Interview with Bob Toxen, Author of "Real World Linux Security"
by Mirko Zorz - Monday, 16 December 2002.
I slept very little. I did just enough for my clients so that they did not find someone else to help them. This obsession resulted in a much better book. I saw my contribution to Linux and Open Source was to help secure it. While Linux (and Unix) is capable of very good security, people did not know how. With my knowledge of security and some ability to write I saw this as my greatest contribution to Open Source. The book also is very useful to Unix System Administrators.

What's your take on the adoption of Linux in the enterprise? Do you think it will give a boost to security?

Linux continues to "Eat Bill's lunch" and that of the Unix vendors. With the desktop work that has been done recently and several Distributions' work for easier installs, Linux is ready to take over the desktop market too. I think that the poor economy internationally has helped Linux.

Any old PC can run Linux quickly for no money and troublefree operation. The latter means far less support costs. Microsoft just announced that it no longer will support its flagship Office for previous Windows versions, to "force" people to buy its new stuff; I think many will switch to Linux instead.

SuSE just announced its Open Exchange product. There are several Open Source Linux-based clients for MS Exchange. Almost everyone has heard of Linux now. IBM advertises it on television. Non-geek friends want to try it.

What do you think about the full disclosure of vulnerabilities?

Full disclosure of vulnerabilities forces vendors to fix their security problems quickly and it counteracts the lies of insecure vendors that their software is secure. This seems to be why Microsoft is lobbying the U.S. government to outlaw full disclosure and Hewlett-Packard (HP) is trying to imprison someone under DMCA who disclosed HP vulnerabilities. It was disclosed only after HP refused to acknowledge the problem or repair it.

What are your future plans? Any exciting new projects?

Since finishing the book two months ago, I have created a Linux-based Enterprise-class Virus filter and Spam filter and installed them at various clients. I am finishing an article on a novel way to trace Distributed Denial of Service (DDoS) attacks so that they may be stopped much faster. I am growing my network security consulting business.

What is your vision for Linux in the future?

Linux will replace Windows and Unix as the universal operating system for everything from embedded systems and PDAs to the biggest systems. Linux's Open Source nature and the peer pressure from its users will prevent Microsoft, IBM, or anyone else from forcing people to use inferior proprietary software again.

More governments will join China, France, and Mexico in officially preferring Linux over Microsoft for its better quality and lower cost of ownership. There is a Chinese edition of Real World Linux Security from China Machine Press.

People will have personal lives again rather than having to reinstall their Windows systems or retype their documents every weekend following crashes.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th