The escalating growth is already gaining the wrong sort of attention. According to Trend Micro, the number of Linux viruses and worms reported in the wild between June and November of last year increased five-fold, from 100 to 496, and is still growing. "The more popular Linux becomes, the more attention it will get from hackers. Viruses and malicious code are written by people who want to make money. Spamming, for example is a motive," a spokesman said.
Linux forced into a defensive strategy
Mark Cox, head of the Security Response Team at Red Hat, says malware writers are actively targeting Linux, forcing distributions to take a defensive strategy. "We limit negative publicity by alerting our customers as early as we can and educating them on what is safe and what is not," he says.
In conjunction with its emerging popularity as a host for parasites, Linux faces a formidable foe in Microsoft. Keen to tar Linux with a brush it knows intimately itself, the corporation publicizes every Linux vulnerability, no matter how insignificant.
Microsoft has been rattled by a constant battle with security issues as illustrated by its well-known 10-year plan to focus on "Trustworthy Computing."
Evan Blomquist, Linux instructor at The Training Camp, suppliers of on campus training, believes the debate on Linux security for the desktop is occurring only because of Microsoft's record. He believes Microsoft has become so blinkered by the fight that it thinks all operating systems have the same problems. He says that Microsoft's view has been colored by a false experience, and that the company is making a strategic mistake by attacking Linux security.
He does not believe Linux is at so much risk. "A cursory tour of the fundamental architecture should help you understand that Linux simply doesn't provide the fertile breeding ground for rogue software that Windows does," he says.
Blomquist says it is impossible to predict the issues that would face a world in which 95 percent of computer users were using a Linux desktop environment, but he believes security would be far less of a problem. "Virus pollution would not be nearly as prolific as it is under the current Microsoft desktop dominance, for fundamental OS architecture differences."
Ballmer: More vulnerabilities in Linux
Blomquist's opinion has not deflected Microsoft. Steve Ballmer, Microsoft's CEO, commented during a Gartner-sponsored trade show for information technology executives, "There are more vulnerabilities in Linux. It takes longer for Linux developers to fix security problems. It's a good decision to go with Windows. We're more secure than the other guys." Linux experts disagree vehemently for a variety of technical reasons, but marketing has always been as much about perception as it is about truth.
Despite the strengths of Linux, there will always be vulnerabilities for malware writers to attack and for competing marketers to mock. Anthony Allan, research director at Gartner, says, "Bugs and patches are inevitable. Because exploits follow patches, companies must be able to defend themselves against those exploits. Although Linux is open source software, few exploits are based on a review of the full code base; as with Windows, almost all are backward-engineered from the patches."
Graham Cluley, senior technology consultant at Sophos, has a starker warning. "Most Microsoft Windows viruses do not exploit any vulnerability in the operating system at all," he says. "Instead, they rely upon the user deciding to open and run an attached file."
He believes the flavor of operating system is largely irrelevant. "The reason why most viruses succeed has nothing to do with the operating system," he says, "but the fact that users are the weakest link."
True or not, this perception would certainly level the playing field if it were widely held and security differences between platforms would become a secondary issue for purchaser and users.
No end-user root access a key for Linux
But Steve Gaines, technical director at Novell, does not agree with Cluley's analysis. "A Linux desktop fixes the majority of problems associated with Internet access by not giving root access to general end users. Without such access, malware has little or no chance to gain a toehold in the system."
If these faults are solved quickly, the wind will be taken from Microsoft's sails. "With evidence that cyber-criminals are already actively targeting Linux systems, it is the response time to critical issues that makes Linux more secure than Microsoft-based systems," Red Hat's Cox says. "Because of the 'many eyes' of the open source community, security issues are found and dealt with much more quickly often long before they are even announced or made aware to the public."
It is no longer a question of whether the IT parasite will jump, but how high. There is already increased activity in writing malware to attack Linux, and escalating installations on the desktop are breeding opportunity. Currently no one can be certain how the security battle will play out, but it will be long and hard-fought.
William Knight is a writer on technology issues and a software development consultant. He currently lives and works in Devon in the UK. Further information can be found at his Web site.
Editor's note: This story represents the research and analysis of the writer, and not of NewsForge.