"Is Linux a net security risk?"

[kw <tattooma () ADRIC GENOCIDE2600 COM>]

Never in my life have I seen such a high degree of utter fucking bullshit
in one single article.  I am not even going to bother countering on a
point-by-point basis.  I expected this level of crap to come only from the
White House, DoJ, and FBI.

--
ken williams


http://www.idg.net/ic_186624_1794_9-10000.html

Is Linux a net security risk?
By Helen Han


SYDNEY, 7 June, 2000 - A SANS Institute of America report has named Linux
and Unix operated sites as more vulnerable to internet attacks than
Windows and Mac powered sites.

Compiled by US industry, government, and academics, the June 1 paper,
titled How to Eliminate the Ten Most Critical Internet Security Threats:
The Experts' Consensus, names versions of Unix and Linux systems in nine
out of a "top ten" list of security vulnerabilities for operating systems
that engineers "need to eliminate".

Dean Stockwell, director of sales and support, Network Associates
Asia-Pacific, dismissed SANS's report as "skewed".

"Virus peddlers target the most popular system," said Stockwell. These
happen to be Unix or Linux in the enterprise space, he believes.

"Most hackers graduate from Unix and Linux platforms. They know them
intimately. They don't try to exploit them," Stockwell said.

Fifteen per cent of Australian organisations use a Linux system somewhere
in their network server infrastructure, according to Rolf Jester, regional
director of market services, Gartner Asia-Pacific.

Moreover, Stockwell suggested that local "up and coming" IT administrators
are being trained in Unix or Linux platforms.

Stockwell also observed an "anti-Microsoft camp growing in Australia.
They're turning to more stable platforms," he said, declining to name
alternative brands.

A spokesperson from Sydney IT consultancy startup Working Technology
begged to differ. "Unix and Linux are the geek operating systems," the
representative said. "Windows NT is supported by 90 to 100 per cent of
developers worldwide."

So how does network security health rate in Australia?

"Security is not a high enough priority for IT networks here," Stockwell
said. "We're concerned about Y2K and GST problems. Security is priority
two or three. It needs to be number one."

Stockwell attributes the perceived negligence to corporate Australia's
"lack of best practices" and increasingly "busy" IT departments.

"To apply a security patch to any software literally takes minutes," he
said. "I've often had to do it myself."

His advice to ensure Australian businesses are safe from network attack
via the net is to enforce a policy of mandatory systems testing,
particularly for file servers and mail servers, and committing to regular
upgrading.

Industry ignorance to IT security threats are dire to the economy,
Stockwell warned.

He pointed to the fallout from the notorious I Love You virus as an
expensive example of a country unprepared for a "simple" security attack
"written by a student in a matter of days".

The Love Bug cost Australian business an estimated $1.5 billion in
down-time over four days.

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".