Linux proponents often say that Linux is safer than Windows, and in some respects, it’s true. Linux is inherently more secure than most versions of Windows. Actual Linux viruses are rare, since it’s very difficult for them to propagate. It’s also much more difficult to hide malicious activity on Linux systems than it is on Windows systems.
But don’t be fooled: Linux is not invulnerable. Now that it’s the basis for Mac OS X, and generally growing in popularity, Linux has become much more of a target. The Linux kernel currently sits at the top of the CVEDetails Top 50 products with distinct vulnerabilities list, with Mac OS X at number four and Windows XP at the fifth spot.
Not all vulnerabilities are exploited. Many exploits are never seen outside of research labs. Serious Linux vulnerabilities that are exploited ‘in the wild’ usually see patches within days of discovery.
A large proportion of the world’s web servers run Linux; a single compromised Linux server can affect all web visitors, so keeping them patched and clean is critical. But there seems to be a certain amount of complacency among some Linux system administrators, and Linux servers often stay unpatched and/or misconfigured for long periods of time, providing windows of opportunity for targeted attacks. Worse still, the reliability of Linux servers is such that Internet-facing servers are sometimes neglected completely.
Several recent stories highlight these issues.
A critical bug in the GnuTLS library, common to most Linux distributions, allows malicious parties to bypass security measures and eavesdrop on encrypted communication. This bug may have existed as far back as 2005. A patch for the GnuTLS vulnerability was made available in early March 2014.
The Windigo malware has been around since about 2011. It lies in wait on Linux web servers, infecting Windows visitors with malware, redirecting visitors to malicious web sites, serving ads for porn sites, and sending out spam. Typically, Windigo is installed on Linux servers by way of stolen credentials, rather than software vulnerabilities and related exploits. As many as 35,000 Linux servers have been affected, including high profile sites like kernel.org. Since the affected Linux systems are typically web servers, Windigo’s reach is potentially huge.
An extremely critical vulnerability in PHP that was discovered two years ago remains unpatched on many Linux servers. Exploits designed to take advantage of this bug can give attackers control of entire web sites. A patch for this vulnerability was made available soon after discovery of the bug.
Sites running out of date versions of Linux are susceptible to a new mass compromise that is taking over web sites and serving up fraudulent web pages and advertisements.
The lesson is that while Linux is a secure operating system, it must be kept patched to be truly secure. In particular, anyone administering a Linux-based web server has a responsibility to the Internet in general to keep their server patched.