is the routers IP address, it still opens up an element of risk. A risk which isn't neccessary imo.

-Websites that you visit that know you are a poker player. twoplustwo.com, deucescracked.com, cardrunners.com, holdem manager validiation when loading. You see where I'm going I hope. Do you realllly trust twoplustwo.com to not sell the database of IP addresses connecting to their webservers to some talented hackers at some point? I remember asking the mods who has acccess to that sort of information and they refused to answer. I'm gonna take a wild guess and say mods do. Ill let you make up your own minds on whether you want to let mods have that sort of information on you. Holdem Manager is a tough one, coz afaik you cant use it unless you are connected to the internet? Not much you can do to get away from that either, unless you do what I recommend later.


- It completely amazes me that the MSNL irc channel is on the EFnet server. The amount of people that are revealing their IP address there is ridiculous. When I mention it in the channel I get banned instantly, I'm not gonna go into why I think thats the case! I'm sure yo uknow what im thinking. Anyway, EFnet isn't nearly as populated as the FreeNode network. They have wayyyy more active support channels, aswell as channels for a whole load of interests. Freenode also have the option of
hiding the IP address you connect to the IRC server with, an option which EFnet does not. You can also register a nickname to stop people pretending to be other people which might be important for poker players. I am proposing that the MSNL irc channel is changed to Freenode. The MSNL FAQ points to EFNET #msnl , that should be changed and everybody should migrate. Why put those people at risk. People who care enough about doing a 20second thing to hide their IP addresses on the IRC server can do. Those who dont care dont have to do anything. Atleast it gives people that OPTION though.

- If you are using a 3g wireless provider i am fairly certain people can sniff your IP address even if behind a NAT. I haven't yet figured out how they might do that, but I have reason to believe they can. I think the 3g encryption is pretty good, but alot of providers run on GPRS before it picks up a 3g signal. Apparently GPRS is alot easier to carry out MITM attacks on. So be very weary of using a 3g wireless provider. I'm stuck in a position right now where i HAVE to use a 3g wireless provider. I would like to know how somebody would attack my internal NAT ip. Maybe scanning the subnet for open ports or something I dunno. Any tips on securing this connection would be nice. I'm thinking of just getting 2 routers for it. One for the 3g sim card, and then another one which hasn't got a stock firmware which is probably insecure.

- Any website you go to. You may accidently go to some dodgy site which might try taking advantage of OS vulnerabilties and turn you into a standard botnet drone. This might not be as damaging to your roll as malware, but it should still be avoided if possible. These mass attacks from porn sites are mainly going to be targetting windows, so connecting through a router should stop most of those.


If you want to keep your IP address secret from everywhere, one possible thing you could do is use a VPN. There are commercial services which give you a server to route ALL your traffic through. This will get past the holdem manager limitation of needing internet access to. That way you dont have to trust Holdem Manager with your IP Address information.

These can be problematic to setup though for the novice (like me). You could just trust Holdem manager with your IP address if you really wanted, and be realllly careful with everything else I guess. No skype, no twoplustwo.com/training sites / file transfers even legit ones coz that will advertise your IP . For all that stuff using one of the many free web proxies like http://anonymouse.org/anonwww.html

References

Freenode IRC Channel: #security , #remote-exploit , #openwrt , #openvpn , #windows7
#networking #iptables iptables is a firewall configuration channel
Twoplustwo threads: http://forumserver.twoplustwo.com/48...osting-321637/

http://forumserver.twoplustwo.com/48...videos-659775/ (took quite a bit of credit from here - the number of views was nowhere near the number of thread views - i thought it might be because nobody is bothered to sit through over an hour of videos or whatever. now they can skim through the important parts)

HSNL sticky on computer security: http://forumserver.twoplustwo.com/19...mputer-623925/


All the sites quoted in the article. This was a little more rushed than I would have liked. I wanted to get the firmware rootkit demonstration done, since that is really ground breaking stuff for the poker world. I will get that up shortly. Im really bad at computers and dont really know what im talking about. Alot of the technical stuff is just stuff I've copied from IRC channels and websites. Atleast something is in Micro FR about security which hopefully lots will read though. Feel free to spot any errors/gaps


Thanks for reading that ramble


SN

first

Thanks OP

First, nicely done. Will get those right away!

