Security Portal: Linux is a security risk, I don't think so!Mar 29, 2000, 18:07 (3 Talkback[s])
(Other stories by Kurt Seifried)
"Recently, on a major computer industry website an interesting article was posted, regarding Linux security. The article starts off by stating that there is "growing concern that the Linux operating system suffers from major security problems that could prevent its widespread adoption in the enterprise environment.". Following that they have a quote from Clive Longbottom saying: "Security needs to be built into the architecture of the operating system. This cannot happen if your source code is publicly available.". It goes on with more quotes like "At present a hacker would be able to go through the operating system like a dose of salts," (salts being a British term for laxative I assume)."
"This is just false. Unfortunately the article ends after a few quotes with no real conclusion as to what they were actually trying to get across, so I can only assume that they think OpenSource = insecure because attackers can see the problems. People seem to make several [false] assumptions with regards to OpenSource verses closed source software..."
"In short OpenSource software does make life a little easier for some attackers, but most attackers skillfull enough to understand the source code and write exploits are also expert enough to do "blackbox" testing on proprietary software (such as running it through a debugger or decompiler), and find problems they can exploit there. In sum I don't think Linux is more of a security risk then any other popular OS, and generally speaking it is easier to secure then most proprietary OS's. For example the Securityportal sponsored site "CryptoArchive" has a high security requirement, since it will be distributing cryptographic software to people. Several alternatives were considered, with Linux and OpenBSD being the "finalists", Linux eventually beat out OpenBSD when CryptoArchive was able to use "CoDomain" from Wirex communications, many of the security measures taken for CryptoArchive would not be possible with a proprietary OS."