Channel Marker

Jun 13 2007   2:01PM GMT

Open season on open source?

Brein Matturro Profile: Brein Matturro

It was only a matter of time.

With the recent news that a worm has infected the popular Microsoft Office alternative known as OpenOffice (across Windows, Mac and Linux platforms), some security industry watchers have begun to wring their collective hands. Because OpenOffice is the most popular office suite for Linux, some are fearful that a malware plague is about to descend upon the open source OS. Give these pundits a second, and they’ll opine that Linux’s era of “security through obscurity” is coming to an end.

Commercial Linux desktop adoption is becoming more prevalent each year, in part because of the widespread belief that Linux is a more secure and powerful platform than that competing product out of Redmond. Therefore it’s important for resellers in the networking and security space to communicate the malware facts to clients using Linux.

As I write this blog post on Linux using KWord, the KDE desktop’s native word processor, I’m not worried about a plague of Linux malware. “Proof of concept” Linux worms have been around since 1996, but all known Linux worms and viruses haven’t done much damage because they need root access to continue their life-cycle. And in the commercial Linux environment, most users have their root access shut off entirely.

But back to OpenOffice. Last August, Malte Zimmerman from Sun (chief sponsor of OpenOffice) blogged about the security issues involving OpenOffice. He noted the three ways to stop OpenOffice malware in its tracks:

  • Don’t work with admin/root rights, use them only when needed for performing certain tasks
  • Don’t run binaries that you can’t trust for some reasons.
  • Don’t execute macros in documents you receive, unless you can be sure it’s safe

Does this mean Linux and OpenOffice are impervious to malware threats? Not by a long shot — though patches are issued almost immediately by the Linux community when any exploited (or exploitable) flaw is found. And it is true that clever hackers could use the normal user account in Linux to send out spam, encrypt files with PGP or execute phishing attacks, but all this requires users to run binaries or macros from unknown sources.

The truth of the matter is that Linux is still a very secure platform. It’s the job of the resellers and systems integrators to show their clients how to keep it that way.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: