US security firm Central Command got short shrift from UK security and Linux specialists this week after it released a statement stressing the need for virus protection on Linux systems.
The statement warned that as Linux becomes more popular as a desktop operating system, inexperienced users will fall victim to the increased attention it will receive from virus writers.
Steven Sundermeier, product manager at Central Command, said, "There is a huge purpose out there for virus protection for Linux systems."
However, Eddie Bleasdale, director of consultancy netproject, yesterday roundly dismissed Central Command's advice, saying it was as good as impossible to conduct a virus attack on a Linux system or desktop. Indeed, he said he would pay £10,000 to anyone who could infect a well-configured Linux system with a virus.
Bleasdale further opined that the Windows operating system is an intrinsically insecure system, the whole design of which gives rise to security risks that other operating systems like Linux or Mac easily avoid.
This assertion was echoed by a spokesman from UK systems security specialists Elefire. Wishing to remain anonymous due to the sensitive nature of his work, the source said, "Because Windows is so infested with viruses, we advise our clients to run three checks at a network central point and one on each desktop. With Linux systems we don't bother with virus checks because we know the system is secure."
He also pointed to the fundamental building blocks of the two systems as the reason for the disparity in their levels of vulnerability. The Windows operating system basically allows any operation possible within the constraints of the hardware it runs on, said the spokesman. This means viral attacks can easily force machines to perform damaging operations resulting in losses of data or functionality. "Windows was never designed to be secure," he said.
The Linux system is effectively configured in the opposite way, with the operating system only allowing the operations specified by the root operator (the network administrator). This means that even if a virus (or worm, as most attacks on Linux systems have been) gains access to a Linux client, it cannot actually cause any damage.
The Central Command statement also pointed out that, in mixed networks, Linux desktops could act as conduits, passing viruses between Windows desktops. While both Eddie Bleasdale and the Elefire spokesman agreed with this claim, they both argued that it neither increased nor decreased the vulnerability of Windows systems, and they should still depend on high levels of security.