FITUG e.V.
Förderverein Informationstechnik und Gesellschaft
FITUG e.V.Förderverein Informationstechnik und Gesellschaft |
|
------- Forwarded message follows ------- From: "Adrian Midgley" <midgley@mednetics.org> To: <ukcrypto@maillist.ox.ac.uk> Subject: security by obscurity - -Silicon Date sent: Mon, 20 Mar 2000 13:45:48 -0000 Send reply to: ukcrypto@maillist.ox.ac.uk
Bozos ride again!
>From Silicon todayhttp://www.silicon.com/bin/bladerunner?30REQEVENT=&REQAUTH=21046&14001REQSUB=REQINT1=36413
Silicon.com has uncovered growing concern that the Linux operating system suffers from major security problems that could prevent its widespread adoption in the enterprise environment. An investigation discovered widespread belief that the open source nature of the operating system allows hackers an easy route into Linux-based systems. Phil Roberts, systems manager for a network installer, said running secure environments on Linux is like giving hackers a key to the door of the system. "Anyone running vital systems on Linux must be crazy," he said. Clive Longbottom, strategy analyst at Strategy Partners, agreed with his analysis, saying the problems are preventing its adoption in secure areas. He said: "Security needs to be built into the architecture of the operating system. This cannot happen if your source code is publicly available." He added that the issue could lead to proprietary versions of Linux being developed. Both agreed that commercial flavours of Linux are still far from ready for the corporate environment. Bernie Dodwell, business development manager for System Security specialist Integralis Group, said the operating system is insecure because it is open source. "This issue has to be resolved to get the system ready for the enterprise. At present a hacker would be able to go through the operating system like a dose of salts," he said. Microsoft was keen to endorse this view. However, not everyone agreed the OS had security problems. Unix expert Malcolm Beattie, systems programmer for Oxford University Computer Service, vehemently denied the allegation. "Far from the open source nature of the OS [Linux] posing a security problem, it is actually its best defence. It means that when a security threat is uncovered a patch normally appears within hours. With NT you can wait up to six months for an upgrade after a security hole appears." He added that it is the administration of the network, including the use of firewalls and proper maintenance, which creates security - not the operating system.
------- End of forwarded message -------