Really, really well done. I am impressed that you've managed to cover the topic so thoroughly for someone who isn't involved in IT security as most people miss quite a bit of those important points.

You are correct that msn gets bounced from msn servers, however a few things such as webcam/audio conversations go directly peer to peer.

One thing I recommend you add though is if you do get a router DISABLE REMOTE CONNECTION AND CHANGE ITS DEFAULT PASSWORD. It's unbelievable how few people do this.

Also if you're using a router that is wireless, for gods sake don't use WEP encryption. If anyone can get within range of your router signal that you don't trust then you might as well be using an unsecured connection. a WEP password can be retrieved via packet sniffing in as little as a few minutes.

I'll have a think and probably think of a few more bits to add that should help people out too.

op, i of course have an RSA security token. does this mean large parts of your stuff can be "ignored" or at least how does this secure me more? i know, for example, that one will be unable to log onto my account with merely my password.

well they wont be able to get onto your poker account. But they can still log your credit card details when you deposit, or your password for a 3rd party you go through (paypal, moneybookers etc) and get your money that way.

Then there are issues of identity fraud, particularly with many bank statements etc increasingly being available via email.

the malware part points out that the threat is not only password grabbing but also holecard cheating. i know there haven't been many docuemnted cases of this, but that doesn't mean its not possible. how would you know how many of the cases you see in CTH have been hole card cheating?

the other fraud/cc stuff mentioned aswell is important. you still need to secure your computer. you might have a right to not be as bothered about people grabbing your passwords, but never underestimate the power of holecard cheating.

regarding the WEP thing. i believe you are right. I think i might have mentioned that somewhere in my post that you need to be using WPA2. There are people here who have alot more experience with setting these things up who would be better qualified. I just wanted the sticky :] And wanted to show everybody this firmware rootkit stuff.

im in a learning experience myself. i haven't had any experience with setting up openwrt/snort/untangle or anything i mentioned here. i just know they are good tools for the job. yet so hopefully somebody can help me then

tl;dr - but most definitely WILL

a disclaimer about open source software: The additional security gained from using open source software isn't that it is inherently better written as far as exploits are concerned; Rather the commercial software is in use on far more machines and therefore is a more attractive target for hackers and security experts to attempt to find flaws in.

In fact having access to the source code makes finding an exploit in any piece of software easier, not harder. So if someone wanted to specifically target you, or even decided to target all the CotW loving uNLers, converting to open source software would make you more vulnerable IF they knew what they were doing. However 95% of 'hacks' are done by people who use proof of concepts or other prefound exploits to gain access to machines that have not yet been patched.

great article.

does anyone here play seriously on a Mac?

As a computer security guy myself, I'd thumbs-up this article. It's a bit too heavy on the "remote hacking" angle -- a bit too light on the "password security" angle.

Cliff notes for the important stuff: Patch your antivirus/antimalware/system updates every day. Use long, hard-to-guess passwords for both your poker accounts & the email accounts used in "forgot your password". Use Firefox or Chrome.

+1. Interesting stuff.

Yeah. Why wouldn't we?

I have never hand an anti virus/firewall, etc. Slows down your PC. Just use common sense and nothing will happen. Haven't had a virus for over 1.5 years.

Nice article OP. Can anyone give me a good password, i want it to be easy to remember and still safe.


Seriously though, i have one link to add: http://www.av-comparatives.org/
I guess it's selfexplanatory, but it is a site which makes tons of antivirus solution tests. They don't test usability and stuff like that, but these things can be tested by the user itself.



EDIT: How do you know, that you never had a virus if you dont have a antivvirus-tool, nshoshnikov?

That's a stupid ass comment!

But if you don't have AV software, how the hell do you know that you don't have a trojan, virus or whatever on your system?

And just because AV/FW software supposedly slows down the system does NOT mean you shouldn't be using it. You are playing poker here, not frigging Crysis with everything set to high so AV/FW slowing down your system is BS imo.
I've played the newest games WITH AV and FW and never had any problems with it slowing down my system. Even if it did, I would NEVER EVER have a system without AV or FW.

