Feeds

UK Linux group slams Sophos virus threat claims

Anti-virus company is spouting FUD, says NetProject

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Updated Anti-virus software developer Sophos has been accused of spreading fear, uncertainty and doubt over the safety of Linux systems by UK pro-open source organisation NetProject.

Sophos wrote to UK newspaper Computer Weekly t'other week to claim that viruses targeting Linux already exist.

Not so, responded NetProject director Eddie Bleasdale. Yes, anti-Linux viruses can be written, but Linux, like Unix, has sufficient systems in place to prevent unauthorised software from running on any "correctly configured and administered Linux computer".

"We have been working in the Unix area for over 20 years," Bleasdale said in a statement. "During this time we have never encountered a Unix or Linux virus nor have heard of any organisation that has been infected by a Unix/Linux virus."

So prove your claim, Sophos, challenged NetProject.

No, shan't, so there, responded the anti-virus company.

Bleasdale called Sophos for clarification, and received, he says, the following message from the company's senior spin doctor, Graham Cluley: "I don't have any response other than that which I have already given you...

"I don't have any more to say on the matter. I think it will be a waste of our mutual time if you email/phone Sophos on this matter again."

We considered giving Sophos a buzz too, but then we read Cluley's words: "I'll give the same response to any journalists who might call me up."

NetProject's challenge is simple: send an email with an attachment (presumably infected) and see if it screws up the system. Of course, where the infection comes from if there aren't, as Bleasdale claims, any Linux viruses doing the rounds is an interesting question, but presumably Sophos could come up with something.

Cluley later told The Register: "Sophos is in the business of protecting computers, not infecting them. Therefore we have no interest in responding to challenges to attack systems, especially when the result would only support what we know already."

"We believe that Linux is pretty much bullet proof and if Sophos is able to infect a well configured Linux box then it will uncover an implementation defect rather than a design flaw," said Bleasdale. "Anti-virus software simply treats the symptoms and does not address the fundamental design weaknesses that allow viruses... We need to stop the fear uncertainty and doubt that the anti virus companies are trying to create around Linux."

That last line's a dig at Windows. NetProject is essentially about promoting among UK businesses the use of systems that aren't based on Windows or other proprietary software, hence it's keen interest in Linux and open source.

In response to Bleasdale's FUD claim, Cluley told us: "Unix viruses are not a huge threat but the original purpose of Sophos' letter was to correct a previous correspondent to Computer Weekly who believed they did not and could not ever exist. Unix viruses do exist and there are many non-Sophos
sources which support that fact."

And that's certainly the case. Symantec's virus database lists only four Linux viruses, and Kaspersky Labs lists two (and one of those is already on Symantec's list, bringing to the total to... er... five. Which is, it has to be said, rather fewer than known Windows infections... ®

Reducing security risks from open source software

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.