Linux has its own security holes
- By Michael Hardy
- May 03, 2004
There may be fewer viruses designed to attack the Linux operating system, but experts warn that Linux is no more bulletproof than any other system. Agencies that adopt Linux should be aware of its vulnerabilities, according to Travis Witteveen, executive vice president, Americas, for security firm F-Secure Corp.
"Computing systems are very similar, whether they're called Linux, [Microsoft Corp.'s] Windows, Unix, [Apple Computer Inc.'s] MacIntosh or even [Microsoft's] PocketPC," he said. "Security from the high perspective isn't very different. People for some reason had had this false sense that [Linux] is different. It isn't different at all."
"Current and prospective Linux customers should be just as concerned about security as anyone in the Windows or Unix environment," said Laura DiDio, senior analyst of application infrastructure and software platforms for the Yankee Group.
Virus writers will target Linux when the system gains a high enough profile, Witteveen said. But even now, there are some
vicious Linux viruses out in the wilds of cyberspace. "Some of them are even worse than Windows viruses," he said.
The most damaging Linux virus so far, the Slapper worm, infected 20,000 systems in 100 countries in late 2002, DiDio said.
"That pales in comparison to the most damaging Windows virus, MyDoom and its variants, which infected several million computers in three weeks," she said. "But there are orders-of-magnitude more Windows machines deployed."
Linux is "on everyone's radar screen," and creators of malicious code are increasingly taking notice, she said. Many Linux viruses don't require user interaction, unlike most Windows attacks that depend on the user to run an attached file in order to infect the computer.
Many companies distribute Linux and the needed security patches, she said. However, organizations running custom applications may need skilled Linux technicians on site to ensure that the patches will work in their custom settings, she said.
Linux's status as a community-developed system has made it somewhat more secure than Windows, Witteveen said. However, the security measures can still be breached. "It's just one more little barrier you have to break" to do damage, he said.