If Linux ruled the world how secure would it be?

If Linux ruled the world how secure would it be?

Summary: How secure would Linux be if everyone were using it?Given the popularity of Linux as a server OS, especially among Internet servers, I think it would be pretty secure.

SHARE:
TOPICS: Security
94

Kerberos logoHow secure would Linux be if everyone were using it?

Given the popularity of Linux as a server OS, especially among Internet servers, I think it would be pretty secure.

But would it really be more secure than Windows?

The question occurs because of this story from ZDNet's Joris Evans, posted yesterday. It's about two security alerts on Kerberos (logo at right), the wildly popular network authentication protocol.

MIT published both alerts Tuesday, and publishers of three major Linux distributions --  Red Hat, Turbolinux and Gentoo -- had fixes up by the time Evans wrote the story.

My problem is there are many other Linux vendors out there, and many people running Linux don't have a tight a relationship with their supplier that would enable quick bug fixes.

Oh, and while Microsoft uses Kerberos, Evans notes it's a homegrown version unaffected by the flaws.

What this tells me is that a comparison of open source security and that of proprietary security should not be based entirely on the software, but on the distributors' patch creation speed, and the users' patch implementation speed.

This will not give me pleasant dreams tonight.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

94 comments
Log in or register to join the discussion
  • Not much more

    You forget the #1 security problem, the one that is the same between any OS:

    The user. Tell them to do something stupid, and they will.
    rpmyers1
    • You mean...

      ...think of something stupid and they already did it.
      doe_z
  • LAMP is the most hacked server in the world.

    Sorry but if you do a bit of reading you will see I am correct.
    No_Ax_to_Grind
    • Yes no axe but how is the important thing

      and the fact of the matter is it is actively hacked by a human working away at it. The fundemental difference between Linux and Windows is that a hacker has to be proactive to get into a Linux machine, whereas the Windows machine can and has been on several occassions (more than several actually) compromised by a bot app or virus or worm or whatever else they have for cute names.

      That is the difference. People are [B]actively[/B] banging away at the LAMP, BAMP solutions where as some juvenille (read the news lately?) writes a script and takes out millions of Windows machines in a matter of minutes.
      Linux User 147560
      • Wrong

        [i]"That is the difference. People are actively banging away at the LAMP, BAMP solutions where as some juvenille (read the news lately?) writes a script and takes out millions of Windows machines in a matter of minutes."[/i]

        Wrong. LAMP machines are hacked by script kids in the same manner that Windows machines are. They have programs that scan for linux machiens with specific vulnerabilites and exploit them using the latest exploit code.

        There are *TONS* of ready to use exploit scripts that will allow you to "0wn" your very own linux box.
        toadlife
      • Teh first step is getting past the denial.

        Then we can begin to sort out your problems. ;-)
        No_Ax_to_Grind
    • Windows is the most hacked desktop in the world

      I see more damage and lost revenue due to Windows hacks and viruses versus LAMP. No need to do reading there... that's general knowledge.

      Grind... grind... grind...
      Sabz5150
      • Well duh, it's the only real desktop in the world.

        Surly you aren't going to say Judge Jackson was clueless are you?
        No_Ax_to_Grind
        • general knowledge with random metrics... =oS

          So if windows gets hacked it's not fair how the numbers are counted because it's simply because it's the most used desktop...
          However when linux gets hacked on the server and it's counted per website and not per server (http://www.smh.com.au/articles/2004/03/01/1077989482304.html) then it's fair game !?
          Ax this is tweaking of numbers that should be below you.
          What's interesting is for example studying the number of security problems in the past with Apache Vs IIS. Apache comes out looking very secure despite it being hugely popular.
          godot
          • No afraid not.

            Read George Ou's blog on Linux and Apache.
            No_Ax_to_Grind
        • Pick your poison

          Surely you aren't going to say that Microsoft has a monopoly on the desktop market now are you? If it's the only desktop, "real" or not, then there is a case for antitrust.

          Its that or you have to admit that the reason that Microsoft OSes get hacked the most is not due to being the only desktop around.
          Sabz5150
    • Sorry No_Facts

      Again you're referring to the George misunderstanding of what he
      was reading.

      LAMP is not even mentioned in the study.

