Community

The Downside of Linux Popularity

hacker

Popularity is becoming a two-edged sword for Linux.

The open-source operating system has become a key component of the Internet’s infrastructure, and it’s also the foundation for the world’s largest mobile OS, Google’s Android.

Widespread use of the OS, though, has attracted the attention of hackers looking to transfer the dirty tricks previously aimed at Windows to Linux.

Last year, for example, ransomware purveyors targeted Linux. Granted, it wasn’t a very virulent strain of ransomware, but more potent versions likely will be on the way.

Meanwhile, 2016 was less than 3 weeks old when researchers discovered in the Linux kernel a bug that an attacker could exploit to take control of computers running the operating system as well as millions of Android devices.

Tempting Target

Vulnerabilities in Windows receive a lot of attention when they’re discovered, noted Russ Ernst, director of product management for vulnerability management products at Heat Software.

“Windows gets all the attention because of its market share, but three-quarters of the vulnerabilities out there are on Linux and Mac machines,” he told TechNewsWorld.

Both Linux and Apple’s OS X operating systems have connections to Unix, which was developed by AT&T.

While Windows has become the dominant operating system on the desktop, Linux has dominated in other areas, such as in data centers and mobile phones.

“Linux is used as the backbone for a lot of these cloud-hosted services,” Ernst said. “Three-quarters of the data center machines that are in Amazon Web Services, for example, are Linux-based machines. More than 50 percent of the machines in Microsoft’s Azure are Linux-based.”

Moreover, a number of widely publicized vulnerabilities in open-source technologies have set the gears in motion in the minds of digital malefactors.

“The Poodle, Heartbleed, and OpenSSL vulnerabilities opened the eyes of the black-hat community that Linux is a viable target,” Ernst said.

Better Windows Security

The pace of attacks on Linux, especially in the server environment, has quickened for several years now, noted Steve Pate, chief architect at HyTrust and author of two books on Linux.

“We’ve all known that Microsoft Windows has been the target of attackers for many years,” he told TechNewsWorld. “This was partly due to its dominance in the market, but it was also due to the bugs and flaws that were not always patched well, and because it was operated by general consumers.”

However, Windows is becoming less attractive to hackers. “Microsoft has improved the security of Windows in more recent years, making it more difficult to attack,” Pate said.

“Over the years, Windows has become a harder target to attack, and less and less of what’s connected to the Internet runs Windows,” said Christopher Budd, global threat communications manager at Trend Micro.

“Together, those make Linux a better target,” he told TechNewsWorld.

Furthermore, Android, which is Linux-based, has the leading share of the global smartphone and tablet market.

“This makes Linux an obvious target to attack for mobile devices,” Pate said.

Security Through Visibility

The father of Linux, Linus Torvalds, has been rapped for sacrificing security on the altar of performance and reliability.

However, as an open-source program, Linux security can be maintained better than competing proprietary systems, HyTrust’s Pate contended.

“There’s a lot more transparency, so there’s a lot more visibility into any of the underlying vulnerabilities that are in the components that are being shared in the platform,” he said.

“Linux is composed of the Linux kernel and an enormous array of applications,” he added. “The kernel has many, very smart people checking the new code that goes into the kernel, and it is very well tested by many individuals and organizations who ship Linux distributions.”

While the maintenance of Linux is good, its security could be better if developers working in the ecosystem embraced security from the beginning of the development life cycle, noted Rahul Kashyap, chief security architect at Bromium.

Tough Challenge

Even then, though, it’s difficult to produce pristine programs.

“There are several dynamics at play when vulnerabilities get introduced,” Kashyap told TechNewsWorld.

“Sometimes it’s too much code churn, lack of proper security testing, ill-defined review processes, architecture oversight, or just simple, genuine obscure bugs,” he noted.

“All of these add up and make it a tough challenge to secure code,” Kashyap said.

There’s no simple solution to the security challenge because the Linux and open-source ecosystem is a complex one, encompassing developers and maintainers of packages, applications and components.

“Some of them have strong security practices while others don’t,” Trend Micro’s Budd noted.

“In some cases,” he continued, “we’re finding that there are dark, dusty corners that the many eyeballs just aren’t looking in. The Bash Shell vulnerability demonstrated that.”

The Bash Shell, or GNU Bourne Again Shell, the vulnerability made headlines in 2014. Its danger lay in the numerous ways Bash could be called by applications.

Expect More Malware

System defenders can expect more attacks on Linux this year as more organizations become converts to cloud computing, noted Heat Software’s Ernst.

“More and more in the enterprise, it’s being accepted to have corporate data stored outside of your own network and in the cloud,” he said.

“A lot of those cloud-hosted services are using Linux in the back end, so it becomes a ripe target for bad guys who go where the data is,” Ernst continued.

“We will also hear more this year about attacks on Android mobile devices,” he added.

“The majority of devices out there are Android devices,” Ernst said, “so there’s ample opportunity for writing malware that can be written once and used to infect many devices.”

John P. Mello Jr.

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

1 Comment

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Community

LinuxInsider Channels