Analysts: Security flaws won't undermine Linux

User confidence in the security of Linux operating systems should not be affected by the two potential security vulnerabilities...

User confidence in the security of Linux operating systems should not be affected by the two potential security vulnerabilities affecting the affecting the open source operating system that have surfaced in the past three weeks, according to analysts.

Last week, a security flaw affecting Linux was found in the widely used zlib file compression library, which helps speed network file transfers. The flaw in a memory allocation routine could provide a path for an attacker to send malicious code and take root control of the machine.

Three weeks ago, vulnerability was reported in a Netfilter firewall component used in various versions of the Linux kernel that could result in open ports that would allow intrusions by hackers.

"There's a period of shakeout that every [operating system] goes through," said Eric Hemmendinger, an analyst at Aberdeen Group. "I don't think this will cause people to say, 'Oops, this isn't what we thought it would be'."

Many other widely used operating systems, including IBM's mainframe software, commercial Unix products and Microsoft's Windows NT, have "gone through a period of security vulnerability issues, but they've been resolved," Hemmendinger said. "IBM went through this period, and they put it behind them."

Alan Paller, research director at the SANS Institute, a non-profit US security group, said it is not a surprise that more vulnerabilities are showing up in Linux, since the operating system is being used more widely in corporate computing. The larger deployment of the operating system means more problems are likely to be seen in larger numbers, Paller said.

Dan Kusnetzky, an analyst at researchers IDC, said the true measure of the problem is not whether security issues crop up, but how quickly they are resolved.

"There is no such thing as an unbreakable product," Kusnetzky said. Instead, users are more interested in whether their Linux vendors take quick action to announce and post fixes for new vulnerabilities, he said. "The fact that something has shown up is not a major negative [for Linux]."

Read more on Operating systems software