Date: Tue, 3 May 2005 18:11:58 -0400 (EDT)
From:"Linux Pipeline Newsletter" <>
Subject: [LXP] Linux Pipeline - 05-03-2005 - Perils Of Popularity Linux Pipeline Newsletter | The Perils Of Popularity | 05.03.2005
Linux Pipeline Newsletter
Tuesday, May 03, 2005

In This Issue:
  • Editor's Note: The Perils Of Popularity
  • Top Linux News
        - Intellectual-Property Threats Drive Detection Software Market
        - Equal-Opportunity Evil: Mac, Linux Apps See More Attacks
        - Study: More Business Pros Sold On Firefox
        - More News...
  • Editor's Picks
        - Linux In Your Living Room?
        - Two Operating Systems. One Printer? No Problem!
        - Review: OS X Tiger. It's Grrrrrrreat!
        - More Picks...
  • Voting Booth: How do You Get Your IT News?
  • Get More Out Of Linux Pipeline
  • Manage Your Newsletter Subscription

    ------- Advertisement -------------------
    This issue sponsored by HP. The ProLiant BL35p featuring the AMD
    Opteron(TM) Processor is optimized to run Linux. This powerful
    combination delivers uncompromising manageability, maximum
    computing density, and breakthrough power efficiencies.;15930752;11267447;h


    Editor's Note: The Perils Of Popularity

    Is it possible that the yawning security gap between Windows on one side, and Linux, OS X, the BSDs, Solaris, and their ilk on the other, has less to do with technology than with sociology?

    Crackers, con artists and malware writers, the theory goes, like most adolescents, are more interested in showing off to their friends, and in impressing the "in crowd," than in doing their own thing. The result: Two generations of technically gifted sociopaths flocked to Windows--and proceeded to tear its guts out--for the same reasons teenagers spend every Friday night screeching up and down the same few blocks of city street in their parents' borrowed cars.

    It's an interesting idea, as long as you don't push it too far. It's also consistent with human nature: Consider the prospect of a genuinely challenging attack on a Linux, OS X, Solaris, or some other Unix-ish platform, braving hazards that range from the mundane (properly configured firewalls) to the murderous (the wrath of admins who are just like you, except with longer and more interesting criminal records). And even if you succeed, there might not be anyone around to admire your handiwork.

    Now consider the prospect of waking up late, enjoying some coffee while you slap a rootkit on every unpatched Windows XP box in town, transforming some company's file server into an imitation of Whoville after a Grinch visit, and defacing a half dozen Web sites with pictures of Andre the Giant--all before happy hour, and all the while knowing that your work will get a large and appreciative audience.

    The choice was never that simple, of course. And for years, pundits warned that if Linux or any other open-source platform got what it was looking for--mass-market success and respectability--we would see just how much damage enough script kiddies, pounding away at enough computers, could do once they turned their attention-seeking tactics on a fresh target.

    Earlier this week, the Sans Institute released its quarterly report of the top Internet security vulnerabilities. At the end of each year, Sans assembles all of these reports into a single Top 20 list--a software security Rogues' Gallery that inflicts more losses every year, due to damage, theft, downtime, and opportunity costs, than the average Florida hurricane season.

    It's not the kind of place where you like to see the name of your favorite operating system--and according to Sans Institute director Alan Paller, this quarter's software security list shows that the bad guys are out to give Microsoft some unhappy company.

    "Hackers haven't stopped attacking Microsoft products," Paller stated, "but they've started attacking everything else as well,"

    "Everything else." I briefly envisioned burning skyscrapers, streets jammed with wrecked cars and rubble, and dazed survivors waiting for marauding bands of triumphant Apes to finish the job--all because some snippet of bad code slipped through the Open Source Million Eyeball Army.

    Then I see the Sans Institute's actual list. It turns out that "everything" can sometimes mean "not much," and this is one of those times. Seven of the 12 vulnerabilities the report lists are specific to Microsoft operating systems, servers, or everyone's favorite Twins of the Apocalypse, Internet Explorer and ActiveX.

    The other five top flaws are application-specific and cover multiple platforms; one of the five is actually a three-for-one deal that covers iTunes, WinAmp, and RealPlayer. None of the vulnerabilities involve either the Linux kernel or Darwin (the command-line core of OS X), and only the media player exploit is likely to pose more than a theoretical threat to desktop users, the group most likely to mistake foolish behavior for sound security practices.

    Does this shoot down the idea that any operating system is only as secure as its ability to escape the notice of crazy people who know how to program in C? That all depends on whether Linux, or OS X for that matter, has crossed that invisible line beyond which a platform's popularity, visibility, media buzz, application support, and smug users will begin to attract a critical mass of Geeks Behaving Badly. Personally, I was ready a few months ago to assume that, even with Microsoft's less-than-stellar reputation among career computer criminals, both Linux and Mac users should begin to see more unwelcome gifts that were once addressed exclusively to their Windows-based neighbors.

    Yet as far as I can tell, it simply isn't happening. Instead of an unmistakable trend--the kind of trend that would send sales of Linux anti-virus software soaring by orders of magnitude--all I see are eddies in the data stream that may or may not suggest there's a monster lurking under the surface.

    Do my impressions match all of yours? Have you come across any statistics that, as far as you're concerned, settle the question of whether platform security can survive a few years of legitimate mass-market success? And is Linux, or any other non-Windows OS, popular enough to put this theory to the only test that matters?

    Send me what you have, and tell me what you make of it--and if the pieces fit together, we can all gawk together at whatever turns up.

    Matthew McKenzie
    Editor, Linux Pipeline

    Keep Getting This Newsletter
    Don't let future editions of Linux Pipeline Newsletter go missing. Take a moment to add the newsletter's address to your anti-spam whitelist:

    If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.

    Top Linux News

    Intellectual-Property Threats Drive Detection Software Market
    Palamida competes with Black Duck in an emerging market competition to search for open-source code that could create intellectual property-related legal problems.

    Equal-Opportunity Evil: Mac, Linux Apps See More Attacks
    Hackers still love Windows and other Microsoft gear, but they are increasingly targeting applications running on alternative OSes, particularly Linux and Apple.

    Study: More Business Pros Sold On Firefox
    Since late 2004, Firefox has doubled its share among business professionals to around 10 percent, according to a Janco Associates study--and it could own up to 25 percent of the market segment by mid-summer.

    Ballmer Gets Pumped Up Over Sun
    No animals were harmed in the course of Steve Ballmer's pro-Sun rant during his Microsoft Management Summit last week. One of Sun's servers wasn't as lucky.

    Firefox Tops 50 Million Downloads
    Web-analytics firm reports that Firefox has captured 8.69% of the global browser market share. That represents a 0.24% increase since February. In the period between November and February, Firefox usage grew at a rate of more than 1%.

    Greenplum Debuts Open-Source Data Warehouse Software
    Startup looks to leverage PostgreSQL open-source database to compete against Teradata and Netezza.

    Apple Powers Up iMacs
    The new three iMacs feature PowerPC G5 processors with clock speeds up to 2.0GHz, include built-in Wi-Fi and Bluetooth wireless connectivity, and run Tiger, Apple's newest version of OS X.

    Opera Passes 2 Million Download Mark
    Opera Software says that its new version 8 has been downloaded 2 million times in the two weeks since its release.

    Editor's Picks

    Linux In Your Living Room?
    Personal video recorder software could give Linux a killer app in the consumer market--if PVR developers can deliver products that click with couch potatoes as well as propeller-heads.

    Two Operating Systems. One Printer? No Problem!
    A properly configured cross-platform printing environment, sharing a single printer among both Windows and Linux systems, can save a lot of time and money. We'll show you how to set it up.

    Review: OS X Tiger. It's Grrrrrrreat!
    The latest version of Apple's operating system may be the same animal as Panther, but a number of useful new features and powerful performance enhancements make it a much cooler cat.

    Nessus: A Scan Today Keeps Attackers Away
    Security audits are only as good as the tools admins use to find potential vulnerabilities--and this free, frequently updated open-source utility is one of the best.

    Voting Booth: Big Mouths In Open Source

    Cast Your Vote Now!
    We're in the third week of our poll asking for your opinion about the impact recent publicity about ill-mannered Linux and open-source enthusiasts might have on open-source businesses and public opinion.

    Tell us what you think: Are open-source fanatics a real threat to the community and to business, or just an annoying minority everyone knows not to take seriously. No empty promises of outlandish prizes this week. Vote because it's the right thing to do--and it makes me look good.

    Vote early, vote often

    Get More Out Of Linux Pipeline

    Try Linux Pipeline's RSS Feed
    Linux Pipeline's content is available via RSS feed: Get RSS link. The feed is also auto-discoverable to many RSS readers from the Linux Pipeline home page. Note: RSS feeds are not viewable in most Web browsers. You need an RSS reader, Web-based service, or plug-in to view RSS. Find out which RSS readers the Pipeline editors recommend.

    Check Out Our Linux Product Finder
    Don't reinvent the wheel. Find the right off-the-shelf product to do the job. How do you find the right one? Two words ... Product Finder:
       - Desktop Applications
       - Application Servers
       - Commercial Linux Distributions
       - Network Management
       - Web Servers

    Discover All The Pipelines
    Linux Pipeline is part of a large series of specialized IT sites from the TechWeb Network. Find out more about the Pipelines on the TechWeb Network Pipeline Publications page. Every Pipeline site has its own newsletter. Give them a try!

    Recommend This Newsletter To A Friend
    Do you have a friend or colleague who might enjoy this newsletter? Please forward it to him or her and point out the subscription page.

    ------- Advertisement -------------------
    This issue sponsored by HP. The ProLiant BL35p featuring the AMD
    Opteron(TM) Processor is optimized to run Linux. This powerful
    combination delivers uncompromising manageability, maximum
    computing density, and breakthrough power efficiencies.;15930752;11267447;h


    Manage Your Newsletter Subscription

    We take your privacy very seriously. Please review our Privacy Policy.

    Linux Pipeline Newsletter
    A free service of Linux Pipeline and the TechWeb Network.
    Copyright (c) 2004-2005 CMP Media LLC
    600 Community Drive
    Manhasset, NY 11030