April 9, 2002

Linux developer survey: Three quarters have never had unwanted security intrusion

- By Grant Gross -

A new Evans Data Corp. survey of Linux developers confirms something many Linux users already know: that their systems are "relatively immune" from outside attacks on their systems, and their systems are more secure than Windows.
Among the results of the study, announced this week: 78% of the more than 400 respondents developing for Linux say they have never experienced an unwanted intrusion that they're aware of, and 94% say they have never had a virus on their Linux systems.

Compare the Linux numbers to a new, more general Computer Security Institute/FBI survey that showed 90% of respondents reporting security breaches within the past year.

In addition, 84% of the Linux survey respondents believe that Linux is inherently more secure than software not created in an Open Source environment. Those responding ranked Red Hat Linux's security roughly comparable to Solaris and AIX, both often used in enterprise settings, and "above any of the Windows platforms by a significant margin."

But Jeff Child, an analyst with Evans Data and technology journalist, says the security benefits that Linux users take for granted may not be general knowledge among enterprise tech staffs and other potential users. He notes that anyone trying to sell anti-virus software to a Linux user is likely to be as successful as a winter hat and glove salesman in Hawaii.

"The security aspect of Linux is one of the best-kept secrets, but it's also something that's obvious to people who play with Linux or to Linux developers," he says. "Viruses are rare. That's something fundamental to Linux, but I don't think it's understood by the outside world."

Asked what operating system has the fewest security vulnerabilities, 26% of the survey respondents answered FreeBSD, and another 26% chose a Linux distribution, with Red Hat getting 16%, Mandrake 6% and SuSE about 4%. A couple of Unix variants scored around 13%, while Windows garnered 7% of responses.

However, when asked if Linux has sufficient code audits, only 56% answered yes. 55% of respondents said they had used formal code methods for security reviews.

Among the many answers in the 150-page survey results, Child says he was surprised by the number of those responding who had no opinion when asked questions about Web services, such as Microsoft's .Net. Although Child sees an opportunity for Linux to bridge the Web services gap between Microsoft and efforts at IBM and Sun, close to half of those responding had no opinion on many of the survey's Web services-related questions.

"It's interesting because [Web services is] an important area for Linux, but the results show that a lot of people don't have their eyes on that," Child says.

For example, 34% had no opinion when asked about the leading Free Software alternatives to .Net, Mono and DotGNU, and the other responses were "lukewarm" about those projects, even though both have gotten several mentions in the Linux-related media. Another 18% said they were happy to see alternative projects that marry Web services to Linux, while 23% agreed with the statement: "I think it's a bad idea that we can write Web services applications in Linux without using Microsoft proprietary languages."

Another 7% said porting Microsoft's C# was a necessary evil, while 16.5% said they think there should be Web services in Linux, but they weren't going to use C# to make it happen.

The general tone of the survey was militantly anti-Microsoft, Child said. "Even though there may be a market to bring Linux into Web services, I think there's a feeling among some that they wish Microsoft would go away and they'd be free to take more of that pie."

Asked what type of applications they were creating for Linux, the leading answer at 17%, was applications for internal corporate use. Web-based services came in second at 13%, while e-commerce applications and Web portals each rated just under 11%. Embedded systems received about 7%, wireless applications just under 6%, gaming/audio/video was just under 4%.

Evans Data's "Spring 2002 Linux Developer Survey" is part of a series published every six months and focusing exclusively on developers creating Linux applications. The surveys look for perceptions and awareness of Linux developers on a wide variety of topics, including development plans, technology adoption trends and developer tools. More information on the survey is available at the Evans Data Web site.


  • Linux
Click Here!