Feeds

Is Linux security a myth?

Time will tell

  • alert
  • submit to reddit

Security for virtualized datacentres

Comment There are rare occasions in IT when a particular architecture reaches a point where it stops being purely IT driven and takes on a life of its own.

The last year has seen the open source movement reach such a cult status; and at the vanguard of open source fashion can be found the Linux operating system. While the platform appeals at several levels for potential users, some of a philosophical nature and others far more concrete, it is noticeable that a couple of its qualities have recently been called into question.

Microsoft, a supplier of operating systems with which Linux competes, has recently taken to the press to question two of the pillars upon which Linux and Open Source have made their names - cost of ownership and security. Now questions concerned with the cost of ownership of any system, Linux, Windows or otherwise, are incredibly complex to resolve and, frankly, very few organisations have any idea regarding how much they spend on IT ownership at a system, application or platform level.

However, when it comes to the question of security regarding Linux as a platform, Nick McGrath, head of platform strategy for Microsoft in the UK, has been quoted as saying: "The biggest challenge we need to face centres on the myth and reality. There are lots of myths out there as to what Linux can do. One myth we see is that Linux is more secure than Windows. Another is that there are no viruses for Linux."

In one respect, McGrath is correct and this concerns the lack of malicious code threats to Linux. Over the last few months, several instances of malicious code have been discovered that target Linux explicitly. However, the number is extremely small compared to the number of attacks launched against Microsoft Windows, and indeed against several other operating systems.

There are several factors behind there being a far smaller number of attacks against Linux. Not the least of these is the fact that the platform, whilst it is gaining traction fast, is still relatively small in the world of business critical production systems. It will be interesting to see how the attack threat develops as Linux continues to move into everyday business use, although the open availability of the code base on which Linux is built should help to minimise the number of security holes that exist in the code.

However, some people are also questioning whether the open source model itself can provide organisations with both the security and the comfort that they require to run Linux in vital operations. Once again, McGrath asked the question: "Who is accountable for the security of the Linux kernel? Does Red Hat, for example, take responsibility? It cannot, as it does not produce the Linux kernel. It produces one distribution of Linux."

Missing the point

In this area McGrath is completely missing the point. In the vast majority of circumstances, when a customer builds a solution on the Linux operating system, they do so using a distribution of the operating system, not the kernel alone. And when a mission critical system is deployed, it is almost unknown for the organisation concerned not to take out support cover for the operating platform. With major IT vendors such as IBM, HP, Novell (SuSE) and Red Hat offering to support Linux, there is no shortage of suppliers willing to provide as good a security guarantee, in terms of patch management, as that provided for any other operating system, including Windows and the leading Unix platforms.

Using Linux is itself no guarantee of "security". The same is true for all operating systems. Each platform needs to be managed actively. Bugs, viruses and other malicious threats to a system will occur. This is why it is vital that every IT system be supported with excellent management procedures to ensure its long term availability and security. Technology alone is never "secure".

However, there are no obvious security issues visible today to indicate that Linux is not ready for enterprise deployment. The code base is managed by all of the distributors and enjoys the active backing of many of the largest IT vendors. Security and Linux may be a myth, but no more so than for any other operating system. A Linux platform needs to be managed in the same way as any other. However, at the moment, the number of threat notices that the operating system attracts every day is relatively small.

Linux does have an active role to play in business and the platform continues to mature rapidly on all levels, including security. Is it perfect today? No. Is it perfectly secure? No. But then no operating system available today is perfectly secure, although zOS on the IBM mainframe gets pretty close. Is Linux "Security" A Myth? Yes, but then all "security" is a myth; people and processes secure systems, not technology alone. However, Linux is usable, relatively secure and enjoys support enough to allow its use in mainstream business where appropriate. Oh, and it is being used.

© IT-analysis.com

Related stories

More advisories, more security
Whatdya mean, free software?
Big.biz struggles against security threats

Beginner's guide to SSL certificates

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
Was ist das? Eine neue Suse Linux Enterprise? Ausgezeichnet!
Version 12 first major-number Suse release since 2009
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.