Feeds

UK Linux group slams Sophos virus threat claims

Anti-virus company is spouting FUD, says NetProject

  • alert
  • submit to reddit

High performance access to file storage

Updated Anti-virus software developer Sophos has been accused of spreading fear, uncertainty and doubt over the safety of Linux systems by UK pro-open source organisation NetProject.

Sophos wrote to UK newspaper Computer Weekly t'other week to claim that viruses targeting Linux already exist.

Not so, responded NetProject director Eddie Bleasdale. Yes, anti-Linux viruses can be written, but Linux, like Unix, has sufficient systems in place to prevent unauthorised software from running on any "correctly configured and administered Linux computer".

"We have been working in the Unix area for over 20 years," Bleasdale said in a statement. "During this time we have never encountered a Unix or Linux virus nor have heard of any organisation that has been infected by a Unix/Linux virus."

So prove your claim, Sophos, challenged NetProject.

No, shan't, so there, responded the anti-virus company.

Bleasdale called Sophos for clarification, and received, he says, the following message from the company's senior spin doctor, Graham Cluley: "I don't have any response other than that which I have already given you...

"I don't have any more to say on the matter. I think it will be a waste of our mutual time if you email/phone Sophos on this matter again."

We considered giving Sophos a buzz too, but then we read Cluley's words: "I'll give the same response to any journalists who might call me up."

NetProject's challenge is simple: send an email with an attachment (presumably infected) and see if it screws up the system. Of course, where the infection comes from if there aren't, as Bleasdale claims, any Linux viruses doing the rounds is an interesting question, but presumably Sophos could come up with something.

Cluley later told The Register: "Sophos is in the business of protecting computers, not infecting them. Therefore we have no interest in responding to challenges to attack systems, especially when the result would only support what we know already."

"We believe that Linux is pretty much bullet proof and if Sophos is able to infect a well configured Linux box then it will uncover an implementation defect rather than a design flaw," said Bleasdale. "Anti-virus software simply treats the symptoms and does not address the fundamental design weaknesses that allow viruses... We need to stop the fear uncertainty and doubt that the anti virus companies are trying to create around Linux."

That last line's a dig at Windows. NetProject is essentially about promoting among UK businesses the use of systems that aren't based on Windows or other proprietary software, hence it's keen interest in Linux and open source.

In response to Bleasdale's FUD claim, Cluley told us: "Unix viruses are not a huge threat but the original purpose of Sophos' letter was to correct a previous correspondent to Computer Weekly who believed they did not and could not ever exist. Unix viruses do exist and there are many non-Sophos
sources which support that fact."

And that's certainly the case. Symantec's virus database lists only four Linux viruses, and Kaspersky Labs lists two (and one of those is already on Symantec's list, bringing to the total to... er... five. Which is, it has to be said, rather fewer than known Windows infections... ®

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.