The Linux Letter for March
Hello fellow computors!
I know, it's been quite a while since the last Letter.
Unfortunately, the realities of school, job and family (not
necessarily in that order) have taken their toll. But enough of
that...let's jump into the world of Linux.
You may have noticed over the past couple of
months that a number of security holes have popped up in several
Linux applications and components. Problems with Sendmail
and zlib are probably the most recent. A friend of mine asked me
if I thought that this meant that Linux had some serious
security issues. My answer to him, and to others who raise the
question is that I don't think that Linux is any less secure now
than it's ever been. I guess that sounds like circular
reasoning, but actually I think that Linux, as a network
operating system is one of the most secure and reliable ones, as
long as it is configured correctly. And that's what I want to
talk about in this Letter.
I use RedHat Linux, primarily because it's what I've been using
for so long, but also because I find that it is easy to
configure and includes an updating feature. Also, since the
latest version (7.2 as of this writing) I think that RedHat has
paid much more attention to security related issues. In
particular, the default installation of the software turns off
much of the unnecessary server functionality. After all, if
you're running Linux on the desktop, you probably don't need an
ftp or telnet server running, right? In my mind, every
service that your system makes available on the Internet is just
one more opportunity for your system to be exploited, and not in
your favor, either!
I haven't had the opportunity to try out the firewall features
in RedHat 7.2, but I do think that the inclusion of that sort of
thing is a very good thing. Even if it's used as nothing more
than a personal firewall, a la ZoneAlarm, some protection and
awareness is better than none.
But what about the security issues? I'm not going to compare
Linux's with any other operating system's problems...that's been
done ad nauseum. But I do think that when these kind of problems
pop up on an open source platform, fixes happen much more
quickly. Maybe there are political reasons (no need to create
the right spin or point fingers) or maybe it's just that
nebulous "pride of creation" thing, where a programmer quickly
fixes the problem in "his" software out of a sense of rightness.
Nonetheless, problems do get fixed, and, it seems to me,
quickly. No, I don't have any scientific evidence to back this
up...just anecdotal, from reports I've read and people I've
But here's the crux of the situation: If a program has a
vulnerability and a patch or update is issued, it's up to you to
install it and keep your system secure. Microsoft certainly has
a great thing going with their Windows Update feature. I'll
admit that I let Windows XP's update feature take care of its
business in the background. But what about Linux?
RedHat offers the RedHat Network (RHN). RHN works using either a
desktop application or a daemon to allow you to download and
install the latest updates. The hitch is that the program costs
money. It's not a lot, maybe 5 bucks a month, but it does cost.
The benefit, of course, is that you
don't have to do all of the work to keep your system current and
(hopefully) secure. The drawback is, of course, that it costs
money. Obviously programs like this cost money to implement and
run. Microsoft can support its update program by including its
costs in the price of their software. Since much of
RedHat's software is given away for free, it's a little more
difficult to provide that service for nothing.
I'm not aware of any other Linux distribution that has this sort
of update feature. Somebody else probably does something
similar, and I'm sure I'll hear about it in the next few days.
RedHat's RHN works with versions of their
operating system from 6.2 to the latest. You can try out a
limited version by heading over to <https://rhn.redhat.com>.
Don't be a victim of a security breach...no
matter what operating system you use, it's absolutely critical
to keep your system current!