“Targeted at an older version of Red Hat, Ramen hasn’t caused
any significant damage. And according to the federally funded
Computer Emergency Response Team, fewer than 20 incidents of Ramen
infection have been reported — a minuscule number compared to the
tens of thousands of reports CERT logged when the Melissa virus and
Love Bug were epidemic. Furthermore, Linux security experts
speculate that Ramen arose as a demonstration project without
specific malicious intent.”
“Still, the continuing spread of Ramen raises some serious
questions about the ability of the open-source community to live up
to its security boasts. Linux supporters have long claimed the
transparent nature of open-source development produces more secure
software and fixes bugs faster than proprietary companies such as
Microsoft and Oracle do.”
“Even if that’s true, Linux will need to prove it can deliver
this security to the growing mass of open-source converts who are
not particularly tech-savvy and are accustomed to Microsoft-style
one-click upgrades. Red Hat hustled out patches for the Ramen worm
within weeks, but too many Red Hat users remain unprotected. “I
think the community’s response to the Ramen virus has been to the
credit of open source. Where it breaks down is the last mile of
getting that fix to the customer,” says Ned Lilly, vice-president
for hacker relations at open-source database concern Great
Bridge.”