Good post!

I don't know how many friends I've helped with "computer problems" that related to viruses etc.

I would like to amend a few bits.

Denial of Service

Practically all DoS attacks today are a mass effort, known as Distributed Denial of Service Attack, or DDoS for short.

Individual users really don't need to worry about any kind of DoS attacks, at least personally, and the reason is very simple.

Residential network users are extremely poor targets (no pun intended). DDoS attacks are performed by launching a traffic blast from coordinated network of computer all over a region, sometimes even from multiple continents. To launch such an attack, the attacker commands a botnet, in part or in full, to send malicious traffic to a specified target.

Now, the botnets in question are controlled and operated by organised crime groups. They do not use the network themselves much - instead they rent out time and capacity on the network to their clients. The entire network is rarely used for a single task; each client only gets a small fraction of the botnet (and probably just a subset of the "service features") for their money. For a limited time, too.

Just like Amazon rents out computing capacity on their EC2 cloud, so do the botnet operators. Their service is just more targeted, and better tailored to custom tasks.

Think about it: with such tools, it is inefficient and almost certainly not worth the investment to target individual poker players. So why not target the sites instead?

That is exactly what has happened. With the attackers being virtually untraceable, they can first demonstrate their capability for a short while by overloading the site's network and then approach the owners with demands for protection money if they want to keep their business running. Otherwise the attackers will use the botnet at their disposal to flood out the site for days. In other words, DDoS attacks are used for large-scale extortion rackets. (Hint for those who wonder about the economics of this setup: the crime organisations usually offer money-laundering services, taking their cut off the sums...)

Those kind of operations are far more lucrative and notably easier to run than trying to snuff individual players at tables for single pots.

But why limit the targets to poker sites? They tend to have pretty strict security systems already in place, and take their network operations Seriously, with a capital S. In fact, smaller advertisement networks make also good targets. If they can't display their inlined wares, they lose page views and hence clicks. Not to mention that causing prolonged page loads urges more users to seek out ad-blocking tools, causing these operators long-term revenue hits.

I would be willing to make a bet that > 99% of trojan- or malware-related poker account crackings are crimes of opportunity. The victim's machine was already infected with a general purpose trojan, capable of providing screen captures and keyboard logs. This information was then used as an added bonus to pfilch/dump the poker account money. Explicitly targeting online poker players makes little sense, as we are still a relatively small group compared to internet users in general and there are far better ways of making money with less risk of getting caught.

Malware Distribution

The botnets are created by large-scale phishing attempts. On success, the victim machine executes a Trojan Dropper (sorry, no link). This is a small, relatively well crafted piece of software which proceeds to load the full malware suite to the machine, finishing the infection.

The longer a malware can remain hidden, that much longer it can be used for these nefarious purposes. In fact, there are underground services that run real tests against a suite of AV products - making it easier for malware developers to avoid their sofware's detection.

Once installed, the malware will periodically update itself as new versions become available. These updates include, among other things, new detection avoidance methods...

And if you're wondering about how big the botnets are: few years ago a botnet of 300k machines was considered large. Today, having a botnet of 500k machines is only relatively big. There are tens to hundreds of millions of internet users. There are certainly hundreds of millions of machines connected, some behind NAT devices so they appear to outside as having a single IP address. Infecting even a tiny fraction of such a huge mass is a really big thing.

Let's say there were only 250 million computers connected to the internet. If a trojan dropper can infect just 0.05% of that, that's still 125k machines.

Non-Adobe PDF readers

http://www.pdfreaders.org/ Nuff said.

Which brings us to...

Open-Source vs. Security

I disagree with vhaluus's opinion. The security issues between OSS and closed products can not be really summarised in any easy manner, but I'll try.

First of all, you must understand that the propriatery utility software is very often a pre-installed or bundled tool. The authors make money based on the number of made installations, so getting their tool included in a favourite bundle - or even better - as part of OEM installation, is their goal.

Once the installation is made, they have their cash cow in place. Updating it with security patches is an added burden which costs effort and hence is a money sink. In fact, we have seen over and over again, throughout the years, how majority of closed software is only patched after a vulnerability is made public AND HAS BEEN EXPLOITED.

