Analysts: Security flaws won't undermine Linux

Although two potential security vulnerabilities affecting the Linux operating system have surfaced in the past three weeks, analysts and two users say the incidents won't erode confidence in Linux as a secure and economical alternative to Windows and Unix.

"I don't think we have any concern in particular about [choosing] Linux," said Matt Fahrner, manager of network services for Burlington Coat Factory Warehouse Corp. The Burlington, N.J.-based retailer of clothing and other consumer goods moved to Linux for much of its retail IT infrastructure in 2000.

Fahrner said he found the Linux community to be far more responsive than traditional, proprietary operating system vendors when security issues have cropped up, issuing fixes and patches quickly and publicly.

"We haven't found [the news of vulnerabilities] as something that now dissuades us from the operating system," he said.

Last week, a security flaw affecting Linux was found in the widely used zlib file compression library, which helps speed network file transfers. The flaw in a memory allocation routine could provide a path for an attacker to send malicious code and take root control of the machine.

Three weeks ago, a vulnerability was reported in a Netfilter firewall component used in various versions of the Linux kernel that could result in open ports that would allow intrusions by hackers.

"There's a period of shakeout that every [operating system] goes through," said Eric Hemmendinger, an analyst at Aberdeen Group Inc. in Boston. "I don't think this will cause people to say, 'Oops, this isn't what we thought it would be.'" Many other widely used operating systems, including IBM's mainframe software, commercial Unix products and Microsoft Corp.'s Windows NT, have "gone through a period of security vulnerability issues, but they've been resolved," Hemmendinger said. "IBM went through this period, and they put it behind them."

Brian Dewey, a network engineer at retailer Raymour & Flanigan Furniture Co. Inc. in Syracuse, N.Y., said the recent zlib and Netfilter issues haven't caused him any worries about his use of Linux for point-of-sale terminals in 50 stores and in firewall and other back-end systems. Dewey said he's satisfied that fixes are posted in short order to help users. His company, which has used the operating system for two years, is installing the zlib patches and updating Red Hat Inc. versions from 6.2 to 7.2.

Alan Paller, research director at the SANS Institute, a Bethesda, Md.-based nonprofit security group, said it's not a surprise that more vulnerabilities are showing up in Linux, since the operating system is being used more widely in corporate computing. The larger deployment of the operating system means more problems are likely to be seen in larger numbers, Paller said.

Dan Kusnetzky, an analyst at IDC in Framingham, Mass., said the true measure of the problem is not whether security issues crop up, but how quickly they're resolved.

"There is no such thing as an unbreakable product," Kusnetzky said. Instead, users are more interested in whether their Linux vendors take quick action to announce and post fixes for new vulnerabilities, he said. "The fact that something has shown up is not a major negative [for Linux]."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Todd R. Weiss

Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?