Linux Security: A Good Thing Keeps Getting Better - InformationWeek
12:52 PM

Linux Security: A Good Thing Keeps Getting Better

A tech expert explains why Linux has remained a bright spot in an increasingly grim IT security picture, and how businesses can ensure effective, reliable security for their own Linux-based systems.

Security Pipeline: Is security still viewed as a huge issue for open source computing?

Humphrey: There are two distinct sides of the coin to open source computing: the motivated geniuses that pump out code for a specific new application, and the very commercial world that has a different use for the open source community. An example here would be Sun's Java environment.

In the former case, security has never been a huge concern for much of the community.

Open-source here means you put something very cool together and you make it work. "It" being so very cool, you plunge forward with a "" site, and tell all your friends what a nifty toy you have just created. They give you feedback, suggest code changes, and break it repeatedly until you regret ever telling anyone about it in the first place.

However, after repeatedly being embarrassed over just how poorly the code performs in areas of security (among other things), the interested community finally patches it up into something in the 14th major revision that can stand on its own without being a security nightmare.

In the end, you can get some amazing software from a dedicated community that is very secure. It may not have started that way, but it will inevitably mature there.

In the latter case however, security is part of the development plan day one. No one in Sun, IBM or Redhat wants to be the target of an identified security risk as it's bad for business.

This side of the coin will suffer similar evolutionary corrections to address security and functionality issues, but the difference in getting to that stage is enormous. It's a much more closed development cycle with a specific goal in mind. Security may not be that goal, but staying in business will just have to do.

So the open source-computing world can have widely varying issues with security, but they are likely to pale in comparison with the issues that arise from the Microsoft environment itself.

And there is something of a cross-culture mix here with open-source software on Microsoft. For example: if you put an open source IRC client on your Windows machine, is the reason that your system has been compromised within 20 minutes of logging onto an IRC channel the result of underlying security issues with the IRC client, or the operating system that invites complete access to all of its internals for any application that runs on it? Where is the security failure?

Unix/Linux doesn't collapse like this. You can actually install and run this same client as a non-privileged user on Linux that is relatively secure for the rest of the computer (and it's users).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 4
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2017 State of IT Report
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll