Thought for the day:The OS security dilemma

Hard-hitting IT columnist Simon Moores gives his personal take on the hot issue of the day.Security - or, should I say,...

Hard-hitting IT columnist Simon Moores gives his personal take on the hot issue of the day.Security - or, should I say, insecurity - once again rears its head. Slapper has been doing the rounds, and then there was the much-publicised launch of the Nectar Web site. Or, more accurately, there wasn't, as the loyalty card site collapsed under the strain of registrations.

Unless you happen to be using Linux, then you have nothing to fear from a Slapper attack. But hold on a second, I hear you say, I thought Linux offered a more secure environment than Windows, so what's this about Linux being handbagged?

Linux devotees claim it is more secure than Windows and, as Eddie Bleasdale of Net Project points out, Slapper is a worm and not a virus. And Linux is vulnerable, like any OS, to implementation defects, in this case, not patching a known OpenSSL vulnerability, leaving the door wide open to a distributed denial-of-service (DDoS) attack. This, in turn, gobbled up bandwidth rather than destroying data, in much the same way as a virus.

But if you happen to be responsible for Linux or even Windows server implementations, you know you're going to be shot at by someone, and life today as an IT manager often seems to mirror the desperate defensive action of the soldiers defending a crashed helicopter in the film Black Hawk Down.

Microsoft, the Linux faction - and even The White House - might stress that you have to stay constantly on top of the security updates. If you have a mixed environment, Apache and Windows 2000 Servers, then you probably see perimeter defence as a full-time responsibility, as the problems, like the t0rn rootkit for attacking Linux implementations, keep on coming.

"No organisation can keep pace with the rate of change that Microsoft is imposing upon the desktop," says Bleasdale. So while moving over to Linux might not offer perfect peace of mind, Bleasdale claims the future risks are considerably less than those associated with remaining in the same foxhole with Windows.

As you might expect, Microsoft's chief security officer (UK) Stuart Okin doesn't share Bleasdale's harsh view of the Microsoft world. "It's not about the vulnerabilities alone," says Okin, "it's about how you manage them, how you deal with them and who is accountable."

Okin insists that in a properly managed environment, following "best practice for people process and technology", Microsoft's products are as secure as anyone else's.

"Look at the Web site for evidence", he says, "There are as many security advisories published for Linux as there are for Windows".

If, after reading this, you decide swapping one trench under fire for another isn't a great idea, then who could blame you?

What is your view?
Who is responsible for keeping an OS secure - the manufacturer or the user? Tell us in an e-mail >> reserves the right to edit and publish answers on the Web site. Please state if your answer is not for publication.

Zentelligence Setting the world to rights with the collected thoughts and opinions of the futurist writer, broadcaster and Computer Weekly columnist Simon Moores.

Read more on Operating systems software