Linux has its own security holes

Related Links

Linux weighs in

There may be fewer viruses designed to attack the Linux operating system, but experts warn that Linux is no more bulletproof than any other system. Agencies that adopt Linux should be aware of its vulnerabilities, according to Travis Witteveen, executive vice president, Americas, for security firm F-Secure Corp.

"Computing systems are very similar, whether they're called Linux, [Microsoft Corp.'s] Windows, Unix, [Apple Computer Inc.'s] MacIntosh or even [Microsoft's] PocketPC," he said. "Security from the high perspective isn't very different. People for some reason had had this false sense that [Linux] is different. It isn't different at all."

"Current and prospective Linux customers should be just as concerned about security as anyone in the Windows or Unix environment," said Laura DiDio, senior analyst of application infrastructure and software platforms for the Yankee Group.

Virus writers will target Linux when the system gains a high enough profile, Witteveen said. But even now, there are some

vicious Linux viruses out in the wilds of cyberspace. "Some of them are even worse than Windows viruses," he said.

The most damaging Linux virus so far, the Slapper worm, infected 20,000 systems in 100 countries in late 2002, DiDio said.

"That pales in comparison to the most damaging Windows virus, MyDoom and its variants, which infected several million computers in three weeks," she said. "But there are orders-of-magnitude more Windows machines deployed."

Linux is "on everyone's radar screen," and creators of malicious code are increasingly taking notice, she said. Many Linux viruses don't require user interaction, unlike most Windows attacks that depend on the user to run an attached file in order to infect the computer.

Many companies distribute Linux and the needed security patches, she said. However, organizations running custom applications may need skilled Linux technicians on site to ensure that the patches will work in their custom settings, she said.

Linux's status as a community-developed system has made it somewhat more secure than Windows, Witteveen said. However, the security measures can still be breached. "It's just one more little barrier you have to break" to do damage, he said.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group