Linux Security: A Good Thing Keeps Getting Better - InformationWeek
12:52 PM

Linux Security: A Good Thing Keeps Getting Better

A tech expert explains why Linux has remained a bright spot in an increasingly grim IT security picture, and how businesses can ensure effective, reliable security for their own Linux-based systems.

Security Pipeline: Is security still viewed as a huge issue for open source computing?

Humphrey: There are two distinct sides of the coin to open source computing: the motivated geniuses that pump out code for a specific new application, and the very commercial world that has a different use for the open source community. An example here would be Sun's Java environment.

In the former case, security has never been a huge concern for much of the community.

Open-source here means you put something very cool together and you make it work. "It" being so very cool, you plunge forward with a "" site, and tell all your friends what a nifty toy you have just created. They give you feedback, suggest code changes, and break it repeatedly until you regret ever telling anyone about it in the first place.

However, after repeatedly being embarrassed over just how poorly the code performs in areas of security (among other things), the interested community finally patches it up into something in the 14th major revision that can stand on its own without being a security nightmare.

In the end, you can get some amazing software from a dedicated community that is very secure. It may not have started that way, but it will inevitably mature there.

In the latter case however, security is part of the development plan day one. No one in Sun, IBM or Redhat wants to be the target of an identified security risk as it's bad for business.

This side of the coin will suffer similar evolutionary corrections to address security and functionality issues, but the difference in getting to that stage is enormous. It's a much more closed development cycle with a specific goal in mind. Security may not be that goal, but staying in business will just have to do.

So the open source-computing world can have widely varying issues with security, but they are likely to pale in comparison with the issues that arise from the Microsoft environment itself.

And there is something of a cross-culture mix here with open-source software on Microsoft. For example: if you put an open source IRC client on your Windows machine, is the reason that your system has been compromised within 20 minutes of logging onto an IRC channel the result of underlying security issues with the IRC client, or the operating system that invites complete access to all of its internals for any application that runs on it? Where is the security failure?

Unix/Linux doesn't collapse like this. You can actually install and run this same client as a non-privileged user on Linux that is relatively secure for the rest of the computer (and it's users).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 4
Comment  | 
Print  | 
More Insights
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
The Staying Power of Legacy Systems
Mary E. Shacklett, Mary E. Shacklett,  4/15/2019
Q&A: Red Hat's Robert Kratky Discusses Essentials of Docs
Joao-Pierre S. Ruth, Senior Writer,  4/15/2019
How Cloud Shifts Security Balance of Power to the Good Guys
Guest Commentary, Guest Commentary,  4/11/2019
Register for InformationWeek Newsletters
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll