British businesses advised to avoid Linux
A British security consultant has drawn fierce criticism from Linux experts after advising companies the open source operating system is not secure enough for commercial use.
Speaking Wednesday at the UK Compsec conference in London, Stan Dormer of IT security training firm Stan Dormer Associates, dedicated an entire presentation to the subject entitled: "Linux Security: is it good enough for commercial use?"
Dormer criticised the portrayal of Linux in the media as a practical alternative to Windows variants claiming that for the average user, Linux is not a secure option. His conclusions are based on research carried out by his company over a number of weeks.
According to Dormer's research:
One Linux security specialist, who requested anonymity, challenged Dormer's research and his credibility: "You shouldn't run Linux if you can't support it and obviously this guy couldn't. As for not being as secure as something like Windows NT, I see many bugs in NT and I can't say I trust it. You certainly can't trust the vendor to fix the bugs."
The security source also disputed whether Linux is difficult to set-up securely. "In about ten minutes you can get a Linux box pretty unhackable running Apache and SSL. NT is an administrative nightmare as the whole logging process slows it down so much." He also questioned whether a novice should be involved with setting up any company's security measures.
But Dormer hit back arguing that his assertions need to be taken in context. He said that in Britain many relatively inexperienced IT managers are charged with making sure their company is shored-up against computer attack. "I'm not knocking Linux," he said, "I'm just being a hard-nosed businessman. With Windows what's going on is far more visible and you can bring your experience of working with Windows 98 and 95 to it."
British Linux developer Jason Clifford attacked Dormer's presentation as wildly inaccurate and misleading. "What was he trying to sell people? You can't get much more secure than having access to source code. Most distributions of Linux have nice utilities for security and I'd say that it's as easy, if not more, to make Linux as secure as any other operating system."
Clifford also pointed out that security is an important issue in itself, regardless of the operating system. "No system is exactly easy to secure. Security is about best practice and if you know good practice it's easier to be secure on any operating system.
Take me to the Linux Lounge
Do you agree with Dormer's research? Tell the Mailroom