Wednesday, July 4, 2007

Security Concerns In Linux

Part of the reason I am switching to Linux is, from what I have been told, it is superior to Microsoft Windows in the area of security. I think the reason is at least twofold.

1. People are out to get Microsoft i.e. trojans, viruses, and spyware. Of course when considering the effects of micro-evolution, this only means one thing for Microsoft: it WILL become a better OS. It is inevitable; if Microsoft wants to continue to be a viable secure OS for home and especially business use, Windows will have to continue to improve (evolve) or it will fail. Failure does not make money, therefore Microsoft will spend money to make a better piece of software, bottom line. Moreover, the reverse implication to Linux is true. People are NOT out to get Linux. There are no trojans, viruses and spyware to speak of in the Linux world.

2. The second reason why I believe Linux is superior to Microsoft Windows in the area of security is due to two things. First, there are so many distributions available it makes it difficult for someone with malicious intent to target a large populace because the user base is distributed over different types of Linux OSs. Second, Linux is Open Source. You would have to have many (many) people involved, from different backgrounds, cultures, values, countries, languages to "hide" a security hole in Linux. Even the most paranoid conspiracy theorist would have a hard time developing a theory about "those behind the Linux MACHINE".

As I contemplated these strengths in Linux, I realized something: these strengths are due to the environment in which Linux exists and not something that is necessarily inherent in the actual operating system itself. In other words, if the situation was reversed, if Linux was the major operating system everyone was after, would it stand up to the malicious users as well as Microsoft Windows? I think this is a question worth a serious answer. This is a question to which that I cannot even venture a guess, since I am still brand new to Linux. (Anyone... Anyone... Bueller... Bueller...)

Some would argue that the built-in firewall should be examined when comparing any Linux distribution to Microsoft Windows. I would agree that the default firewall in Microsoft Windows is a poor excuse for a firewall compared to IPTables, BUT third-party firewalls, from what I see, are BETTER than IPTables. Here is why.

Application Control.

I am a user of Outpost Firewall. It is a 3rd-party software firewall developed specifically for Microsoft Windows. I am not here to pitch this software, but I believe in it; that's why I bought it. When you install Outpost, there are few ways you can set it up and I configured it in the most paranoid way possible. ;P This piece of software monitors ALL the network activity coming from my computer, and it allows NOTHING to access even my router unless I say OK. There are automatic settings but I configure everything manually. I can even block Outpost itself from accessing the internet (which does not effect its operation except for updates). I keep Windows XP Pro locked down pretty tight. SVCHOST does not report back to Microsoft because I locked it down to only talk to my router and deal with my DNS. (BTW, if you didn't know, Microsoft has been taking "anonymous" stats from your computer since your first installation of XP.)

All that said, I want my application control on Linux. I will be honest; I do not trust anyone I do not know personally. I like Ubuntu, and from what I can tell the organization is an honorable group. However, I do not know the internal workings of the company, and because of my lack of knowledge, I would prefer to have a little MORE knowledge of what my OS is doing. Things like: when it accesses the internet, why it does, how it does, the duration of the contact, so on and so forth.

I am still learning what IPTables can do. Perhaps packet filtering in the hands of a knowledgeable person would put my application control-based firewall to shame. But I don't know. I like that I can watch what my computer is doing through Outpost. Honesty, Outpost is the ONLY reason I still use my Windows partition. (Well, that and the multitude of games I have.) Maybe someone who reads this article could point me in the right direction. I have read up on IPTables to a degree, tried Firestarter and Guarddog, but in the end uninstalled them. I'm happy behind my stealthy Linksys router without any firewall configured, for now.

No comments: