Linux has its own security holes

Related Links

Linux weighs in

There may be fewer viruses designed to attack the Linux operating system, but experts warn that Linux is no more bulletproof than any other system. Agencies that adopt Linux should be aware of its vulnerabilities, according to Travis Witteveen, executive vice president, Americas, for security firm F-Secure Corp.

"Computing systems are very similar, whether they're called Linux, [Microsoft Corp.'s] Windows, Unix, [Apple Computer Inc.'s] MacIntosh or even [Microsoft's] PocketPC," he said. "Security from the high perspective isn't very different. People for some reason had had this false sense that [Linux] is different. It isn't different at all."

"Current and prospective Linux customers should be just as concerned about security as anyone in the Windows or Unix environment," said Laura DiDio, senior analyst of application infrastructure and software platforms for the Yankee Group.

Virus writers will target Linux when the system gains a high enough profile, Witteveen said. But even now, there are some

vicious Linux viruses out in the wilds of cyberspace. "Some of them are even worse than Windows viruses," he said.

The most damaging Linux virus so far, the Slapper worm, infected 20,000 systems in 100 countries in late 2002, DiDio said.

"That pales in comparison to the most damaging Windows virus, MyDoom and its variants, which infected several million computers in three weeks," she said. "But there are orders-of-magnitude more Windows machines deployed."

Linux is "on everyone's radar screen," and creators of malicious code are increasingly taking notice, she said. Many Linux viruses don't require user interaction, unlike most Windows attacks that depend on the user to run an attached file in order to infect the computer.

Many companies distribute Linux and the needed security patches, she said. However, organizations running custom applications may need skilled Linux technicians on site to ensure that the patches will work in their custom settings, she said.

Linux's status as a community-developed system has made it somewhat more secure than Windows, Witteveen said. However, the security measures can still be breached. "It's just one more little barrier you have to break" to do damage, he said.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.