A few days ago, late last year (still is weird to say that), a post in German over at the ZETA-OS site, talked about ZETA's security. It mentions ZETA's immunity to spyware and trojans, and also that it is not possible to audit the system's contents from the outside. Today, two blog posts surfaced about this, both from people who know ZETA and how it works.

MauriceK, in his "security due to ignorance?" post, gives a few detailed examples on how code can be executed without the user's knowledge. He analyzes the input_server and the MailKit, in both cases giving code examples demonstrating security holes in both.

ICO's own FrankPS' post "Security through obscurity" is a more generalized opinion article. In it he discusses among other aspects, the lack of a firewall (more for outgoing than incoming traffic), the services which can seriously compromise the system's security (ftp and telnet for example), which are also present in other OSes and ends with upcoming ZETA 1.5 and it's multi-user environment.

Both are very interesting pieces and food for thought. Thanks to Ralf for the heads up on this one.