November 11, 2004

Pundits predict malware may target Linux

Author: William Knight

When a parasite is faced with a change in environment, it too will change or perish. While Microsoft Windows is the platform of choice for viruses and other malware, parasite writers are starting to smell fresh blood elsewhere. Numerous metrics indicate that Linux is charging full speed into the desktop market. According to an IDC report, businesses and government departments will spend $98 million on services to support their Linux systems in 2004. By 2008, the figure is predicted to increase to $228 million. UPDATED

The escalating growth is already gaining the wrong sort of attention. According to Trend Micro, the number of Linux viruses and worms reported in the wild between June and November of last year increased five-fold, from 100 to 496, and is still growing. "The more popular Linux becomes, the more attention it will get from hackers. Viruses and malicious code are written by people who want to make money. Spamming, for example is a motive," a spokesman said.

Linux forced into a defensive strategy

Mark Cox, head of the Security Response Team at Red Hat, says malware writers are actively targeting Linux, forcing distributions to take a defensive strategy. "We limit negative publicity by alerting our customers as early as we can and educating them on what is safe and what is not," he says.

In conjunction with its emerging popularity as a host for parasites, Linux faces a formidable foe in Microsoft. Keen to tar Linux with a brush it knows intimately itself, the corporation publicizes every Linux vulnerability, no matter how insignificant.

Microsoft has been rattled by a constant battle with security issues as illustrated by its well-known 10-year plan to focus on "Trustworthy Computing."

Evan Blomquist, Linux instructor at The Training Camp, suppliers of on campus training, believes the debate on Linux security for the desktop is occurring only because of Microsoft's record. He believes Microsoft has become so blinkered by the fight that it thinks all operating systems have the same problems. He says that Microsoft's view has been colored by a false experience, and that the company is making a strategic mistake by attacking Linux security.

He does not believe Linux is at so much risk. "A cursory tour of the fundamental architecture should help you understand that Linux simply doesn't provide the fertile breeding ground for rogue software that Windows does," he says.

Blomquist says it is impossible to predict the issues that would face a world in which 95 percent of computer users were using a Linux desktop environment, but he believes security would be far less of a problem. "Virus pollution would not be nearly as prolific as it is under the current Microsoft desktop dominance, for fundamental OS architecture differences."

Ballmer: More vulnerabilities in Linux

Blomquist's opinion has not deflected Microsoft. Steve Ballmer, Microsoft's CEO, commented during a Gartner-sponsored trade show for information technology executives, "There are more vulnerabilities in Linux. It takes longer for Linux developers to fix security problems. It's a good decision to go with Windows. We're more secure than the other guys." Linux experts disagree vehemently for a variety of technical reasons, but marketing has always been as much about perception as it is about truth.

Despite the strengths of Linux, there will always be vulnerabilities for malware writers to attack and for competing marketers to mock. Anthony Allan, research director at Gartner, says, "Bugs and patches are inevitable. Because exploits follow patches, companies must be able to defend themselves against those exploits. Although Linux is open source software, few exploits are based on a review of the full code base; as with Windows, almost all are backward-engineered from the patches."

Graham Cluley, senior technology consultant at Sophos, has a starker warning. "Most Microsoft Windows viruses do not exploit any vulnerability in the operating system at all," he says. "Instead, they rely upon the user deciding to open and run an attached file."

He believes the flavor of operating system is largely irrelevant. "The reason why most viruses succeed has nothing to do with the operating system," he says, "but the fact that users are the weakest link."

True or not, this perception would certainly level the playing field if it were widely held and security differences between platforms would become a secondary issue for purchaser and users.

No end-user root access a key for Linux

But Steve Gaines, technical director at Novell, does not agree with Cluley's analysis. "A Linux desktop fixes the majority of problems associated with Internet access by not giving root access to general end users. Without such access, malware has little or no chance to gain a toehold in the system."

The stakes are rising, and Linux will be the subject of many more headlines like the recent reports "Linux kernel flaw allows DoS attack" and ""Linux under threat from 'security update.' "

If these faults are solved quickly, the wind will be taken from Microsoft's sails. "With evidence that cyber-criminals are already actively targeting Linux systems, it is the response time to critical issues that makes Linux more secure than Microsoft-based systems," Red Hat's Cox says. "Because of the 'many eyes' of the open source community, security issues are found and dealt with much more quickly often long before they are even announced or made aware to the public."

It is no longer a question of whether the IT parasite will jump, but how high. There is already increased activity in writing malware to attack Linux, and escalating installations on the desktop are breeding opportunity. Currently no one can be certain how the security battle will play out, but it will be long and hard-fought.

William Knight is a writer on technology issues and a software development consultant. He currently lives and works in Devon in the UK. Further information can be found at his Web site.

Editor's note: This story represents the research and analysis of the writer, and not of NewsForge.


  • Security
Click Here!