RealTime IT News

Research Says Linux Servers Mostly Hack-Free

According to new research published by Evans Data this week, a significant majority of Linux servers have never been infected with a virus and have never been compromised by a malicious attack.

A word of caution though: The results come from a July survey of only 500 Linux developers. In that survey, 78 percent of respondents reported that they have never had a Linux server compromised by a malicious hacking activity, while 92 percent claimed that they have never had a Linux machine infected with a virus. The survey results stand in stark contrast with Evans Data's own spring survey of non-Linux developers, in which 60 percent admitted that they had a security breach, and a full 32 percent actually had three or more breaches. Only 7 percent of Linux users reported having three or more breaches.

"Linux architecture makes it far more difficult for virus writers to gain access to a Linux machine with elevated privileges, so whatever damage a virus can do on Linux is limited to the 'jail' in which the virus must run," Nicholas Petreley, Evans Data's Linux analyst, told internetnews.com.

Petreley surmised that the mechanism by which a Linux machine can be compromised is by users inadequately configuring security settings. Also, malicious hackers may also make use of certain application flaws that are neither specific nor unique to Linux.

According to the survey results, of the users that had reported malicious attacks, valid internal users caused 23 percent of them. The stat is something that further serves to highlight that those internal threats, regardless of operating system, are something for IT admins to be vigilant about.

Some security researchers have argued that Microsoft Internet Explorer, and to a lesser degree Outlook, are inherently insecure, and that's the reason for the difference for attacks between the OS's. Petreley argued, however, that this a more complicated question than most think.

"If by this you mean, 'If someone wrote a virus for the email and browser programs Linux users use (such as Evolution and Mozilla), would the virus do as much damage?' The answer is 'rarely, if ever,'" Petreley said.

The Evans Data analyst argues that the Windows architecture creates vulnerabilities which often expose the whole system to the virus. "So a virus can enter the system via a user's browser or e-mail program and then escalate its own privileges far enough to damage the whole system," Petreley explained. "Linux isolates users from system programs far better -- so even if someone came up with a clever e-mail or browser virus that worked on Linux, the virus shouldn't be able to damage anything more than the user's personal files -- and even that can be avoided with a cleverly configured email and browser."

To further elaborate his argument, Petreley pointed out that Outlook and IE can be run under Linux using an emulator, though any potential malicious activity still does not damage the underlying operating system.

"Since things like WINE and Win4Lin emulate Windows faithfully, a virus that enters through Outlook or IE could possibly damage your installation of WINE or Win4Lin, but it cannot damage the Linux operating system itself," Petreley said.

The Linux security honeymoon, though, may soon be coming to an end, as Linux's own popularity may become its undoing. "In the past the *nix operating system was considered highly secure, but then came worms like Ramen, Spida and Slapper, to name a few," Ken Dunham, director of Malicious Code iDEFENSE told internetnews.com.

Dunham argues that since *nix (UNIX,Linux, BSD's etc) have become easier to use and more popular, there are also more less technical users out there who own and maintain such computers.

In Dunham's opinion, "This has naturally resulted in a less secure *nix world, since many of these newer users are less technical and do not patch or secure computers against attack on a regular basis or competently in regards to attacks of today."

"As the *nix systems become more popular they will naturally become a larger target of attack," he said.

Among the other issues included in the Evans Data Survey was a question that relates to threats not from hackers but from patent infringement. Perhaps one of the most widely perceived potential threats to Linux is the pending litigation by SCO. However, according to the survey respondents, a strong 76 percent of them don't believe that the legal action will affect their companies' adoption of Linux.