Linux security: setting the record straight

Silicon.com dared to publish a story last week which questioned the security of Linux (see 'Linux is a security risk, experts claim' http://www.silicon.com/a36413 ).

We quoted three industry sources, all of whom believe the open source nature of the operating system allows hackers an easy route in.

Since then, the flames have been flying. Apparently, our journalism is "irresponsible" and "biased". The people we spoke to are "pro-Microsoft".

These accusations are nonsense. The sources have no allegiance to any vendor, and we were merely reporting what they said.

If the flame writers had read the whole story, they'd have noticed we quoted a Mr Malcolm Beattie, systems programmer for Oxford University Computer Service, who said: "Far from the open source nature of the OS [Linux] posing a security problem, it is actually its best defence. It means that when a security threat is uncovered a patch normally appears within hours. With NT you can wait up to six months for an upgrade after a security hole appears."

So much for bias.

A quick search on our Web site reveals that we've mentioned Linux in over 50 news stories since the turn of the year. We published a video interview with Eric Raymond, the 'godfather' of open source, just last week (http://www.silcon.com/a36368 ).

All operating systems have holes in them. NT probably is easier to hack than Linux - we've made these points in the past.

And yet one mention of a potential flaw in the development of the open source operating system and the Linux fanatics get hot under the collar (and that's an understatement: several viewers have said they'll stop using Silicon.com because of this coverage. One posting made to online community, Slashdot, on the back of the story was very rude about our reporter's mother).

There's nothing wrong with impassioned feedback of course - we'd rather get abusive emails than hear nothing at all. But we think the irrationality which emanates from some quarters of the open source community is damaging its worthy cause.

Linux is Microsoft's biggest threat. It offers corporates a viable alternative to all things Windows - which has to be good news for users.

But the people who specify and sign-off enterprise-wide technology strategies - sometimes IT directors, often financial directors - are not likely to be attracted by such vehement rhetoric.

They are used to dealing with sober men in sober suits selling them software that everyone else is using.

If Linux is to gain ground in the corporate sector, its proponents have to start playing the corporate game. It's sad, but true: image is everything. Linux is still seen as a risk.

If three critical quotations in one Silicon.com story can provoke such rabid response, it's hardly surprising that the executives who sign the cheques get nervous when Linux is mentioned. Who should a non-expert turn to for a sensible, non-techie discussion about it?

Rational debate is the order of the day. Before that can happen, some parts of the Linux community will have to change their ways.