Analysts: Security flaws won't undermine Linux

Although two potential security vulnerabilities affecting the Linux operating system have surfaced in the past three weeks, analysts and two users say the incidents won't erode confidence in Linux as a secure and economical alternative to Windows and Unix.

"I don't think we have any concern in particular about [choosing] Linux," said Matt Fahrner, manager of network services for Burlington Coat Factory Warehouse Corp. The Burlington, N.J.-based retailer of clothing and other consumer goods moved to Linux for much of its retail IT infrastructure in 2000.

Fahrner said he found the Linux community to be far more responsive than traditional, proprietary operating system vendors when security issues have cropped up, issuing fixes and patches quickly and publicly.

"We haven't found [the news of vulnerabilities] as something that now dissuades us from the operating system," he said.

Last week, a security flaw affecting Linux was found in the widely used zlib file compression library, which helps speed network file transfers. The flaw in a memory allocation routine could provide a path for an attacker to send malicious code and take root control of the machine.

Three weeks ago, a vulnerability was reported in a Netfilter firewall component used in various versions of the Linux kernel that could result in open ports that would allow intrusions by hackers.

"There's a period of shakeout that every [operating system] goes through," said Eric Hemmendinger, an analyst at Aberdeen Group Inc. in Boston. "I don't think this will cause people to say, 'Oops, this isn't what we thought it would be.'" Many other widely used operating systems, including IBM's mainframe software, commercial Unix products and Microsoft Corp.'s Windows NT, have "gone through a period of security vulnerability issues, but they've been resolved," Hemmendinger said. "IBM went through this period, and they put it behind them."

Brian Dewey, a network engineer at retailer Raymour & Flanigan Furniture Co. Inc. in Syracuse, N.Y., said the recent zlib and Netfilter issues haven't caused him any worries about his use of Linux for point-of-sale terminals in 50 stores and in firewall and other back-end systems. Dewey said he's satisfied that fixes are posted in short order to help users. His company, which has used the operating system for two years, is installing the zlib patches and updating Red Hat Inc. versions from 6.2 to 7.2.

Alan Paller, research director at the SANS Institute, a Bethesda, Md.-based nonprofit security group, said it's not a surprise that more vulnerabilities are showing up in Linux, since the operating system is being used more widely in corporate computing. The larger deployment of the operating system means more problems are likely to be seen in larger numbers, Paller said.

Dan Kusnetzky, an analyst at IDC in Framingham, Mass., said the true measure of the problem is not whether security issues crop up, but how quickly they're resolved.

"There is no such thing as an unbreakable product," Kusnetzky said. Instead, users are more interested in whether their Linux vendors take quick action to announce and post fixes for new vulnerabilities, he said. "The fact that something has shown up is not a major negative [for Linux]."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Todd R. Weiss

Computerworld
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?