Disturbing the sanctity of the Linux Church

news alert

London, UK - 2 March 2004, 16:30 GMT - Any empirical evidence pointing to a high level of online Linux breaches is immediately shot down by religious zealots as if a church had been desecrated. mi2g believes in the Open Source revolution and the safety and security that comes from peer review. However, mi2g maintains that no OS is perfect including Linux. The mi2g Intelligence Unit is made to feel like Martin Luther at the Imperial Diet of Worms in 1521 where he expressed his concerns about Catholicism but not about the Gospel of Christianity.

Martin Luther dealt the symbolic blow that began the Reformation when he nailed his Ninety-Five Theses to the door of the Wittenberg Church. That document contained an attack on papal abuses and the sale of indulgences by church officials. Linux is being adopted today as a secure operating system even by those who do not understand the basics of how to maintain it. This indulgence is encouraged by the myth that Linux is 100% secure. There is no divine right that Linux possesses of being 100% secure. Poor administration and bad configuration can lead to breaches of any Operating System (OS).

There is a widespread reluctance to accept criticism in the Linux community even when it is genuinely in regard to the scarcity of skills available to administer Open Source OS servers or desktops. The critical flaws which were identified in the Linux kernel in late February demonstrate that Linux, like any other OS, is not perfect and is on a long journey to build trust, as is Windows. However, because it is permissible to say that Windows has vulnerabilities and administrators are aware that critical patches are issued from time to time, Windows systems are maintained and kept up-to-date much more than Linux systems. This is the main reason why server breaches of Windows systems have been broadly falling over the last year.

There are shades of grey in regard to the level of vulnerability seen in Linux as in Windows, BSD and other operating systems. The sooner the Linux community accepts this, the faster it will be able to suggest and implement best practices for Linux denominated solutions and allow major project sponsors to budget appropriately for the hidden costs of training and migration.

The mi2g Intelligence Unit has noted a high level of interest from the Linux community, some of it hostile, ever since it published the results of two studies - "The World's safest Operating System" and "February breaks digital risk records worldwide" - on 19th February and 1st March 2004 respectively. Both studies came out in favour of the safety and security of BSD and Mac OS X whilst also showing Windows to be less breached at the server level than Linux.

The management of mi2g has been threatened with damage to reputation and online property unless more is preached in favour of Linux. mi2g would like to record that it carries no bias in favour of BSD or Apple Mac OS X, nor does it maintain any bias against Windows or Linux. Various allegations have been made in a variety of forums that mi2g is somehow biased in favour of proprietary software vendors. This is not true.

For the record, it should be noted that mi2g has been committed to an Open Source architecture - Linux, Apache, MySQL, PHP (LAMP) - for over six years whether it is in regard to the official web site, the Security Intelligence Products and Systems (SIPS) engine or mi2g's Bespoke Security Architecture (BSA). BSA has also integrated components from Windows and BSD alongside Linux. mi2g has implemented bio-diversity within some of the large-scale roll-outs to cut costs and to save time in retraining users.

The mi2g Intelligence Unit research shows that with the correct administration procedures, set up and appropriately configured defences it is possible to protect a Linux, Windows or BSD server from hacker attack. In most cases, the Operating System (OS) does not let the server system down but inappropriate configuration management, incapacity to prepare for the impact of third party application vulnerabilities and the maintenance of default configurations and unnecessary processes is partially responsible for the high level of attacks against a particular OS at server level.

DK Matai, Executive Chairman, went on record to state mi2g's commitment to LAMP architecture in October 2001 at IBM as well as Lloyd's of London through two talks delivered to Chief Executives within banking, insurance and reinsurance:

1. Developing the Linux business case for financial services; and
2. The coming Linux tsunami, an Open Source revolution

Judging by the way in which malware variants are spreading in early 2004, it is likely that proprietary software solutions may succumb to the equivalent of the 1665 Great Plague and then the Great Fire of London in the following year brought about in cyber space by trans-national criminal syndicates perpetrating spam, phishing scams and zombie orchestrated DDoS attacks. Within five days in 1666, the City of London was destroyed by fire. In destroying the closely packed houses - mostly wooden - and other buildings it is also thought likely that the fire finally put an end to the Great Plague that had devastated the city in the previous year, which proliferated as a result of poor hygiene and a low sense of civic responsibility. Today the global epidemics of malware - like The Great Plague - only target computer architecture of one kind and feed off social engineering ruses and poor respect for computer hygiene.

What emerged from The Great Fire of London were new best practices both in terms of building architecture as well as public policy, health and safety. The same may happen within the computing industry. Linux and the Open Source community must not lose the chance to be at the start of the new revolution post a cataclysmic cyber event by refusing to be self-critical at this stage.


Related Articles:

17th November 2004 - Full compendium of mi2g speeches released on web
12th November 2004 - Exclusive interview of DK Matai with Linux/Security Pipeline
12th November 2004 - Deep study: The ongoing Linux Attacks fallout
6th November 2004 - Experts challenge mi2g security study: mi2g response
5th November 2004 - The relativistic approach to safety - uptime versus market share
2nd November 2004 - Deep study: The world's safest computing environment
24th March 2004 - Five solutions to the rising identity theft and malware problem
19th February 2004 - The World's safest Operating System


Information Security News: mi2g defends its Linux claims - Insecure.org
mi2g defends its Linux claims - Virus.org
mi2g defends its Linux claims - The Inquirer
Interviews: DK Matai with Linux/Security Pipeline - Linuxtimes.net
Exclusive interview of DK Matai with Linux/Security Pipeline - LinuxSecurity.com
Exclusive interview of DK Matai with Linux/Security Pipeline - eBCVG IT Security
Apple's Mac OS X is much more secure than Linux or Windows - MacDailyNews
Furore over OS security survey - ITWeb
Sloppy Sysadmins Leave Linux Security Lacking - InternetWeek.com
Sloppy Sysadmins Leave Linux Security Lacking - CRN
Sloppy Admins Leave Linux Vulnerable To Security Breaches - Information Week
Linux is 'most breached' OS on the Net, security research firm says - ARNnet
Linux is 'most breached' OS on the Net, security research firm says - LinuxWorld
Linux is 'most breached' OS on the Net, security research firm says - ComputerWorld
Security company defends Linux-is-vulnerable survey - HNS
The world’s safest computing environment - TechCentral
mi2g response: Experts challenge mi2g security study - eBCVG IT Security
PC Pro: Security Company Defends Linux-is-Vulnerable Survey - linux today
Study: Linux Is Least Secure OS - WindowsITPro
Linux Most Breached OS, Says New Report - CXO Today
Survey: Mac OS X most secure, Linux least - ITWeb
Mac OS X, BSD Unix top security survey - Neowin.net
Mac OS X, BSD Unix top security survey - Computer World
Study: OS X World's Safest OS From Security Attacks - MacNewsWorld
Study Recommends Mac OS X as Safest OS - Slashdot
Mac OS X, BSD Unix top security survey - MacCentral
Security: Mac OS X Good, Linux Bad - eBCVG IT Security
Study: Apple's Mac OS X 'world's safest and most secure' operating system - MacDailyNews
Study: OS X World's Safest OS From Security Attacks - the Mac Observer
The world's safest computing environment - eBCVG IT Security
Mac OS X - 'world's safest' - Macworld Daily News
The world's safest computing environment - TechCentral

mi2g is at the leading edge of building secure on-line banking, broking and trading architectures. The principal applications of our technology are:

1. D2-Banking;
2. Digital Risk Management; and
3. Bespoke Security Architecture.

mi2g pioneers enterprise-wide security practices and technology to save time and cut cost. We enhance comparative advantage within financial services and government agencies. Our real time intelligence is deployed worldwide for contingency capability, executive decision making and strategic threat assessment.

mi2g Research Methodology: The Frequently Asked Questions (FAQ) List is available from here in pdf. Please note terms and conditions of use listed on www.mi2g.net

Full details of the latest monthly 2004 report are available and can be ordered from here. (To view contents sample please click here).

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy