Open Source Walks The High Wire - InformationWeek
10:32 AM

Open Source Walks The High Wire

Linspire is pitching its desktop Linux distro to a tough crowd. Is it also courting trouble by bending a cardinal security rule? Or do the old rules no longer make sense in a market where many desktop Linux users are buying their first computer?

In my previous column, I stated that MySQL AB is taking some of the blame--unfairly, I think--for a recent worm attack that succeeded due to lazy administrators, rather than defective code.

Until the worm episode, the MySQL development team favored a setup process that left basic security decisions, such as whether to use a root password, completely up to the product's users. This approach has its risks: MySQL, like so many other open-source developers, deals today with a much larger user base that is also much less experienced on average than it used to be.

If MySQL makes a few more decisions for its users, such as forcing them to set a root password to improve security, few people are likely to complain about the tradeoff. This sort of thing is likely to happen more often, and it will involve more open-source products. In spite of the damage, both real and imagined, that may result, it's also a problem that will solve itself, as commercial open-source firms build more effective training programs and as today's beginners grow into tomorrow's veterans. In other words, this is a problem a lot of other industries would kill to have.

Does the same lassez-faire attitude apply to the desktop open-source market, and especially to efforts to win consumer Linux users? Security is half of the desktop Linux act, but usability is the other half--and this is a pair that doesn't always see eye to eye. Bear in mind that desktop Linux buyers aren't just converted Windows users; this group also includes a substantial number of first-time computer users who aren't convinced they need one at all. These are people for whom Linux must make a solid first impression, or there likely won't be a second.

Linspire is one of the Linux vendors with more chips riding on Joe Six-Pack than on the Fortune 500. The company's Linspire OS, and tie-in services such as its "Click-N-Run" software database and maintenance plan, are dedicated to turning people who have never touched a PC and who have no interest in technology into happy Linux users.

One trait intended to make Linspire more user-friendly has also raised some eyebrows among experienced Linux users: a setup process in which many new users end up running only the root account. Linspire's supporters--and there are a lot of them--argue that using a root account is no longer a problem, since most of these machines only serve a single user; in addition, Linspire PCs start up with a fully configured firewall and locked-down ports. It's also true that a user can set up non-root accounts quickly and easily, assuming they have some basic PC skills and know why this might be a good idea.

Linspire clearly believes that its setup process delivers a usability advantage that outweighs the security benefits of creating a user account. I personally don't like the idea--it makes me nervous, and most present or past Linux users I ask feel the same way.

We're not the people Linspire needs to reach, however, and I'm more interested in hearing what the rest of you think about the approach Linspire is taking, or about how other desktop Linux vendors have handled tradeoffs between usability and security. There are a lot of companies making up the rules of this game as they go along, and it will be fascinating to see who comes out ahead.

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll