Linux Security: A Good Thing Keeps Getting Better - InformationWeek
IoT
IoT
Feature
News
1/3/2006
12:52 PM
50%
50%

Linux Security: A Good Thing Keeps Getting Better

A tech expert explains why Linux has remained a bright spot in an increasingly grim IT security picture, and how businesses can ensure effective, reliable security for their own Linux-based systems.

Security Pipeline: Is security still viewed as a huge issue for open source computing?

Humphrey: There are two distinct sides of the coin to open source computing: the motivated geniuses that pump out code for a specific new application, and the very commercial world that has a different use for the open source community. An example here would be Sun's Java environment.

In the former case, security has never been a huge concern for much of the community.

Open-source here means you put something very cool together and you make it work. "It" being so very cool, you plunge forward with a "sourceforge.net" site, and tell all your friends what a nifty toy you have just created. They give you feedback, suggest code changes, and break it repeatedly until you regret ever telling anyone about it in the first place.

However, after repeatedly being embarrassed over just how poorly the code performs in areas of security (among other things), the interested community finally patches it up into something in the 14th major revision that can stand on its own without being a security nightmare.

In the end, you can get some amazing software from a dedicated community that is very secure. It may not have started that way, but it will inevitably mature there.

In the latter case however, security is part of the development plan day one. No one in Sun, IBM or Redhat wants to be the target of an identified security risk as it's bad for business.

This side of the coin will suffer similar evolutionary corrections to address security and functionality issues, but the difference in getting to that stage is enormous. It's a much more closed development cycle with a specific goal in mind. Security may not be that goal, but staying in business will just have to do.

So the open source-computing world can have widely varying issues with security, but they are likely to pale in comparison with the issues that arise from the Microsoft environment itself.

And there is something of a cross-culture mix here with open-source software on Microsoft. For example: if you put an open source IRC client on your Windows machine, is the reason that your system has been compromised within 20 minutes of logging onto an IRC channel the result of underlying security issues with the IRC client, or the operating system that invites complete access to all of its internals for any application that runs on it? Where is the security failure?

Unix/Linux doesn't collapse like this. You can actually install and run this same client as a non-privileged user on Linux that is relatively secure for the rest of the computer (and it's users).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
News
IT Budgets: Traditional Still Bigger than Cloud
Jessica Davis, Senior Editor, Enterprise Apps,  9/20/2018
Commentary
Building a Smart City Doesn't Have a Common Blueprint
Guest Commentary, Guest Commentary,  9/18/2018
Commentary
AWS vs. Azure: Users Share Their Experiences
Guest Commentary, Guest Commentary,  9/7/2018
Register for InformationWeek Newsletters
Video
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll