Security threat from open software

By Simon Aughton

Posted on 18 Nov 2002 at 12:12

Open source software used in Unix and Linux systems is now the main source of security vulnerabilities, according to a new report.

Microsoft products are no longer subject to the greatest number of security advisories published by CERT, the Computer Emergency Response Team.

In the first 10 months of 2002 16 of the 29 vulnerabilities reported by CERT were related to Unix-based software. In the same period it issued no virus or trojan warnings for Microsoft products, compared with a peak of six warnings in 2001.

Analysts Jim Hurley and Eric Hemmendinger from the Aberdeen Group, who collated the data, report that, 'Cert's data contravenes some popular myths that are common among the pundits and the press. Contrary to popular misperception, Microsoft does not have the worst track record when it comes to security vulnerabilities. Also contrary to popular wisdom, Unix- and Linux-based systems are just as vulnerable to viruses, Trojan horses, and worms.'

As a result, they say, 'the incorporation of open source software in routers, Web server software, firewalls, databases, Internet chat software, and security software is turning most Internet-aware computing devices and applications into possible infectious carriers.'

They also have a word of warning for Apple, whose new Mac OS X operating system is Unix based. 'Apple's products are now just as vulnerable, now that it is fielding an operating system with embedded Internet protocols and Unix utilities.'