Operating Systems > Linux and UNIX
Reality Check: How Safe Is Linux?
Zombie9920:
By Vincent Ryan
NewsFactor Network
June 11, 2003
Many of the programs included in Linux distros have programming errors that lead to things like privilege escalation, whereby a common user tricks a program into thinking it has more privileges than it does, says Guardian Digital CEO Dave Wreski.
--------------------------------------------------------------------------------
You want to think outside the box. Your budget calls for out of the box. Don't you wish you could have both? With Remedy, you can. Remedy's Service Management solutions, including Help Desk and Customer Support, deliver results quickly, easily, within your budget. Remedy. Your Business, Your Way.(tm)
--------------------------------------------------------------------------------
It is not enough for an operating system to be low cost, reliable and capable of handling mission-critical applications. At some point in every OS's cycle of life, the question comes down to security and safety.
Ever since the entry of Linux into mainstream business computing, security gurus have been trying to measure its vulnerability to security breaches and attacks. They have even gone so far as to count the number of security alerts issued by Linux distributors to see how the numbers compare with those issued by Microsoft (Nasdaq: MSFT) for Windows servers.
A definitive answered has eluded the experts, but that has not prevented them from taking sides in what usually devolves into a religious war over open-source versus closed-source operating systems.
Still, the crucial question plagues companies considering whether to go the open-source route: Is Linux a safe, secure operating system that you can bet your business on? And if it does have flaws, where are they?
View the entire article
Bazoukas:
Here is the thing.
Security issues are in all programs no matter the OS. Period.
You can select what applications you want to install in Linux. If a distro comes with 100 additional programs, that does not mean that you need to install all of them. Why would you wanna do that?
Of course that would increase your risks, running programs that you dont need.
Beyond that, the Linux community issues its warnings and fixes the problems in a way much faster pace than MS does. MS doesnt do that.
Example? Apache fixed its wurm security issue in 24 hours. It took MS a month or so.
Its not that Linux is bulletproof. What is different with Linux is that when problems come up, its brought to everyones attention really fast and its fixed right away.
The backend of the industry runs on Unix and Linux. Microsoft has the frontend but the way they are going they will lose that too and its too bad and am saying that as a 101% windows free user. The more OS there are out there, the better for the consumer.
And its not because their programers are not good. For me its the policies of MS that criples the OS and their programmers.
KernelPanic:
Well at least problems get recongnised more in the open-source world that's how I see it anyway. Maybe Bill Gates is like Hoover hoping for some 'rugged individualism' on the sysadmins part? Although with Microsoft there is little room to customise.
I think for a lot of business physical security and social engineering are probably greater risks to them than OS security.
Some people in the Linux world need to understand that Linux is not impregnable and Windows people should start to appreciate that most corporate level Linux users know that.
A lot is down to sys/netadmins but at the end of the day I'd feel happier with a well set up Linux server than an equivalent Windows one.
It doesn't matter too much what figures say anyway, as Win and Lin start to have less of a popularity difference small businesses will start to be able to see achievements of the respective OSs in working environment. That, as opposed to hearing some Microsoft FUD or some half-story they have heard about this 'Lynux' from a friend of a friend of some Solaris admin.
Zombie, how come you only post articles nowadays, lost an opinion?
Faust:
quote:
"The number of exploits [is] lower with open-source software, as is the response time until the exploits get fixed," Hichert agreed.
--- End quote ---
Speaks for itself really.
quote:
Distributors constantly are working on ways to improve the security of out-of-box Linux distributions, Shankar pointed out. Niche distributions focused on security include EnGarde Secure Linux from Guardian Digital, which provides multi-layered access control, a ready-to-build intrusion detection device, and a network gateway firewall. The distro also prevents Trojan Horse attacks and limits exposure to buffer overflows.
--- End quote ---
Some distros are designed for simple non server use. You would be a fool to use them in a server role. OTOH, distros like Debian are superb for server usage - and quite a lot more secure than Windows. Do people use Windows for firewall boxes by the way or do they use BSD / specialized Linux distros like Smoothwall?
Faust:
quote:
By and large, however, primary Linux distributions are roughly equal, Shankar said, because they all work off the same code base. There is always a trade-off in security, Wreski said. "Off-the-shelf Linux distros try to appeal to the largest mass audience possible." These distributors cannot add tighter security measures because they may adversely impact some part of their audience, he explained.
--- End quote ---
At the end of the day I'm sure we agree that security is largely dependent on the admin - and an admin with power will be able to secure a system better than a neutered one. So which OS gives the admin more power? Plus most security breaches come from within your network (employees), so you need to be able to comprehensively secure what they can and can't access - with Debian I can deny a user access to any part of my OS. In fact the default behaviour in Debian is to deny a user access to the sound - following such sound advice as "if they don't need it they don't get it" can provide maximum security.
Navigation
[0] Message Index
[#] Next page
Go to full version