"I don't want to imply that there is no such thing as a security hole in the Linux world or that worms have never spread from one Linux system to another, but quite frankly, the risks are just not that high. Modern Linux distributions take security very seriously, installing firewalls as part of a standard installation. The open source development model insures that Linux code is open to scrutiny at the most basic level. There is no such openness in the Windows world." Gagne added.
Linux security has been scrutinized in the news lately with high-profile breaches surrounding the Debian Project and Gentoo Linux. Despite these happenings, people are still more worried about the insecurities surrounding Microsoft products and, according to a survey that's what drives them to open source products.
Bob Toxen said: "Practically speaking, though, these few incidents are really the "Plane Crash" of security problems. By this, I mean that they are news because they are so rare."
"No known end-users suffered a compromise as a result of these brief compromises. Only a few dozen copies of possibly compromised code were downloaded -- at least from the Debian site where statistics were provided. Compare this to the millions of end-user sites that get compromised every few months when a major Microsoft vulnerability is exploited. These far greater numbers of compromised users are the "car wrecks" of the computer security world. Nobody pays any attention to reports of traffic fatalities. They appear buried deep in the newspaper every day. Just flip today's paper open to the Obituaries. Unlike the flying public, though, most company executives finally have realized that Open Source offers far better security and reliability at a far lower cost than proprietary "solutions", such as Microsoft. Apache outnumbers IIS about five to one. Almost every large web site and many small ones run Apache on Linux or Unix rather than Bill's software." Toxen added.
What about viruses?
After an article about Linux vs. Windows viruses there's been a heated debate on how many viruses there actually are for the Linux platform and how much more secure people using Linux are than Windows users. What I've been thinking about is do Linux users really need an antivirus product?
Gagne said: "My first instinct in replying to this question was to stress the difference between viruses and trojans. Even in the Linux world, it is possible for someone to distribute a program that is actually a trojan horse. It is also possible to leave your system open to something as simple as somebody logging in through any of a variety of open network services. Exploiting too liberal an access policy (ie: no firewall), is not the same thing as a virus that infects your files because you received and opened an email attachment."