| Face it: Linux is insecure |
Jun. 05, 2006
Linux is insecure. Open source is insecure. Windows is insecure. All software is insecure.
Deal with it.
People keep having this delusion that security is a product. That, if you just buy some magic box, you'll have a program or an operating system that's as secure as Fort Knox.
It doesn't work that way. Security is a process, not a product.
Some systems are more secure than others. Linux, as anyone who pays any attention to security news knows, is a lot more secure than Windows. If we were talking cars, Linux would be a Volvo S80 and Windows would be a Ford "Hit here to blow up" Pinto.
But, any car can be hit, and any car can be hit hard enough to destroy it. It's all about the odds and driving safely.
Driving safely on a computer or a network means knowing, and using, their available security features. For example, any machine that's exposed on the Internet should have an enabled firewall.
Even OpenBSD -- in my humble opinion, the safest operating system on the planet -- is crackable, if you allow anyone to come and pound away at its network interface.
In the case of Linux, if your system doesn't come with an enabled firewall, you can use netfilter and iptables to set up either a simple or sophisticated network defense system. If you're new to firewalls, LinuxGuruz has a helpful listing of netfilter and iptables resources.
You also need to keep an eye on Linux and open-source security patches and repairs.
So, for example, when Red Hat announced last week a major security patch that fixed 16 individual flaws present in its Red Hat Desktop and RHEL (Red Hat Enterprise Linux) 4.0, you'd be well advised to install that patch sooner rather than later.
It also means that you need to know where your operating system comes from. So, if you're running CentOS, Lineox, or White Box Linux, you'd better be pestering them for their version of the Red Hat patch because all of these Linuxes are based on RHEL 4 code.
The same is true for applications. Are Firefox and Thunderbird safer than Internet Explorer and Outlook? Of course, they are. Does that mean you're safe using them without their latest patches? I don't think so!
Again, you can't drive and not eventually have a near-miss, and you can't run a networked computer without having someone seriously try to take your machine down. Security is all about weighing the threat level and doing the best you can to make sure that you're safe.
That also means taking a long, hard look at some "threats."
Last week, for instance, anti-virus software maker Kaspersky Lab claimed to have isolated a new virus, Stardust, aimed at Sun's StarOffice office suite and the open-source version of the programs, OpenOffice.
But, was this so-called macro virus a real worry? According to a NewsForge report, the "general agreement is that the Kaspersky Lab claim is an exaggeration."
I'd agree with that. Yes, if you open a strange document and enable it to run macros, something bad could happen to you. Unlike similar problems in the past with Microsoft Office macro viruses, though, any such "virus" can't attack the underlying operating system because neither StarOffice nor OpenOffice have the deep hooks into the operating system that enabled Office macros to be a real problem a few years back.
So, is there a potential problem here? Yes, potentially someone could use the macro language to cause trouble. Of course, they could also use Perl, Visual BASIC, Python, Java, etc., etc. to cause trouble.
Have I mentioned, yet, that almost any use of software has some security danger?
There are two morals to this story. The first is that while you're safer using Linux or open-source software, you're never perfectly safe. The second is, as much as you might not want to, you really must work on security with any operating system or program, or face the possibility of having a real accident on the old information superhighway.
-- Steven J. Vaughan-Nichols
Do you have comments on this story?
Talkback here
NOTE: Please post your comments regarding our articles using the above link. Be sure to use this article's title as the "Subject" in your posts. Before you create a new thread, please check to see if a discussion thread is already running on the article you plan to comment on. Thanks!
(Click here for further information)
|
|
|
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.
Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.
Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.
Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.
Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.
Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.
Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.
Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.
|
|
|
|
|
news feed