Analysts: Security flaws won't undermine Linux

Although two potential security vulnerabilities affecting the Linux operating system have surfaced in the past three weeks, analysts and two users say the incidents won't erode confidence in Linux as a secure and economical alternative to Windows and Unix.

"I don't think we have any concern in particular about [choosing] Linux," said Matt Fahrner, manager of network services for Burlington Coat Factory Warehouse Corp. The Burlington, N.J.-based retailer of clothing and other consumer goods moved to Linux for much of its retail IT infrastructure in 2000.

Fahrner said he found the Linux community to be far more responsive than traditional, proprietary operating system vendors when security issues have cropped up, issuing fixes and patches quickly and publicly.

"We haven't found [the news of vulnerabilities] as something that now dissuades us from the operating system," he said.

Last week, a security flaw affecting Linux was found in the widely used zlib file compression library, which helps speed network file transfers. The flaw in a memory allocation routine could provide a path for an attacker to send malicious code and take root control of the machine.

Three weeks ago, a vulnerability was reported in a Netfilter firewall component used in various versions of the Linux kernel that could result in open ports that would allow intrusions by hackers.

"There's a period of shakeout that every [operating system] goes through," said Eric Hemmendinger, an analyst at Aberdeen Group Inc. in Boston. "I don't think this will cause people to say, 'Oops, this isn't what we thought it would be.'" Many other widely used operating systems, including IBM's mainframe software, commercial Unix products and Microsoft Corp.'s Windows NT, have "gone through a period of security vulnerability issues, but they've been resolved," Hemmendinger said. "IBM went through this period, and they put it behind them."

Brian Dewey, a network engineer at retailer Raymour & Flanigan Furniture Co. Inc. in Syracuse, N.Y., said the recent zlib and Netfilter issues haven't caused him any worries about his use of Linux for point-of-sale terminals in 50 stores and in firewall and other back-end systems. Dewey said he's satisfied that fixes are posted in short order to help users. His company, which has used the operating system for two years, is installing the zlib patches and updating Red Hat Inc. versions from 6.2 to 7.2.

Alan Paller, research director at the SANS Institute, a Bethesda, Md.-based nonprofit security group, said it's not a surprise that more vulnerabilities are showing up in Linux, since the operating system is being used more widely in corporate computing. The larger deployment of the operating system means more problems are likely to be seen in larger numbers, Paller said.

Dan Kusnetzky, an analyst at IDC in Framingham, Mass., said the true measure of the problem is not whether security issues crop up, but how quickly they're resolved.

"There is no such thing as an unbreakable product," Kusnetzky said. Instead, users are more interested in whether their Linux vendors take quick action to announce and post fixes for new vulnerabilities, he said. "The fact that something has shown up is not a major negative [for Linux]."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Todd R. Weiss

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?