Linux Is a Bastion of Security, Users Report
Although Linux users often tout the low cost, efficiency and availability of that operating system, there is another, less-contemplated advantage in using it: It seems Linux is a veritable cyber-fortress. In Evans Data’s Summer 2004 Linux Development Survey, less than one-fourth of respondents said their system had ever been hacked.
The poll numbers, which were released last month, were obtained from approximately 500 Linux users. Of the respondents, 78 percent said their operating system had never been hacked. Additionally, 92 percent said their system had never been infected with a virus. The numbers contrast sharply with the figures from Evans Data’s Spring 2004 North America Development Survey, in which nearly 60 percent of respondents–all of whom were non-Linux users–said they’d had a network or Internet security breach in the past year alone.
The Linux security findings are even more remarkable when the attacks on the system are examined more thoroughly. Most of the successful attempts at attacking Linux worked due to improperly configured security settings, including server firewalls being set up incorrectly or not at all. As Evans Data Corp. experts point out, any operating system with an inadequate or nonexistent arrangement of security measures is highly vulnerable to attack. In addition, nearly a fourth of the successful attacks were inside jobs, conducted by users with authorized login IDs.
Despite its inauspicious beginnings in 1991 as the “hobby” of Helsinki, Finland-native Linus Torvalds, Linux is quickly becoming a popular operating system among businesses and government agencies. Nonetheless, it remains far behind market-leader Microsoft Windows in usage. The fact that Linux users still are relatively uncommon may explain in part why attacks on their systems are sporadic and frequently fail.
However, as Evans Data’s Linux analyst Nicholas Petreley indicates, there is another very compelling and simple explanation as to why Linux is so secure: The code is the key. Because of the substantial amount of attention paid to the Linux code, fewer breaches occur.
For more information on the survey, see http://www.evansdata.com/n2/pr/releases/Linux04_02.shtml.