[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] Desinformation

------- Forwarded message follows -------
From:           	"Adrian Midgley" <midgley@mednetics.org>
To:             	<ukcrypto@maillist.ox.ac.uk>
Subject:        	security by obscurity - -Silicon
Date sent:      	Mon, 20 Mar 2000 13:45:48 -0000
Send reply to:  	ukcrypto@maillist.ox.ac.uk

Bozos ride again!

>From Silicon today

Silicon.com has uncovered growing concern that the Linux operating
system suffers from major security problems that could prevent its
widespread adoption in the enterprise environment. An investigation
discovered widespread belief that the open source nature of the
operating system allows hackers an easy route into Linux-based
systems. Phil Roberts, systems manager for a network installer, said
running secure environments on Linux is like giving hackers a key to
the door of the system. "Anyone running vital systems on Linux must be
crazy," he said. Clive Longbottom, strategy analyst at Strategy
Partners, agreed with his analysis, saying the problems are preventing
its adoption in secure areas. He said: "Security needs to be built
into the architecture of the operating system. This cannot happen if
your source code is publicly available." He added that the issue could
lead to proprietary versions of Linux being developed. Both agreed
that commercial flavours of Linux are still far from ready for the
corporate environment. Bernie Dodwell, business development manager
for System Security specialist Integralis Group, said the operating
system is insecure because it is open source. "This issue has to be
resolved to get the system ready for the enterprise. At present a
hacker would be able to go through the operating system like a dose of
salts," he said. Microsoft was keen to endorse this view. However, not
everyone agreed the OS had security problems. Unix expert Malcolm
Beattie, systems programmer for Oxford University Computer Service,
vehemently denied the allegation. "Far from the open source nature of
the OS [Linux] posing a security problem, it is actually its best
defence. It means that when a security threat is uncovered a patch
normally appears within hours. With NT you can wait up to six months
for an upgrade after a security hole appears." He added that it is the
administration of the network, including the use of firewalls and
proper maintenance, which creates security - not the operating system.

------- End of forwarded message -------