Computer Crime Research Center


Linux developers insist on high level security

Date: September 13, 2004
Source: Computer Crime Research Center
By: Dmitri Kramarenko

Nine of ten companies developing Linux claim that their systems have never been infected by a virus, while four of five companies assert that their systems haven't ever been down due to hacking.

A Summer 2004 Survey conducted by analytic firm Evans Data, that totalled 500 Linux developers of the USA, showed that generally 22% of Linux-based system were hacked. Therein, almost a quarter of cases (23%) involved unauthorized intrusion initiated by companies' employees, i.e. people having available accounts allowing to log in corporate Linux servers. Besides, Evans Data have cleared out that only 7% of systems were hacked three of more times (for comparison, the spring poll showed three of five companies not working with Linux systems reported of their systems' security breaches, 32% reported that their systems encountered three or more hackings).

"It's not surprising that Linux systems aren't hacked to the degree that Windows-based machines can be exploited. The reasons for the greater inherent security of the Linux OS are simple, more eyes on the code means that less slips by and the OS is naturally going to be better secured," said Nicholas Petreley, Evans Data's Linux analyst. "As also found in Evans’ recently released Security Development Survey, the mechanism by which a Linux machine can be compromised is by users inadequately configuring security settings. Ironically, the other flaws that crackers use to compromise Linux servers are flaws in applications which run on competing operating systems, so those vulnerabilities are not specific to Linux."

Other findings from the July survey of 500 Linux developers:

- Developer migration to the 2.6 Kernel has increased significantly in six months, rising by more than 80% with only 12% expecting to take longer than a year to make the move.

- Seventy-six percent of Linux developers now believe that the SCO lawsuit will "probably not" or "absolutely not" affect their company’s adoption of Linux, up another 8% in the last six months.

- The main ways that Linux machines can be compromised are: Inadequately configured security settings, vulnerability in internet service and Web server flaws.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo