Linux has its own security holes

Related Links

Linux weighs in

There may be fewer viruses designed to attack the Linux operating system, but experts warn that Linux is no more bulletproof than any other system. Agencies that adopt Linux should be aware of its vulnerabilities, according to Travis Witteveen, executive vice president, Americas, for security firm F-Secure Corp.

"Computing systems are very similar, whether they're called Linux, [Microsoft Corp.'s] Windows, Unix, [Apple Computer Inc.'s] MacIntosh or even [Microsoft's] PocketPC," he said. "Security from the high perspective isn't very different. People for some reason had had this false sense that [Linux] is different. It isn't different at all."

"Current and prospective Linux customers should be just as concerned about security as anyone in the Windows or Unix environment," said Laura DiDio, senior analyst of application infrastructure and software platforms for the Yankee Group.

Virus writers will target Linux when the system gains a high enough profile, Witteveen said. But even now, there are some

vicious Linux viruses out in the wilds of cyberspace. "Some of them are even worse than Windows viruses," he said.

The most damaging Linux virus so far, the Slapper worm, infected 20,000 systems in 100 countries in late 2002, DiDio said.

"That pales in comparison to the most damaging Windows virus, MyDoom and its variants, which infected several million computers in three weeks," she said. "But there are orders-of-magnitude more Windows machines deployed."

Linux is "on everyone's radar screen," and creators of malicious code are increasingly taking notice, she said. Many Linux viruses don't require user interaction, unlike most Windows attacks that depend on the user to run an attached file in order to infect the computer.

Many companies distribute Linux and the needed security patches, she said. However, organizations running custom applications may need skilled Linux technicians on site to ensure that the patches will work in their custom settings, she said.

Linux's status as a community-developed system has made it somewhat more secure than Windows, Witteveen said. However, the security measures can still be breached. "It's just one more little barrier you have to break" to do damage, he said.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Shutterstock image (by wk1003mike): cloud system fracture.

    Does the IRS have a cloud strategy?

    Congress and watchdog agencies have dinged the IRS for lacking an enterprise cloud strategy seven years after it became the official policy of the U.S. government.

  • Shutterstock image: illuminated connections between devices.

    Who won what in EIS

    The General Services Administration posted detailed data on how the $50 billion Enterprise Infrastructure Solutions contract might be divvied up.

  • Wikimedia Image: U.S. Cyber Command logo.

    Trump elevates CyberCom to combatant command status

    The White House announced a long-planned move to elevate Cyber Command to the status of a full combatant command.

  • Photo credit: John Roman Images / Shutterstock.com

    Verizon plans FirstNet rival

    Verizon says it will carve a dedicated network out of its extensive national 4G LTE network for first responders, in competition with FirstNet.

  • AI concept art

    Can AI tools replace feds?

    The Heritage Foundation is recommending that hundreds of thousands of federal jobs be replaced by automation as part of a larger government reorganization strategy.

  • DOD Common Access Cards

    DOD pushes toward CAC replacement

    Defense officials hope the Common Access Card's days are numbered as they continue to test new identity management solutions.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group