Sloppy Admins Leave Linux Vulnerable To Security Breaches - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Sloppy Admins Leave Linux Vulnerable To Security Breaches

Systems administrators don't adequately keep up with Linux patches, leaving doors open for hackers, according to a controversial report from security firm mi2g.

Linux has gaping security holes caused by systems administrators who either can't or won't keep up with the latest patches, according to a report from British security firm mi2g.

Mi2g last week attracted a firestorm of criticism when it declared that Linux trailed Windows in overall security. The most secure operating systems are Apple OS X and the open source BSD, according to the study, which mi2g said was not funded by any outside party.

Many of Linux's security flaws are caused by multiple distributions of the operating system, and lack of standardized security regimes and procedures for applying patches, said mi2g chairman DK Matai.

Matai said mi2g is not hostile to Linux. He noted that the company runs Linux and other open source products, including Apache, MySQL, and PHP.

"We're just simply saying that the average system out there is not sufficiently patched up," Matai said. "Users have no clue as to whether their system is at the latest level of distribution or not. And they don't have adequate administration skills."

He added, "One of the biggest complaints we hear from our customers and contacts is it's very difficult to find a qualified Linux administrator."

John Weathersby, executive director of the Open Source Software Institute, said the security problems are just a natural evolution in a maturing Linux market.

"Now that Linux is growing on the desktop, it's becoming a larger target," Weathersby said. "You will surely see more attacks on Linux. As the market matures you'll have products that come to market that make it easier and more convenient to protect against hackers in a Linux environment."

Mi2g found Linux security problems often go unsolved because many users of the free operating system refuse to pay for upgrades and support, Matai said. Vendors like Red Hat are, increasingly often, charging for upgrades and support.

The most controversial—and confusing—section of the mi2g study was the decision to exclude viruses, worms and other malware from the comparative ratings of security in operating systems.

While Windows is more susceptible to viruses and other automatically operating malware, Linux is more susceptible to targeted hacker attacks—and the hacker attacks are a more serious threat, Matai said.

Successful manual attacks do much more damage to their targets, even if they are far more rare than automated attacks, Matai said.

If mi2g had included viruses and another automatically operated malware in the ratings, Linux would have been rated more secure than Windows, Matai said. But BSD and Mac OS X would still be more secure than both.

Matai said BSD and Apple are not protected from attacks just because they're relatively rare compared with Windows and Linux, Matai said. BSD and Apple are used in many mission-critical applications and high-security government and military installations. "There are many genuine reasons to attack BSD and Apple," he said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll