Sloppy Admins Leave Linux Vulnerable To Security Breaches - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Sloppy Admins Leave Linux Vulnerable To Security Breaches

Systems administrators don't adequately keep up with Linux patches, leaving doors open for hackers, according to a controversial report from security firm mi2g.

Linux has gaping security holes caused by systems administrators who either can't or won't keep up with the latest patches, according to a report from British security firm mi2g.

Mi2g last week attracted a firestorm of criticism when it declared that Linux trailed Windows in overall security. The most secure operating systems are Apple OS X and the open source BSD, according to the study, which mi2g said was not funded by any outside party.

Many of Linux's security flaws are caused by multiple distributions of the operating system, and lack of standardized security regimes and procedures for applying patches, said mi2g chairman DK Matai.

Matai said mi2g is not hostile to Linux. He noted that the company runs Linux and other open source products, including Apache, MySQL, and PHP.

"We're just simply saying that the average system out there is not sufficiently patched up," Matai said. "Users have no clue as to whether their system is at the latest level of distribution or not. And they don't have adequate administration skills."

He added, "One of the biggest complaints we hear from our customers and contacts is it's very difficult to find a qualified Linux administrator."

John Weathersby, executive director of the Open Source Software Institute, said the security problems are just a natural evolution in a maturing Linux market.

"Now that Linux is growing on the desktop, it's becoming a larger target," Weathersby said. "You will surely see more attacks on Linux. As the market matures you'll have products that come to market that make it easier and more convenient to protect against hackers in a Linux environment."

Mi2g found Linux security problems often go unsolved because many users of the free operating system refuse to pay for upgrades and support, Matai said. Vendors like Red Hat are, increasingly often, charging for upgrades and support.

The most controversial—and confusing—section of the mi2g study was the decision to exclude viruses, worms and other malware from the comparative ratings of security in operating systems.

While Windows is more susceptible to viruses and other automatically operating malware, Linux is more susceptible to targeted hacker attacks—and the hacker attacks are a more serious threat, Matai said.

Successful manual attacks do much more damage to their targets, even if they are far more rare than automated attacks, Matai said.

If mi2g had included viruses and another automatically operated malware in the ratings, Linux would have been rated more secure than Windows, Matai said. But BSD and Mac OS X would still be more secure than both.

Matai said BSD and Apple are not protected from attacks just because they're relatively rare compared with Windows and Linux, Matai said. BSD and Apple are used in many mission-critical applications and high-security government and military installations. "There are many genuine reasons to attack BSD and Apple," he said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll