Lock in to security



Eddie Bleasdale

There has been a debate in Computer Weekly around claims that there are viruses affecting Linux. However, some of the fundamental issues that must be resolved for organisations to achieve secure e-business have not been addressed.

It is not possible to have firewalls and virus scanners for mobile devices. The first viruses for Wap have occurred because security is an "optional extra". Public unease about security could scupper e-business rapidly.

Identifying who remote users are and authenticating them can be achieved, in part, by using public key cryptography. However, encrypting e-mails renders anti-virus scanning software useless. So, what is the long-term solution?

When code is executed that has been received over the Internet the security of our system is threatened. While there are no effective controls that prevent unauthorised code being executed on computers running Microsoft Windows, there are the necessary controls in Linux - hence the reduced security threat and the lack of viruses.

However, to increase the level of security where encrypted e-mails contain executable code, then only e-mails that have come from a known person should be executed. Similarly, when downloading software from remote sites, the files should be signed and should have a checksum to ensure the software comes from a known and trusted source.

The Open Source community must not smugly say viruses are no threat to Linux/Unix. It must ensure that this situation remains the case. That said, there is no place for anti-virus software that simply scans e-mails in the world of secure, mobile e-business.

Eddie Bleasdale is director of netproject

Read more on IT risk management