Compiled by US industry, government, and academics, the June 1 paper, titled How to Eliminate the Ten Most Critical Internet Security Threats: The Experts' Consensus, names versions of Unix and Linux systems in nine out of a "top ten" list of security vulnerabilities for operating systems that engineers "need to eliminate".
Dean Stockwell, director of sales and support, Network Associates Asia-Pacific, dismissed SANS's report as "skewed".
"Virus peddlers target the most popular system," said Stockwell. These happen to be Unix or Linux in the enterprise space, he believes.
"Most hackers graduate from Unix and Linux platforms. They know them intimately. They don't try to exploit them," Stockwell said.
Fifteen per cent of Australian organisations use a Linux system somewhere in their network server infrastructure, according to Rolf Jester, regional director of market services, Gartner Asia-Pacific.
Moreover, Stockwell suggested that local "up and coming" IT administrators are being trained in Unix or Linux platforms.
Stockwell also observed an "anti-Microsoft camp growing in Australia. They're turning to more stable platforms," he said, declining to name alternative brands.
A spokesperson from Sydney IT consultancy startup Working Technology begged to differ. "Unix and Linux are the geek operating systems," the representative said. "Windows NT is supported by 90 to 100 per cent of developers worldwide."
So how does network security health rate in Australia?
"Security is not a high enough priority for IT networks here," Stockwell said. "We're concerned about Y2K and GST problems. Security is priority two or three. It needs to be number one."
Stockwell attributes the perceived negligence to corporate Australia's "lack of best practices" and increasingly "busy" IT departments.
"To apply a security patch to any software literally takes minutes," he said. "I've often had to do it myself."
His advice to ensure Australian businesses are safe from network attack via the net is to enforce a policy of mandatory systems testing, particularly for file servers and mail servers, and committing to regular upgrading.
Industry ignorance to IT security threats are dire to the economy, Stockwell warned.
He pointed to the fallout from the notorious I Love You virus as an expensive example of a country unprepared for a "simple" security attack "written by a student in a matter of days".
The Love Bug cost Australian business an estimated $1.5 billion in down-time over four days.