A Skeptical Look At The Linux Server Botnet - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Enterprise Architecture
Commentary
9/15/2009
10:12 AM
Serdar Yegulalp
Serdar Yegulalp
Commentary
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

A Skeptical Look At The Linux Server Botnet

When The Register ran news of a "Linux botnet" out in the wild, the bloviation did fly: See? Linux really isn't that secure! But odds are this has nothing to do with Linux security per se, and everything to do with the biggest and most notorious security hole of all: bad system administration.

When The Register ran news of a "Linux botnet" out in the wild, the bloviation did fly: See? Linux really isn't that secure! But odds are this has nothing to do with Linux security per se, and everything to do with the biggest and most notorious security hole of all: bad system administration.

Last year a friend of mine sent me some then-early details about a similar-sounding Linux server exploit. The whole thing seemed fishy, especially the bit about how the problem persisted after a complete system scrape-and-reinstall. My guess was that it was not so much an extant vulnerability as a security hole being left open by the admin -- e.g., a default root password was being reused, and was someone's way to get back in even after a full nuke-and-pave. My friend concurred. The real problem, as he saw it, was compromised user credentials, which make most anything possible in its wake.

The "botnet" in this case sounds like something quite similar: an infection that, according to one researcher, looks for machines (which just happen to be running Linux) with compromised/sniffed passwords, and which then uses them to further spread its payloads. If that's true, there's nothing that requires this to be a Linux-specific exploit. It's an opportunistic infection, as it were.

The noise on both sides of this issue has been irritating. On one side, there's people bashing Linux with the "see, I told you so" hammer. Linux is insecure -- you just get a pass because it isn't attacked as broadly! Just you wait! And on the other side we have the apologists, who fume and bite their lips and insists there's nothing to see here, move along. Both parties miss the point.

I don't think Linux is immune from attack any more than I think Windows is inherently insecure. Security is a process, not an artifact: it's a product of the way you do things. If your approach to security is haphazard and inconsistent, and you don't do things like rotate passwords or use secure connections to transmit them, guess what -- you've created your own weakest links. (And yes, open source makes it easier to find problems, but that only matters if competent people are actually looking for them.)

One could argue that the way most Linux distributions are built and shipped insures a bit more security than the competition, whether that competition is Windows, BSD, Solaris, or what have you. Fine. But that doesn't change the fact that someone has to set that stuff up and put it to use -- and that they have to know what they're doing.

In this day and age, the odds are you're your own worst security threat, no matter what you run. And neither Linux nor open source will automatically render you immune to your own incompetence.

[Postscript: I should point out that my reaction wasn't to the Register article itself, which did in fact note that the most likely culprit was bad system administration. My gripe has been with people who picked up on this as a way to indiscriminately bash Linux out of hand.]

InformationWeek Analytics has published an independent analysis on strategic security. Download the report here (registration required).

Follow me and the rest of InformationWeek on Twitter.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Commentary
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Commentary
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Slideshows
Flash Poll