A Response to "What Are The Issues With Open Source Linux?"

Posted by Scott_Ruecker on Dec 9, 2008 8:33 AM EST
LXer Linux News; By tracyanne
Mail this story
Print this story

LXer Feature: 09-Dec-2008

A point by point response to an article on Hackingalert.com entitled "What Are The Issues With Open Source Linux?" that hit our newswire yesterday.

What Are The Issues With Open Source Linux?

FUD:: The main difference between Linux and Windows is that Linux is open source and windows are closed source. So? Well, that means that only Microsoft is authorized to change any part of the code of the Windows operating system. While in Linux, anyone can change it.

Response:: Yes anyone capable of doing so can change the source code for any Free and Open Source application (in fact I can do that right now), including the kernel. Please explain to me how they are going to manage to get those changes into the kernel, or any other FOSS repository, and therefore into the down stream distributions?

FUD:: The other problem is that the Linux Operating System doesn't receive the same level of support as Windows does. That means that updates and security packages are released with each new version of the Operating System (OS), but not as periodic updates as in the case of Windows XP's Windows Update.

Response:: All Linux distributions have regular security patches released to the update repositories, for that distribution, as soon as the patch is ready. Sometimes that is within hours of the vulnerability being discovered (unlike Windows, where there may be weeks or months or even years, and then the patch is only released on cycle, so it may be several days to weeks before the patch is released, even after it has been completed.)

FUD::That means that the user will have to be the one responsible for checking for the updates instead of trusting this matter to an organization. So, a user could pass long periods of time without knowing that his OS has an important security failure that could compromise his work or even the security of his network.

Response:: Absolute rubbish, the Distribution's package manager informs you the moment a security patch becomes available, and on most, you can choose to have the patch install automatically, and whether you choose auto install, or manual, you hardly notice, as it's never necessary that you reboot, as one must do constantly on Windows.

FUD:: The only way to contra rest this inconvenient, is buying support from a determined Linux OS provider, like Red Hat. For an annual fee, they will provide you with important information on the different bugs that have been found in the OS and that need to be fixed.

Response:: Absolute and total nonsense, see above.

FUD:: If you choose otherwise, you will spend a long time inside forums talking to Linux experts around the world. If that isn't the core competence of your business, why should you spend that time doing it? That's one of the main arguments that Microsoft uses when comparing it's OS with open source OS's.

Response:: Absolute and total nonsense. Linux requires far far less maintenance than Windows. most people rarely have to spend time on line finding solutions to problems. I sell pre installed Linux, I should know, I have almost zero call outs for maintenance and assistance for the Linux boxes I sell. The biggest maintenance problem I have to deal with is the Windows boxes of the Windows users who won't upgrade to Linux.

What Are The Vulnerabilities?

FUD:: The main vulnerability of Linux OS is that anyone can access the code of the operating system. And, if you are not savvy enough with the programming code like hackers are. You only need to search for the correct free Linux hacking tool and you will be able to get inside in no time.

Response:: Total nonsense. Almost 100% of compromised Linux boxes are caused by the System Administrator, the person who manages the root password, setting up a system with a weak password. Other attempts to break into Linux systems leave the attacker in an area where they can do minimal, at best damage, such as defacing a website, and they never ever gain access to the root account (unlike Windows where almost every successful incursion results in the hijacking of critical system files). Having access to the source code to the Linux kernel, or any of the GNU Tools that make up the GNU/Linux operating system, gains you nothing.

FUD:: The other problem is that many of the drivers made for determined hardware. Let's say, a printer is not created by people who have security in mind. This is specially important for a company who do not wish to find it's intellectual property is stolen each time they send something to the printing room.

Response:: In kernel Device drivers, which is to say almost all of the device drivers, are developed by people who are allowed to contribute to the Linux kernel. Their code is vetted by serious professional coders, all the way up to Linus Torvalds, who is responsible for the Linux kernel (he created it, after all), it's security, and the security of the drivers. all code submitted to the Linux kernel goes through serious and rigorous testing via 4 to 5 levels of kernel developers.

FUD:: So, after all of these possible loopholes inside Linux OS, you should consider using a version that has been designed with security in mind. Check EnGarde Secure Linux and find more about this variation of Linux OS.

Response:: All Linux distributions are developed with security, not only in mind, but at the forefront of the development process. Linux is intrinsically secure, it does not require after market software to make it function as advertised, unlike Microsoft Windows, where security is an add on expense.

What Is Kernel Hacking?

Doesn't actually answer the question:: The kernel is the software inside a computer that is in charge of maintaining an adequate communication between the hardware and the rest of the software. One of the strong points among the Linux community is that the kernel of a Linux OS can be altered. And for what reason? The two main motives are fixing any problem that may arise and increase the efficiency of a driver responsible for managing a determined piece of hardware.

Response:: Kernel Hacking is what the developers of Linux kernel do, they call themselves Hackers, in the original meaning of the term Hacker, which means to write software to achieve a purpose. Not in the way you use the term Hacker, which basically means criminal

» Read more about: Story Type: LXer Features; Groups: Community, EnGarde, GNU, Kernel, Linux, Microsoft, Red Hat

« Return to the newswire homepage

Subject Topic Starter Replies Views Last Post
I sent a copy of this to hackeralert.com tracyanne 4 2,449 Dec 11, 2008 2:40 PM

You cannot post until you login.