Research Says Linux Servers Mostly Hack-Free


According to new research published by Evans Data this week, a significant
majority of Linux servers have never been infected with a virus and have
never been compromised by a malicious attack.

A word of caution though: The results come from a July survey of only 500
Linux developers. In that survey, 78 percent of respondents reported that
they have never had a Linux server compromised by a malicious hacking
activity, while 92 percent claimed that
they have never had a Linux machine infected with a virus. The survey
results stand in stark contrast with Evans Data’s own spring survey of
non-Linux developers, in which 60 percent admitted that they had a security
breach, and a full 32 percent actually had three or more breaches. Only 7 percent of
Linux users reported having three or more breaches.

“Linux architecture makes it far more difficult for virus writers to gain
access to a Linux machine with elevated privileges, so whatever damage a
virus can do on Linux is limited to the ‘jail’ in which the virus must run,”
Nicholas Petreley, Evans Data’s Linux analyst, told internetnews.com.

Petreley surmised that the mechanism by which a Linux machine can be
compromised is by users inadequately configuring security settings. Also,
malicious hackers may also make use of certain application flaws that are
neither specific nor unique to Linux.

According to the survey results, of the users that had reported malicious
attacks, valid internal users caused 23 percent of them. The stat is
something that further serves to highlight that those internal threats,
regardless of operating system, are something for IT admins to be vigilant
about.

Some security researchers have argued that Microsoft Internet Explorer, and
to a lesser degree Outlook, are inherently insecure, and that’s the reason
for the difference for attacks between the OS’s. Petreley argued, however,
that this a more complicated question than most think.

“If by this you mean, ‘If someone wrote a virus for the email and browser
programs Linux users use (such as Evolution and Mozilla), would the virus do
as much damage?’ The answer is ‘rarely, if ever,'” Petreley said.

The Evans Data analyst argues that the Windows architecture creates
vulnerabilities which often expose the whole system to the virus.
“So a virus can enter the system via a user’s browser or e-mail program and
then escalate its own privileges far enough to damage the whole system,”
Petreley explained. “Linux isolates users from system programs far better —
so even if someone came up with a clever e-mail or browser virus that worked
on Linux, the virus shouldn’t be able to damage anything more than the
user’s personal files — and even that can be avoided with a cleverly
configured email and browser.”

To further elaborate his argument, Petreley pointed out that Outlook and IE
can be run under Linux using an emulator, though any potential malicious
activity still does not damage the underlying operating system.


“Since things like WINE and Win4Lin emulate Windows faithfully, a virus that
enters through Outlook or IE could possibly damage your installation of WINE
or Win4Lin, but it cannot damage the Linux operating system itself,”
Petreley said.

The Linux security honeymoon, though, may soon be coming to an end, as
Linux’s own popularity may become its undoing.
“In the past the *nix operating system was considered highly secure, but
then came worms like Ramen, Spida and Slapper, to name a few,” Ken Dunham,
director of Malicious Code iDEFENSE told internetnews.com.

Dunham argues that since *nix (UNIX,Linux, BSD’s etc) have become easier to
use and more popular, there are also more less technical users out there who
own and maintain such computers.

In Dunham’s opinion, “This has naturally resulted in a less secure *nix world,
since many of these newer users are less technical and do not patch or
secure computers against attack on a regular basis or competently in regards
to attacks of today.”

“As the *nix systems become more popular they will naturally become a larger
target of attack,” he said.

Among the other issues included in the Evans Data Survey was a question that
relates to threats not from hackers but from patent infringement.
Perhaps one of the most widely perceived potential threats to Linux is the
pending litigation by SCO. However, according to the survey
respondents, a strong 76 percent of them don’t believe that the legal action
will affect their companies’ adoption of Linux.

News Around the Web