In other words, for a good number of these authors it's not a security issue that they are fixing - they are addressing a public relations problem which, if unchecked, could escalate to real financial effects.

On the other end are the OSS tools. They tend to live by project visibility so it is in their best interestes to announce even small upgrades and especially address security fixes because they tend to get more exposure.

Now, whether being open is better or worse for security... my personal belief, grown over more than 15 years is that it really doesn't matter much. A popular target will be inspected in any case, and in the last three years the use of fuzzers has become so prevalent that any kind of input or sequence validation problems are found regardless of how the source is treated.

Because of this, the real matter is how long any specific tool is vulnerable and how easily it can be upgraded once the issue has been fixed. However, the open source tools have one rather odd advantage which is (rather unexpectedly) related to closed source upgrade cycle. For closed projects, the security announcement and proof-of-concept exploit are a source of embarrasment. For open-source projects, the visibility of their source is a constant, potential source for similar embarrasment. Because of this single issue, the open source guys tend to spend more time making sure their code is in order. For them, readable and functional code is a matter of pride. (For many, it's also an advertisement of their abilities.)

With fewer release deadlines to meet, they can afford this. The flipside is that with no deadlines to meet and with very little money on the line, the pace of development and appearance of new features is more sporadic and less planned.

Afterword

Oops, this grew a bit lengthier than I anticipated. Sorry about that.

Security is one of those things that tends to go unnoticed until it fails. The important bit is to give it a little notice, all the time. That way you don't need to find yourself in a situation of not having noticed it all and be forced to comprehend/deal with a big problem all at once.

Indeed, nice article although it seems a bit paranoid about the remote hacking.
If you use a firewall which blocks unasked for incoming/outgoing connections then someone knowing your IP shouldn't be a problem. I've switched to the free COMODO Firewall after reading about it on 2P2.

You also didn't cover sandboxing/virtual machine programs like sandboxie or VMware for example. When trying new programs you can easily use these without having any risk that your computer will be infected.

Imo, firewall+antivirus+some thinking about what you install on your pc should be enough.
The RSA tokens for fulltilt and stars are pretty usefull too.

I like this COTW, especially the part about IPs being out in the open through Skype. I suggest you change your Skype privacy settings so that only people on your contact lists can contact you. I recently was the victim of fraudulent activity on Skype and this post has prompted me to share my story.

I've posted it in CTH -- LINK

a couple of quick suggestions:

On you computer setup an account that has no privelages and doesn't use a major browser (use Chrome or Firefox or something to that effect). The account should not have the ability to install programs, and I would make a small partion on the HD (or a seperate HD would be better), thats the only space the account can access. Then use this account for visiting untrusted websites.

Also, I strongly recommend creating images of your system, when you know its running well and not infected. Then you can reimage fairly quickly if you think you got some bad stuff on your computer. I also setup an IDS on my network with an old computer running Linux and some good freeware.

Even better would be to use an old PC (read: your 2nd PC) for visiting shady sites.

agreed, I am personally now using multiple HD. I have a work computer, and travel, so I just laid down the $40 a piece, made a personal HD for my Poker/Personal finances, and then a "don't care HD' that I wipe every couple of months.

Thats smart and way better than my solution of having this loud thing sitting here, besides my real PC.

If you have a decent enough pc then just using a virtual machine for this works as well.
And if it's just browsing that you're worried about then you can easily use a sandboxing program.

As a counter argument:

While its true that having access to the source code makes finding exploits easier it is also been shown repeatedly that open source security protocols are much more secure due to many of those vulnerabilities being found, reported and fixed.
A proprietary protocol often has glaringly obvious vulnerabilities precisely because the security professionals are unable to 'legally' exam the source code and report back on potential exploits.

So it can be argued that open source software is 'better' in terms of security as it has been exposed completely to the security world allowing hackers, crackers and anyone with an interest to examine the code identify its weaknesses and improve it.
This advantage is so apparent in the security industry that many of the 'big' software companies prefer to utilise open source security architectures and protocols within their own systems to minimise their disadvantage over open source in this regard.

If your interested in exploring this argument further a good start is:

http://www.uibk.ac.at/linuxdoc/LDP/H...-security.html