Analysts: Security flaws won't undermine Linux

Although two potential security vulnerabilities affecting the Linux operating system have surfaced in the past three weeks, analysts and two users say the incidents won't erode confidence in Linux as a secure and economical alternative to Windows and Unix.

"I don't think we have any concern in particular about [choosing] Linux," said Matt Fahrner, manager of network services for Burlington Coat Factory Warehouse Corp. The Burlington, N.J.-based retailer of clothing and other consumer goods moved to Linux for much of its retail IT infrastructure in 2000.

Fahrner said he found the Linux community to be far more responsive than traditional, proprietary operating system vendors when security issues have cropped up, issuing fixes and patches quickly and publicly.

"We haven't found [the news of vulnerabilities] as something that now dissuades us from the operating system," he said.

Last week, a security flaw affecting Linux was found in the widely used zlib file compression library, which helps speed network file transfers. The flaw in a memory allocation routine could provide a path for an attacker to send malicious code and take root control of the machine.

Three weeks ago, a vulnerability was reported in a Netfilter firewall component used in various versions of the Linux kernel that could result in open ports that would allow intrusions by hackers.

"There's a period of shakeout that every [operating system] goes through," said Eric Hemmendinger, an analyst at Aberdeen Group Inc. in Boston. "I don't think this will cause people to say, 'Oops, this isn't what we thought it would be.'" Many other widely used operating systems, including IBM's mainframe software, commercial Unix products and Microsoft Corp.'s Windows NT, have "gone through a period of security vulnerability issues, but they've been resolved," Hemmendinger said. "IBM went through this period, and they put it behind them."

Brian Dewey, a network engineer at retailer Raymour & Flanigan Furniture Co. Inc. in Syracuse, N.Y., said the recent zlib and Netfilter issues haven't caused him any worries about his use of Linux for point-of-sale terminals in 50 stores and in firewall and other back-end systems. Dewey said he's satisfied that fixes are posted in short order to help users. His company, which has used the operating system for two years, is installing the zlib patches and updating Red Hat Inc. versions from 6.2 to 7.2.

Alan Paller, research director at the SANS Institute, a Bethesda, Md.-based nonprofit security group, said it's not a surprise that more vulnerabilities are showing up in Linux, since the operating system is being used more widely in corporate computing. The larger deployment of the operating system means more problems are likely to be seen in larger numbers, Paller said.

Dan Kusnetzky, an analyst at IDC in Framingham, Mass., said the true measure of the problem is not whether security issues crop up, but how quickly they're resolved.

"There is no such thing as an unbreakable product," Kusnetzky said. Instead, users are more interested in whether their Linux vendors take quick action to announce and post fixes for new vulnerabilities, he said. "The fact that something has shown up is not a major negative [for Linux]."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Todd R. Weiss

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?