An exercise for the reader: what is wrong with this picture? Laura DiDio is also known to the Linux community for her statements to the effect that SCO has a serious case. But the question here is different -- does the underlying OS make any difference to security? If not, is there a reason to care about such useless innovations as SELinux? Or should we simply take Ms. DiDio's advice: "Don't even argue those merits. Every piece of software that is connected is potentially vulnerable and at risk." . . .
The old adage about there being "safety in numbers" no longer applies, at least not in the world of IT security. Microsoft platforms are not only the most widespread, but also the most attacked. About that much, most -- but not all -- commentators agree.

The mi2g Intelligence Unit , a UK-based security consultancy, issued three bulletins recently. One suggested that direct attacks -- as opposed to worms or viruses -- on Linux-based servers were on the rise and had for the first time outstripped those directed at Microsoft platforms. Microsoft systems were still found to be the major targets of malware.

An equally interesting claim came next: After examining more than 17,000 attacks in January and again in February, mi2g Intelligence Unit concluded that when it comes to direct attacks, "the world's safest and most secure online server operating system is proving to be the Open Source family of BSD (Berkley Software Distribution) and the Mac OS X based on Darwin."

Several Questions

Several questions suggest themselves immediately: Is it true, how do you know, and can any such judgment even be meaningful?

The third question must be answered before tackling the others, and Laura DiDio, senior analyst at the Yankee Group, suggested that the answer is no. "Overall," she said, "no operating system or piece of software is going to be inherently more secure than another."
She said she agrees, however, with the parts of mi2g's reports that attribute greater Linux insecurity to administration woes. They cite a widespread lack of "training and knowledge on how to keep that environment secure when running vulnerable third-party applications."

"You could have a very fortress-like system," DiDio told TechNewsWorld, "but all that security goes to hell in a handbasket if it is not administered correctly. The human element cannot be discounted. I would say that's 51 percent of the equation to 49 percent inherent security."

The link for this article located at technewsworld.com is no longer available.