"Security warning on open source"
Karen Dearne
NOVEMBER 12, 2002
LINUX is not a more secure environment than NT or Windows, Internet Security Systems chief technology officer Chris Klaus warns.
"Linux has just as many security holes as Windows in terms of how often we see vulnerabilities appearing,'' Mr Klaus said.
"Recently there have been two major Trojan horses found in open source projects - one in Sunmail, which is the email package for most Unix systems including Linux, and the other was OpenSSH."
Technical people liked open source because they could go to the internet, grab a patch and fix problems quickly, he said.
But they failed to appreciate the huge cost of doing that across hundreds or thousands of machines in a company.
"To go in and change source code and patch might be okay on one machine - but there's a problem when you look at doing that on a much greater scale," Mr Klaus said.
"An enormous amount of vulnerabilities are appearing in Linux. Because it's open source anybody can contribute code to it - there's no central authority doing security for any new code added."
The founder of global risk management and information security solutions company Internet Security Systems (ISS) in 1994, Mr Klaus said the profile of hackers had changed.
"More attacks are being done by professionals," he said.
"It's like the old saying: why rob banks? Because that's where the money is.
"Unfortunately, the internet is now where the money is, meaning you can pretty much hack into every bank or business in the world that's connected to the internet."
Mr Klaus, who is a member of the White House Critical Infrastructure Task Force and the FBI's Infraguard Program, was in Australia last month to talk to corporate clients and government departments.
Christian R. Conrad
Microsoft is a true reflection of Bill Gates' personality - the sleaziest, most unethical, ugliest little rat's ass the world has seen unto this time. -- [link|http://z.iwethey.org/forums/render/content/show?contentid=42971|Andrew Grygus]