Monday, November 20, 2006

Hi all:

In the recent issue of Popular Science, one of my favorite magazines, I read with dismay a letter written by Troy Davis touting the bullet-proof security of Linux and Mac OS X vs. Windows. I am not sure what bothered me more, that someone so obviously ignorant of computer security trends could so authoritatively make false statements, or that PopSci printed the letter! I have a dual degree in computer science and engineering, spent the first part of my career in the Linux/Java world, and the last 5 years of my career in the Microsoft world, and I have some actual facts for Troy.

While Tory states that Windows is the most insecure computing platform available, I challenge Troy to show me the data to back up his claims. The fact is that Windows actually has better security than these other products; however it is the media that has lead to the false public perception of Windows security lagging far behind other OSes. This is because there are hundreds of millions of users of Windows so that when there is a security breach it affects far more people, and writing about these breaches with sensational headlines sells papers/magazines/online subscriptions etc. NO computer system that is plugged into the internet is secure, but the simple truth is that hackers don’t get much glory for attacking Linux or the 115 people in the world who use Macs. Unfortunately people not only believe everything they read, but they seem inclined to repeat it without the proof to back up their statements.

Troy’s suggestion that people switch OSes to have better security is ludicrous. According to Troy the solution is for everyone to stop using Windows and re-learn new OSes and applications from the ground up, costing businesses and home users untold dollars and lost productivity. Further, products such as Linux are far more difficult to properly administer than Windows is, so the end result of a mass migration to Linux would be a far less secure infrastructure than is in place today. Further, if this migration did happen, hackers attention would soon turn from Windows to whatever the new OS of choice ended up being, and soon we would see just as many new attacks highlighted in the press as there are today with Windows. Also note the attacks DO happen today, but they are simply not sensationalized as are the attacks on Windows.

If Troy, or anyone else would like to seem some actual data, please feel free to head over to my other site, where I have posted this article as well as some graphs showing actual data from 2004 on OS vulnerabilities. I realize 2004 is a while ago now, but does anyone think the numbers have gotten any better for Linux as more users adopt the system?! If you don’t believe my data, feel free to do a little digging on the Internet, this information is readily available!

The fact is that no OS is secure; security is an ongoing strategy that must be practiced and continually improved upon by organizations. Today’s’ secure system is tomorrows’ wide open door for hackers.
John Straumann.

PS: A SHORT list of Linux Viruses
Linux.Jac.8759Linux.Pavid (NAV)Linux.Ramen Linux.Scapler.Worm (NAV)Linux/AlfaLinux.Lion.Worm (NAV)Linux.Peelf.2132 (NAV)Linux.Ramen.Worm (NAV)Linux/Adore.worm Linux/Amdcrash Linux/DDoS-Kaiten Linux/Ehcapa.worm Linux/Exploit-Lsub Linux/Exploit-SuLinux/ForkLinux/Kaiten Linux/Lindose Linux/MightyLinux/Ramen.worm Linux/Rootkit Linux/Seclpd Linux/Slapper.worm.b Linux/Slapper.worm.d Linux/Devnull Linux/Etap Linux/Exploit-Statdx Linux/Exploit-Woot Linux/Gulzan Linux/Kokain Linux/Lion.worm Linux/Osf Linux/RedLinux/Rpcmountd Linux/Slapper.worm.a Linux/Slapper.worm.c Linux/Snoopy.b

No comments: