Hard-hitting IT columnist Simon Moores gives his personal take on
the hot issue of the day.Security - or, should I say, insecurity -
once again rears its head. Slapper has been doing the rounds, and
then there was the much-publicised launch of the Nectar Web site.
Or, more accurately, there wasn't, as the nectar.com loyalty card
site collapsed under the strain of registrations.
Unless you happen to be using Linux, then you have nothing to fear
from a Slapper attack. But hold on a second, I hear you say, I
thought Linux offered a more secure environment than Windows, so
what's this about Linux being handbagged?
Linux devotees claim it is more secure than Windows and, as Eddie
Bleasdale of Net Project points out, Slapper is a worm and not a
virus. And Linux is vulnerable, like any OS, to implementation
defects, in this case, not patching a known OpenSSL vulnerability,
leaving the door wide open to a distributed denial-of-service
(DDoS) attack. This, in turn, gobbled up bandwidth rather than
destroying data, in much the same way as a virus.
But if you happen to be responsible for Linux or even Windows
server implementations, you know you're going to be shot at by
someone, and life today as an IT manager often seems to mirror the
desperate defensive action of the soldiers defending a crashed
helicopter in the film
Black Hawk Down.
Microsoft, the Linux faction - and even The White House - might
stress that you have to stay constantly on top of the security
updates. If you have a mixed environment, Apache and Windows 2000
Servers, then you probably see perimeter defence as a full-time
responsibility, as the problems, like the t0rn rootkit for
attacking Linux implementations, keep on coming.
"No organisation can keep pace with the rate of change that
Microsoft is imposing upon the desktop," says Bleasdale. So while
moving over to Linux might not offer perfect peace of mind,
Bleasdale claims the future risks are considerably less than those
associated with remaining in the same foxhole with Windows.
As you might expect, Microsoft's chief security officer (UK) Stuart
Okin doesn't share Bleasdale's harsh view of the Microsoft world.
"It's not about the vulnerabilities alone," says Okin, "it's about
how you manage them, how you deal with them and who is
accountable."
Okin insists that in a properly managed environment, following
"best practice for people process and technology", Microsoft's
products are as secure as anyone else's.
"Look at the CERT.org Web site for evidence", he says, "There are
as many security advisories published for Linux as there are for
Windows".
If, after reading this, you decide swapping one trench under fire
for another isn't a great idea, then who could blame you?
What is your view?
Who is responsible for keeping an OS
secure - the manufacturer or the user? Tell us in an e-mail
>>
CW360.com reserves the right to edit and publish
answers on the Web site. Please state if your answer is not for
publication.
ZentelligenceSetting the world to rights with the collected thoughts and
opinions of the futurist writer, broadcaster and Computer Weekly
columnist Simon Moores.