Communications of the ACM
Net of Insecurity: The Kernel of the Argument
Critics warn of persistent security weaknesses that should have been corrected long ago in the Linux operating system.
Credit: The Washington Post
The Linux operating system has come to dominate the online world, but critics increasingly warn of persistent security weaknesses that should have been corrected long ago.
Linux creator Linus Torvalds has argued against adding more security features, claiming the OS' performance and reliability would suffer; yet even supporters are worried about vulnerabilities in the kernel, and also complain Torvalds' security stance is too passive.
Bugs exploited by hackers in recent years did not involve the kernel itself, but experts caution the kernel is being targeted by malefactors building botnets, and is also attracting the interest of government spies as Linux has proliferated.
Critics say attempts to harden Linux's defenses depended on surrounding the OS with barriers that could not possibly deter all attackers. Torvalds responds that his critics poorly understand the fact that security must always be weighed against priorities that include speed, flexibility, and ease of use. He also opposes the practice of publicly warning users of bugs, which gives malicious hackers an advantage until the software patches are issued.Instead of creating protections against "classes" of code defects, Torvalds advocates better coding overall.
The decentralized Linux development process also is cited by critics, as no systemic mechanism for spotting and fixing bugs before hackers discover them exists.
From The Washington Post
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found