Linux Security: A Big Edge Over Windows
Dec 18, 2006 4:00 AM PT
As consumers experiment with the Linux operating system and consider switching from Windows, the first carryover they expect to find is applications for virus and spyware protection. However, few exist because Linux does not need them.
Nearly all Linux distributions bundle a firewall package, but they don't include other intrusion protection software.
That does not mean that Linux users are completely worry free about the security concerns of Windows and Mac platform users. However, the risk level from e-mail attachments, viruses and worms is practically nil.
Setting Up Correctly
"The Linux OS is ironclad, especially compared to Windows and even the Mac OS," James Bottomley, Linux expert and chief technology officer of SteelEye Technology told LinuxInsider. "But just like in your own home, if you leave a door open, you are going to get robbed sooner or later. The way to keep the door closed in Linux is to set policies correctly."
With most Linux distributions, this is often hard to get right if there is no IT support, cautioned Bottomley, who is the gatekeeper of the Linux Kernel SCSI Maintainership, and is on the board of directors for the Open Source Development Labs (OSDL).
Linux is better at locking down a computer than Windows. The Linux OS uses configuration settings and user permissions to a much more efficient degree than the Windows administrator account. To do this, non-enterprise users should seek help from third-party security suites that serve as configuration managers, he said.
The only other major concern for home and small-business users is to update the software regularly by setting the Internet updates to automatic within the system administration. This is a similar process to the Microsoft Windows update.
"Users should be sure to click on the update icon whenever it notifies them of a new security or software patch," Bottomley explained. "Other than that, Linux users do not need to burden their systems with third-party antivirus products. Most vendors are not addressing the Linux virus threat because it does not exist. There are no known forms of Linux attacks using that vector, either infected attachments or viruses."
The difference between a home desktop Linux user and a Linux user within a protected enterprise environment is blurring more every day, according to Mike Ferris, director of Security Solutions for Red Hat.
VPNs, telecommuting, connected PDAs and ubiquitous WiFi are all helping to drive this continued blurring. This means that the concerns of a home user, while on a different scale, are often the same as the enterprise IT manager responsible for protecting thousands of users, business processes and data, he said.
"What home users must be aware of is the level of risk they are willing to take," he told LinuxInsider.
The role of the CIO/CISO is much more than determining which technologies need to be deployed to protect the environment. "It is now inclusive of what level of risk the enterprise can accept. Home users must now make a lot of the same decisions," he noted. "Education about malicious Web sites and identity theft via spyware will help those home users understand what level of risk they are taking when online."
Dick DeVillers, vice president of technology for security software firm Symark, sees a relationship between home Linux users who need less security add ons and enterprise Linux users. One of the biggest concerns that needs to be addressed, he said, is that security should be considered a process of protecting an entire computing environment, not just one platform.
"Even home users now have multiple operating systems and appliances such as set-top boxes and WiFi enabled gaming consoles. This means that security must be addressed by looking at the value which everything on your network provides and protecting it," declared DeVillers. Linux security is more than just a me-only concern.
"Certainly we believe that Linux and the open source community are exceptionally aggressive in building new technologies and being responsive to issues when they do appear," he added. "But end users, regardless of home or enterprise focus, must continue to remain vigilant and cognizant of their entire infrastructure and level of risk they are taking."
To that end, Linux users can find a limited assortment of add-on security products to ensure that security threats are not an issue.
Antivirus and antispyware applications on Linux are available both in open source projects such as Clam Antivirus and several third-party vendors such a F-Prot, AVG Internet Security and Vira AntiVir Personal Edition Classic.
Even without third-party virus protection, Linux is more resilient to attacks to Windows computers. Ferris noted that Linux has some inherent capabilities which provide protection from intrusions both before and after they occur.
For instance, Native Type Enforcement (via SELinux) is now a core part of Linux, and isolates applications via security policy to limit the damage that can be done by malicious software or users. Another example is Execshield, which protects against memory buffer overflow exploits.
"These technologies are proactive approaches to changing the way whole categories of security attacks are addressed, rather than only looking at existing exploits and eliminating specific attack profiles," said Ferris.
With Linux, the security concerns are not so much from outside assaults as with the Windows OS, DeVillers explained. Linux is unbothered by Windows-type exploits. It is the threats from within the organization using the computer that presents the greatest risk. To prevent problems like that, you need control and authorization protection.
"Security issues when using Linux in an enterprise environment are easily covered by IT services. However, desktop users in a small business or home situation should make sure they have the basics covered so they are not bothered by a security lapse," advised DeVillers.
He suggested individual Linux users lock up the Internet ports by activating a firewall. If the Linux distribution in use lacks one, he recommended using the package manager applet to get and install the open source FireStarter firewall. A second security step is to have a password management tool activated and a boot password required for the computer.