Published in News

Vaughan-Nichols loses his rag over Linux reporting

by on28 August 2020


Stop saying it is insecure, it is administers who are morans 

Veteran tech writer Steven J. Vaughan-Nichols has lost his rag over stories claiming that Linux is less secure than other operating systems.

“Generally speaking, Linux is more secure than its competitors. You couldn't tell that from recent headlines which harp on how insecure Linux is. But, if you take a closer look, you'll find most -- not all, but most -- of these stories are bogus.”

He said that reporting of the Boothole security hole sounded downright scary. You could get root access on any system, but it turns out that an attacker needs admin access for their exploit to do the dirty work.

Vaughan-Nichols points out that if an attacker has root access to your system, you already have real trouble. So the problem was real, albeit only really dangerous to an already hacked system.

He said that several Linux distributors botched the initial fix so their systems wouldn't boot which is one of the problems when people panic and fixg something in a hurry.

“In another recent case, the FBI and NSA released a security alert about Russian malware, Drovorub. This program uses unsigned Linux kernel modules to attack systems. True, as McAfee CTO, Steve Grobman said, "The United States is a target-rich environment for potential cyber-attacks," but is production Linux run by anyone with a clue really in danger from it? I don't think so”, Vaughan-Nichols said.

First, this malware can only work on Linux distributions running the Linux 3.6.x  kernel or earlier. Guess what? The Linux 3.6 kernel was released eight years ago.

“I suppose if you're still running the obsolete Red Hat Enterprise Linux (RHEL) 6 you might have to worry. Of course, the fix for signing Linux kernel modules has been available for RHEL 6 since 2012.  Besides, most people are using Linux distros that are a wee bit newer than that.”

Vaughan-Nichols  said that there was a security problem with Linux but it is a “Problem Exists Between keyboard And chair (PEBKAC) issue”.

“So yes, if you have a complete idiot as a system administrator, you've got real trouble, but you can't blame Linux for it.” 

Whether you're running Windows Server, Linux, NetBSD, whatever on your mission-critical systems, if you utterly fail at security, it doesn't matter how "secure" your operating system is. It's like leaving your car keys in an unlocked car, your system will be hacked, your car will be stolen, he said.

 

Last modified on 28 August 2020
Rate this item
(7 votes)

Read more about: