“An article appeared on the Silicon.com website in March in
which a “security expert” claimed that Linux was insecure because
of the open source nature of the code, a surprising if not
astonishing claim. The expert went on to claim that Unix in general
was less secure than other operating systems because of its more
open nature, which, given the modern history of computing, is
curious to say the least. One has to ask, are these experts
serious?”
“Unix was designed from the ground up as a networking system
with in-built multi-user security, assured by file read and write
protection. Any system is only as secure as it is allowed to be by
the users and administrators. The basic principle behind any Unix
system is that the system administrator or super-user has complete
access, but any individual user has access only to the files under
his or her immediate control or the files to which group access has
been allocated. This would not include system files which are
accessible only by the superuser. Therefore, a properly supervised
system, with proper backup regimes and sound practices, is
relatively secure. An intruder has to have access to the superuser
password to seriously damage the system, or to damage the files of
any other user, and this is unlikely. Given a password of 8 or more
unpredictable character combinations, even the most advanced
cracking tools are unlikely to decode the password. Perhaps the
expert would argue that though this is true, in the real world
people don’t behave as they should, and this is why crackers can
break into networking systems. In that case, I suggest they employ
a responsible “security expert”, and deploy the numerous tools
available to secure them. No system with any kind of world access
is invulnerable. To pretend that Microsoft or other propprietary
systems offer greater security is laughable, if only because events
have proved otherwise.”
“Moreover, the kind of practices that have led to the biggest
virus scares on Microsoft systems, centred around macro code, VB
and ActiveX, imported by browser and e-mail facilities, are not
permissible in a properly modular operating system. This fact, as
much as anti-competitive practices, is the primary argument why the
browser is not and should not be an integral part of the operating
system, and why so much of system security is dedicated to
Anti-Virus activities. A multi-billion dollar business exists
with little other purpose than to protect Microsoft operating
systems from their inherent vulnerabilities, vulnerabilities that
would not be possible on a Posix-compliant Unix, namely
self-activating modules that can access any part of the operating
system. These systems are not open source and users have to wait
months for non-specific upgrades and service packs.“