Friday, April 2, 2010

Linux is insecure?

I am a linux fanboi and ever since I was immersed into the world of linux and linux security (iptables and interactive firewall etc), it has always been emphasized to me that linux is a very secure operating system. It is one of the reasons that many people use to attempt to persuade more people into using the operating system.

However, it seems that the linux may not be as secure as many believe. According to, Steven J argues that all software is insecure. This is the beginning of his article Face it: Linux is insecure:

Linux is insecure. Open source is insecure. Windows is insecure. All software is insecure.

Deal with it.

People keep having this delusion that security is a product. That, if you just buy some magic box, you'll have a program or an operating system that's as secure as Fort Knox.

It doesn't work that way. Security is a process, not a product.

According to Hacking For Dummies by Kevin Beaver, linux also has the same vulnerabilites that can be exploited as Windows operating systems. He claims that:

Linux — the new darling competitor to Microsoft — is the latest flavor of UNIX that has really taken off in corporate networks. A common misconception is that Windows is the most insecure operating system (OS). However,Linux — and most of its sister variants of UNIX — is prone to the same security vulnerabilities as any other operating system.

Hackers are attacking Linux in droves because of its popularity and growing usage in today’s network environment. Because some versions of Linux are free — in the sense that you don’t have to pay for the base operating system — many organizations are installing Linux for their Web servers and e-mail servers in hopes of saving money.

I am not saying that you will be hacked if you use a linux of operating system. My point is that whilst the security and stability of linux can be emphasized, security precautions also need to be emphasized, so users of linux (especially those new to linux) are not given the false sense of security that linux is a 100% secure operating system.

According to, this may be true. From their article,

Unfortunately, many Linux distributions make a number of painfully wrong security decisions at install. All too often these issues are overlooked by the administrator since the prevailing wisdom tends to be: “If it’s Linux, it’s secure.” As we’ll soon see, that’s not always the case.

With that said, there are many linux operating systems with a strong emphasis on security. Also, there are many auditing tools that can be used to assess the current security policy of a linux system. Linux Security Auditing Tool (LSAT) is one such tool that achieves this.

No comments:

Post a Comment