|
Linux Pipeline Newsletter www.LinuxPipeline.com Tuesday, May 03, 2005 In This Issue: - Intellectual-Property Threats Drive Detection Software Market - Equal-Opportunity Evil: Mac, Linux Apps See More Attacks - Study: More Business Pros Sold On Firefox - More News... - Linux In Your Living Room? - Two Operating Systems. One Printer? No Problem! - Review: OS X Tiger. It's Grrrrrrreat! - More Picks... This issue sponsored by HP. The ProLiant BL35p featuring the AMD Opteron(TM) Processor is optimized to run Linux. This powerful combination delivers uncompromising manageability, maximum computing density, and breakthrough power efficiencies. http://ad.doubleclick.net/clk;15930752;11267447;h ----------------------------------------- Editor's Note: The Perils Of Popularity Is it possible that the yawning security gap between Windows on one side, and Linux, OS X, the BSDs, Solaris, and their ilk on the other, has less to do with technology than with sociology? Crackers, con artists and malware writers, the theory goes, like most adolescents, are more interested in showing off to their friends, and in impressing the "in crowd," than in doing their own thing. The result: Two generations of technically gifted sociopaths flocked to Windows--and proceeded to tear its guts out--for the same reasons teenagers spend every Friday night screeching up and down the same few blocks of city street in their parents' borrowed cars. It's an interesting idea, as long as you don't push it too far. It's also consistent with human nature: Consider the prospect of a genuinely challenging attack on a Linux, OS X, Solaris, or some other Unix-ish platform, braving hazards that range from the mundane (properly configured firewalls) to the murderous (the wrath of admins who are just like you, except with longer and more interesting criminal records). And even if you succeed, there might not be anyone around to admire your handiwork. Now consider the prospect of waking up late, enjoying some coffee while you slap a rootkit on every unpatched Windows XP box in town, transforming some company's file server into an imitation of Whoville after a Grinch visit, and defacing a half dozen Web sites with pictures of Andre the Giant--all before happy hour, and all the while knowing that your work will get a large and appreciative audience. The choice was never that simple, of course. And for years, pundits warned that if Linux or any other open-source platform got what it was looking for--mass-market success and respectability--we would see just how much damage enough script kiddies, pounding away at enough computers, could do once they turned their attention-seeking tactics on a fresh target. Earlier this week, the Sans Institute released its quarterly report of the top Internet security vulnerabilities. At the end of each year, Sans assembles all of these reports into a single Top 20 list--a software security Rogues' Gallery that inflicts more losses every year, due to damage, theft, downtime, and opportunity costs, than the average Florida hurricane season. It's not the kind of place where you like to see the name of your favorite operating system--and according to Sans Institute director Alan Paller, this quarter's software security list shows that the bad guys are out to give Microsoft some unhappy company. "Hackers haven't stopped attacking Microsoft products," Paller stated, "but they've started attacking everything else as well," "Everything else." I briefly envisioned burning skyscrapers, streets jammed with wrecked cars and rubble, and dazed survivors waiting for marauding bands of triumphant Apes to finish the job--all because some snippet of bad code slipped through the Open Source Million Eyeball Army. Then I see the Sans Institute's actual list. It turns out that "everything" can sometimes mean "not much," and this is one of those times. Seven of the 12 vulnerabilities the report lists are specific to Microsoft operating systems, servers, or everyone's favorite Twins of the Apocalypse, Internet Explorer and ActiveX. The other five top flaws are application-specific and cover multiple platforms; one of the five is actually a three-for-one deal that covers iTunes, WinAmp, and RealPlayer. None of the vulnerabilities involve either the Linux kernel or Darwin (the command-line core of OS X), and only the media player exploit is likely to pose more than a theoretical threat to desktop users, the group most likely to mistake foolish behavior for sound security practices. Does this shoot down the idea that any operating system is only as secure as its ability to escape the notice of crazy people who know how to program in C? That all depends on whether Linux, or OS X for that matter, has crossed that invisible line beyond which a platform's popularity, visibility, media buzz, application support, and smug users will begin to attract a critical mass of Geeks Behaving Badly. Personally, I was ready a few months ago to assume that, even with Microsoft's less-than-stellar reputation among career computer criminals, both Linux and Mac users should begin to see more unwelcome gifts that were once addressed exclusively to their Windows-based neighbors. Yet as far as I can tell, it simply isn't happening. Instead of an unmistakable trend--the kind of trend that would send sales of Linux anti-virus software soaring by orders of magnitude--all I see are eddies in the data stream that may or may not suggest there's a monster lurking under the surface. Do my impressions match all of yours? Have you come across any statistics that, as far as you're concerned, settle the question of whether platform security can survive a few years of legitimate mass-market success? And is Linux, or any other non-Windows OS, popular enough to put this theory to the only test that matters? Send me what you have, and tell me what you make of it--and if the pieces fit together, we can all gawk together at whatever turns up.
Matthew McKenzie
Don't let future editions of Linux Pipeline Newsletter go missing. Take a moment to add the newsletter's address to your anti-spam whitelist: linuxed@techwire.com If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks. Top Linux News Intellectual-Property Threats Drive Detection Software Market Palamida competes with Black Duck in an emerging market competition to search for open-source code that could create intellectual property-related legal problems.
Equal-Opportunity Evil: Mac, Linux Apps See More Attacks
Study: More Business Pros Sold On Firefox
Ballmer Gets Pumped Up Over Sun
Firefox Tops 50 Million Downloads
Greenplum Debuts Open-Source Data Warehouse Software
Apple Powers Up iMacs
Opera Passes 2 Million Download Mark Editor's Picks Linux In Your Living Room? Personal video recorder software could give Linux a killer app in the consumer market--if PVR developers can deliver products that click with couch potatoes as well as propeller-heads.
Two Operating Systems. One Printer? No Problem!
Review: OS X Tiger. It's Grrrrrrreat!
Nessus: A Scan Today Keeps Attackers Away Cast Your Vote Now! We're in the third week of our poll asking for your opinion about the impact recent publicity about ill-mannered Linux and open-source enthusiasts might have on open-source businesses and public opinion. Tell us what you think: Are open-source fanatics a real threat to the community and to business, or just an annoying minority everyone knows not to take seriously. No empty promises of outlandish prizes this week. Vote because it's the right thing to do--and it makes me look good. Vote early, vote often Get More Out Of Linux Pipeline Try Linux Pipeline's RSS Feed Linux Pipeline's content is available via RSS feed: Get RSS link. The feed is also auto-discoverable to many RSS readers from the Linux Pipeline home page. Note: RSS feeds are not viewable in most Web browsers. You need an RSS reader, Web-based service, or plug-in to view RSS. Find out which RSS readers the Pipeline editors recommend.
Check Out Our Linux Product Finder
Discover All The Pipelines
Recommend This Newsletter To A Friend
This issue sponsored by HP. The ProLiant BL35p featuring the AMD Opteron(TM) Processor is optimized to run Linux. This powerful combination delivers uncompromising manageability, maximum computing density, and breakthrough power efficiencies. http://ad.doubleclick.net/clk;15930752;11267447;h ----------------------------------------- Manage Your Newsletter Subscription We take your privacy very seriously. Please review our Privacy Policy.
Linux Pipeline Newsletter
|