Security Portal: Maybe I Should Be Afraid of Linux?Oct 16, 2000, 20:48 (6 Talkback[s])
(Other stories by Jay Beale)
"In my time as a Security Administrator for a Solaris shop, I had to give the occasional briefing to my boss: We're vulnerable. A new security hole has just been discovered and every major Unix/Linux is vulnerable, from Solaris to Irix to Red Hat Linux. After briefing my boss on our risk and my plans to do something about such, he asks me the same question: "Can you find an exploit?" Rather often, I've had to answer, "nope."
"Actually, my answer is usually something like: "I've found an exploit against the Linux version, but no one's releasing it widely for Solaris yet." My boss is both partially relieved and partially bothered. Why?...."
"I may be wrong here. It's possible that exploits are quickly coded for every Unix/Linux out there, but that the only ones widely distributed are for Linux/FreeBSD 1. Well, then, the difference is chiefly academic! In reality, I don't have a large number of script kiddies running exploits against my Solaris boxes, while many of them are constantly hammering at the Linux boxen."
"In any case, this is a serious strike against Linux's security as a server operating system. Linux seems to have become the "number 1 target." The bulk of the new exploit code is coming out for Linux, even for vulnerabilities present in all Unices."