      Please provide a link supporting your claim if you can:

      "LAMP is the most hacked server in the world"
      Richard Flude
      • Where did I mention LAMP?

        I never mentioned LAMP. I was responding directly to the quotation that implied that Linux servers were assumed to be fundamentally better. My point has always been that you can't make blank statements that one server OS is fundamentally better than another. The data in the Zone-h report is not conclusive on the issue of which OS is more secure, but it is accurate enough to state that the difference between the OSes isn't that much.

        It's not pro-Windows and it's not pro-Linux but I guess that is where the Linux zealots have the problem.
        george_ou
        • George, I apologise

          My post was badly worded. It contained two points:

          i) LAMP wasn't mentioned in the Zone-h report at all (No_Facts)

          ii) The Zone-h report should be read for what it is, nothing more
          (George)

          "The data in the Zone-h report is not conclusive on the issue of
          which OS is more secure, but it is accurate enough to state that
          the difference between the OSes isn't that much."

          Again I don't see the information in the report that supports
          your conclusion. As I said in the original talkbacks, all we can
          conclude from the report is that Linux webservers are defaced,
          and a larger number were defaced than IIS servers during the
          report period. Nothing more.

          "It's not pro-Windows and it's not pro-Linux but I guess that is
          where the Linux zealots have the problem."

          Linux zealots, like myself, have a problem with unsupported
          drivel. I covered this in the post "You tried and failed..." in your
          previous blog. My original post said nothing to claim Linux
          superiority (as you read into it I assume because of you pro-
          windows position), but dismisses your conclusions as they were
          not based on the data reported.
          Richard Flude
    • Yet they easily withstand attack... Interesting

      I have LAMP servers with over 400 days of uptime and counting, some under seemingly constant scripted attack.

      How do you think my Windows servers compare?

      However, I do realize a few people here and there do not change the average. Same as with Windows, knowledgeable admins are hard to come by. And it is extremely easy and economical to set up a LAMP server, which is why everyone is doing it. Security follows long after convenience, I'm afraid.

      It's easy to blame Windows for having problems, most people have so many they seem to be able to overlook them after a while.

      Windows keeps me in work, but it's the Linux work I enjoy.
      dingletec_z
    • Reading where?

      Do you mean George's article about his friend's website? There are so many problems with their reporting methods that one cannot take them serious.

      If you have other sources, please list them.
      Patrick Jones
  • It will be inherently more secure because of its nature

    Because it's Open Source, it draws it's developer power from the best of the best in all fields. Everyone from top dollar corporate developers to basement dwelling hackers put their collective power in securing and improving the OS. This doesn't mean it will be impervious to everything, but the speed at which bugs and exploits are found and fixed increases at an astonishing rate.

    Ever used a program and thought to yourself "Wow, that's a bug, I wish I could fix that!" Guess what, with Linux, you can.

    There's an advantage to being one of the biggest collaborative projects in the history of the planet, and Open Source makes that possible.
    Sabz5150
    • Really-capable developers don't work for nothing!

      People work for open-source are not generally best quality developers. This does not everyone of them! There are some good quality guys. But in general, they are not bests. So you are getting free for less quality. I've been using many open-source programs over 15 years. I don't see many of them having better quality than commercial or even shareware s/w.
      Wagadonga
      • For some, the love of the game outshines the dollar

        Most commercial software is written to generate cash. Linux software is written mostly because the people who write it LOVE IT. They enjoy hammering out code, it's their hobby, it's their passion. That drives many people to produce solid code more than just a few extra dollars. They have a regular job for that.

        Did Linus write the Linux kernel to make money?
        Sabz5150
      • Ignorant statement ohc

        In reality you will find there is not much difference between developers on either side. In fact, you will probably find that many OSS developers are actually getting paid to work on open source projects by their employers.

        For example, why don't to try to find out how many developers IBM, HP, Sun, Microsoft, Redhat, Novell, SGI, Nokia and others have working on open source projects?

        The people contributing for free could work fulltime somewhere and work on OSS on their own time. They could be students...

        Now... There are a LOT of crappy programs out there. Many more for Windows than any other platform, simply because more people program for Windows than any other.

        That is exactly the reason I started programing, in fact. I figured if everyone else can write crappy programs, so can I. And I write a lot of crappy programs.
        dingletec_z