Reflecting On Linux Security In 2003
by Mirko Zorz - Wednesday, 24 December 2003.
When asked about Windows vs. Linux security, Gagne says: "Frankly, it seems incredible that this is even open to debate. To suggest that Windows is inherently more or as secure is almost too silly to even comment on. One need only read the newspapers, listen to the radio, watch television or work in an office where Windows is widely used. Of course Linux is more secure, and it has nothing to do with Microsoft's market penetration. It has to do with a better approach to software development. It doesn't hurt that at its very core, Linux is designed with security in mind. No need here for launching a security initiative after years of neglect."

"I don't want to imply that there is no such thing as a security hole in the Linux world or that worms have never spread from one Linux system to another, but quite frankly, the risks are just not that high. Modern Linux distributions take security very seriously, installing firewalls as part of a standard installation. The open source development model insures that Linux code is open to scrutiny at the most basic level. There is no such openness in the Windows world." Gagne added.

High-profile breaches

Linux security has been scrutinized in the news lately with high-profile breaches surrounding the Debian Project and Gentoo Linux. Despite these happenings, people are still more worried about the insecurities surrounding Microsoft products and, according to a survey that's what drives them to open source products.

Bob Toxen said: "Practically speaking, though, these few incidents are really the "Plane Crash" of security problems. By this, I mean that they are news because they are so rare."

"No known end-users suffered a compromise as a result of these brief compromises. Only a few dozen copies of possibly compromised code were downloaded -- at least from the Debian site where statistics were provided. Compare this to the millions of end-user sites that get compromised every few months when a major Microsoft vulnerability is exploited. These far greater numbers of compromised users are the "car wrecks" of the computer security world. Nobody pays any attention to reports of traffic fatalities. They appear buried deep in the newspaper every day. Just flip today's paper open to the Obituaries. Unlike the flying public, though, most company executives finally have realized that Open Source offers far better security and reliability at a far lower cost than proprietary "solutions", such as Microsoft. Apache outnumbers IIS about five to one. Almost every large web site and many small ones run Apache on Linux or Unix rather than Bill's software." Toxen added.

What about viruses?

After an article about Linux vs. Windows viruses there's been a heated debate on how many viruses there actually are for the Linux platform and how much more secure people using Linux are than Windows users. What I've been thinking about is do Linux users really need an antivirus product?

Gagne said: "My first instinct in replying to this question was to stress the difference between viruses and trojans. Even in the Linux world, it is possible for someone to distribute a program that is actually a trojan horse. It is also possible to leave your system open to something as simple as somebody logging in through any of a variety of open network services. Exploiting too liberal an access policy (ie: no firewall), is not the same thing as a virus that infects your files because you received and opened an email attachment."

Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //