Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Most Unsecure OS? Yep -- it is Linux!
www.wininformant.com ^ | 1/13/03 | Paul Thurott

Posted on 01/13/2003 7:45:29 AM PST by ImaGraftedBranch

November 26, 2002  | Paul Thurrott
Most Unsecure OS? Yep, It's Linux

According to a new Aberdeen Group report, open-source solution Linux has surpassed Windows as the most vulnerable OS, contrary to the high-profile press Microsoft's security woes receive. Furthermore, the Aberdeen Group reports that more than 50 percent of all security advisories that CERT issued in the first 10 months of 2002 were for Linux and other open-source software solutions. The report muddles the argument that proprietary software such as Windows is inherently less secure than open solutions. And here's another blow to the status quo: Proprietary UNIX solutions were responsible for just as many security advisories as Linux in the same time period. Could Windows be the most secure mainstream OS available today?

"Open-source software, commonly used in many versions of Linux, UNIX, and network routing equipment, is now the major source of elevated security vulnerabilities for IT buyers," the report reads. "Security advisories for open-source and Linux software accounted for 16 out of the 29 security advisories--about one of every two advisories--published for the first 10 months of 2002. During this same time, vulnerabilities affecting Microsoft products numbered seven, or about one in four of all advisories."

The stunning report makes several claims that seem to fly in the face of widely accepted beliefs. First, the Aberdeen Group says that Windows-based Trojan horse attacks peaked in 2001, when CERT released six such advisories, then bottomed out this year, when CERT didn't issue any alerts. However, Trojan horse-based attacks on Linux, UNIX, and open-source projects jumped from one in 2001 to two in 2002. The Aberdeen Group says this information proves that Linux and UNIX are just as prone to Trojan horse attacks as any other OS, despite press reports to the contrary, and that Mac OS X, which is based on UNIX, is also vulnerable to such attacks. Even more troubling, perhaps, is the use of open-source software in routers, Web servers, firewalls, and other Internet-connected solutions. The Aberdeen Group says that this situation sets up these devices and software products to be "infectious carriers" that intruders can easily usurp.

According to the Aberdeen Group, the open-source community's claim that it can fix security vulnerabilities more quickly than proprietary developers can means little. The group says that the open-source software and hardware solutions need more rigorous security testing before they're released to customers. This statement is particularly problematic because many Linux distributions lack the sophisticated automatic-update technologies modern Windows versions contain.

We can rail against Microsoft and its security policies, but far more people and systems use Microsoft's software than the competition's software. I believe that we'll never know how secure Linux is, compared with Windows, until a comparable number of people and systems use Linux. But despite the fact that Linux isn't as prevalent as Windows, we're still seeing a dramatic increase in Linux security advisories today. I think the conclusion is obvious.


TOPICS: Business/Economy; Miscellaneous; News/Current Events; Technical
KEYWORDS: computer; linux; opensource; os; science; unix; windows
Navigation: use the links below to view more comments.
first 1-2021-38 next last
In part, the article states: "...more than 50 percent of all security advisories that CERT issued in the first 10 months of 2002 were for Linux and other open-source software solutions. The report muddles the argument that proprietary software such as Windows is inherently less secure than open solutions. And here's another blow to the status quo: Proprietary UNIX solutions were responsible for just as many security advisories as Linux in the same time period."

When there are 50 million Linux PCs to match the 50 million windows PCs, it will be extremely obvious that open source is not the way to go. You think the number of problems windows has had was bad? Wait until you have 50 million people using it, then fixing all of the problems -- as well as distributing them -- to people that purchased Linux because administrative costs were so low. Oh, Yeah -- we fired our administrators after we bought Linux....oops.

1 posted on 01/13/2003 7:45:29 AM PST by ImaGraftedBranch
[ Post Reply | Private Reply | View Replies]


PLEASE SUPPORT FREE REPUBLIC

Donate Here By Secure Server

Or mail checks to
FreeRepublic , LLC
PO BOX 9771
FRESNO, CA 93794
or you can use
PayPal at Jimrob@psnw.com

Become A Monthly Donor
STOP BY AND BUMP THE FUNDRAISER THREAD

2 posted on 01/13/2003 7:45:45 AM PST by Mo1 (Join the DC Chapter at the Patriots Rally III on 1/18/03)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
Your slipping, why didn't you post this ;)
3 posted on 01/13/2003 7:48:44 AM PST by chance33_98
[ Post Reply | Private Reply | To 1 | View Replies]

To: ImaGraftedBranch
Actually, if the argument is simply the level of risk
associated with open systems vs. proprietary systems isn't
that simply another way of advocating "security through
obscurity" - a paradigm that is no longer embraced by the
security community (or so they say)?
4 posted on 01/13/2003 7:54:06 AM PST by The Duke
[ Post Reply | Private Reply | To 1 | View Replies]

To: ImaGraftedBranch
I recieve these CERT Advisories.

I would like to see this groups research in detail. What types of advisories were listed? How severe were they? etc.



5 posted on 01/13/2003 7:58:10 AM PST by jbstrick
[ Post Reply | Private Reply | To 1 | View Replies]

To: ImaGraftedBranch
Windows advocates were perfectly right last year to point out that the number of advisories was a worthless metric for determining the security of an operating system. It's still a worthless metric, even when the shoe's on the other foot...
6 posted on 01/13/2003 8:02:35 AM PST by general_re (Q: How many C++ programmers does it take to change a light bulb?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ImaGraftedBranch
...Aberdeen Group reports that more than 50 percent of all security advisories that CERT issued in the first 10 months of 2002 were for Linux and other open-source software solutions.

Security advisories for open-source and Linux software accounted for 16 out of the 29 security advisories

They are not saying that Linux had more security problems than Windows, they are lumping Linux together with ALL open source software. There is a big difference.

7 posted on 01/13/2003 8:04:10 AM PST by Digital Chaos
[ Post Reply | Private Reply | To 1 | View Replies]

To: Digital Chaos


Paul Thurrott
   Write for Windows & .NET Magazine  

Paul Thurrott is the news editor for Windows & .NET Magazine. He writes a weekly editorial
for Windows & .NET Magazine UPDATE (http://www.win2000mag.net/email) and writes a daily
Windows news and information newsletter called WinInfo Daily UPDATE (http://www.wininformant.com). 

Did a quick google search on Thurott. He's got a dog in this fight, that's for sure.

8 posted on 01/13/2003 8:06:20 AM PST by 2 Kool 2 Be 4-Gotten
[ Post Reply | Private Reply | To 7 | View Replies]

To: Digital Chaos
From what I understand, the major versions of Linux (Mandrake, Red Hat, and the PRC rip-off of Red Hat - Red Flag) ARE open-source.

*shudders*

I'll stick with Windows.
9 posted on 01/13/2003 8:10:43 AM PST by hchutch ("Last suckers crossed, Syndicate shot'em up" - Ice-T, "I'm Your Pusher")
[ Post Reply | Private Reply | To 7 | View Replies]

To: ImaGraftedBranch
This one is a howler.

Tell me again why all my customers are trying like crazy to get onto a Linux or Unix-based platform and away from NT and MS in general.

Tell me why, of all the scans that my web servers get, the bulk of them are from Windows boxes that have been compromised with the NIMDA virus (a patch for which has been out for a year).

10 posted on 01/13/2003 8:11:56 AM PST by ikka (Impeach him harder!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jbstrick
I'd like to see some details too.

The vast majority of viruses and worms are transmitted by e-mail. Yes, servers are vulnerable from attack directly, so lets see the security comparison between the two servers, under direct attack.

Linux and Windows servers may be just as vulnerable on the system level (although I doubt it), but the huge doorway into the organization is Outlook. It doesn't matter how secure your front door is, when you've got the garage door wide open and every kid in the neighborhood can wander in.
11 posted on 01/13/2003 8:19:45 AM PST by babyface00
[ Post Reply | Private Reply | To 5 | View Replies]

Comment #12 Removed by Moderator

To: chance33_98
Your slipping, why didn't you post this ;)

Because this isn't anything new. Most everyone (without an ideological axe to grind, that is) recognizes that open source code is just as buggy as closed source.
13 posted on 01/13/2003 8:48:48 AM PST by Bush2000
[ Post Reply | Private Reply | To 3 | View Replies]

To: ikka
Tell me again why all my customers are trying like crazy to get onto a Linux or Unix-based platform and away from NT and MS in general.

Because you're a dedicated ABMer who doesn't serve MS customers.
14 posted on 01/13/2003 8:49:22 AM PST by Bush2000
[ Post Reply | Private Reply | To 10 | View Replies]

To: 2 Kool 2 Be 4-Gotten
Did a quick google search on Thurott. He's got a dog in this fight, that's for sure.

Thurott is merely reporting research by Aberdeen Group. Are they shills, too? /NOT
15 posted on 01/13/2003 8:50:26 AM PST by Bush2000
[ Post Reply | Private Reply | To 8 | View Replies]

To: ImaGraftedBranch
Without knowing the severity and scope of the advisories, you can't really make a comparison. As an analogy, just counting legal infractions would make me, with maybe a half-dozen traffic citations, a worse criminal than a person with a single murder conviction.
16 posted on 01/13/2003 8:51:55 AM PST by Question_Assumptions
[ Post Reply | Private Reply | To 1 | View Replies]

To: chance33_98; All
Look at the date on this article.

It's old, and was indeed posted before.

It is a falsified report. Funny stuff, actually. Look into how they arrived at their conclusions . . .

Propaganda has to be repeated, to be effective.

And yes, Smeagol2000 was there.

Nasty little linuxes, smeagol will throttle them, yessss, preciousssss.

17 posted on 01/13/2003 8:53:22 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 3 | View Replies]

To: Dominic Harr
It's old, and was indeed posted before.

November 11, 2002. That's old?

It is a falsified report.

It's pretty amusing to see Linux sycophants twist in the wind when their lies are exposed...
18 posted on 01/13/2003 9:07:40 AM PST by Bush2000
[ Post Reply | Private Reply | To 17 | View Replies]

To: ImaGraftedBranch
" When there are 50 million Linux PCs to match the 50 million windows PCs"

Most front end equipment (routers, cable modems, etc.) use open source OS's. Many (probably a large portion) of the Windows machines in the home or business hide behind a NON-MS operating system.

This front end equipment takes the brunt of attacks. The simple fact is that if you have a Windows machine on a network without a firewall, you WILL get infected. Probably within 45 minutes.

Even with a firewall, if you run IE for a browser and/or Outlook for mail, you WILL get infected.
19 posted on 01/13/2003 9:31:05 AM PST by babygene
[ Post Reply | Private Reply | To 1 | View Replies]

To: ImaGraftedBranch
When there are 50 million Linux PCs to match the 50 million windows PCs, it will be extremely obvious that open source is not the way to go.

The Aberdeen Group is lulling unwary Windows users into a false sense of security with their flawed analysis. Counting advisories is not the way to determine which platform is most vulnerable.

History shows that *nix system users are more diligent about reporting security issues as soon as they are discovered, and issuing a fix as soon as possible. Microsoft ignores security issues, avoids issuing security advisories and delays issuing fixes.

20 posted on 01/13/2003 9:32:04 AM PST by HAL9000
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-38 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson