February 2nd, 2006

Thinking about Linux security

Posted by Paul Murphy @ 5:00 am

Categories: General, Linux, Security

Tags:

Last week, I read an interesting techtarget article (registration required) Windows-to-Linux desktop migration tips: Why to switch, how to plan by editor Jan Stafford. Here’s her lead and a couple of other paragraphs that give you gist of the argument:

Businesses should switch from Windows to Linux desktops because Linux’s technology is superior, according to Jon Walker, CTO of Versora .

…

It’s great that Linux is an open source platform, but that’s not the main reason why businesses should switch their desktops to it, Walker said. He quoted Paul Graham — programmer, author and inventor of the first Web application — who said: "Users don’t switch from Explorer to Firefox because they want to hack the source. They switch because it’s a better browser."

Walker thinks that Linux’s stronger security tips the scales in its favor as an enterprise desktop operating system (OS).

Linux developers have taken almost the opposite approach to security to what Microsoft has, said Walker. Linux code is open to everyone, so vulnerabilities are spotted quickly and breaches are attacked and fixed rapidly by thousands of developers. The code itself is streamlined, simple, up-to-date and designed for use in enterprise settings, making it easier to secure.

It’s a pretty good article, but I don’t agree with her interviewee’s interpretation of the security issue.

Basically Walker says that the Linux community works in the open, on a clean code base, and responds very quickly while Microsoft works in secret, on a muddled code base, and responds slowly. He’s right, but that’s not the essence of the issue.

In my opinion the most important difference is conceptual, not a matter of response or openness, but one of fundamental design. The Microsoft community’s response to virus and other attacks is fundamentally to defeat exploits after the fact, the Unix approach is to eliminate the exploit opportunity.

Thus the Microsoft community loads anti-virus scanners on its PCs, scans files, and "fixes" or deletes affected files to eliminate the danger these pose. In effect, they let fully armed bad guys into the house hoping to recognize and massacre them before they can commit harm.

The general Unix community, in contrast, fixes the underlying OS or application code to make it difficult or impossible for an exploit to work –rendering any bad guys in the house fundamentally harmless.

The downside of the Microsoft approach, of course, is that new attacks can’t be recognized, defences become increasingly burdensome -virus scanners now search for more than 40,000 attack signatures- and every new idea gets at least one free run -a classic case of closing the barn door each time someone notices that the horse has been stolen.

Unix, including Linux, simply doesn’t do that -by making the system proof against every new attack that comes along we create a situation where Unix becomes stronger each time it’s attacked, and the whole virus scanning idea remains fundamentally inapplicable