Kaspersky: Mac, Linux, BSD open for attack
Looming attacks will soon pop the security bubble enjoyed by Linux and Macintosh users, according to Russian security expert Eugene Kaspersky.
The co-founder of IT security company Kaspersky Labs said Linux and Mac users will be "easy targets" for hackers and malware writers over the next few years.
"Modern operating systems are flawed by design," Kaspersky said, "including OpenBSD".
"Mac and Linux are not as secure as [users] think; criminals pay no attention to them at the moment, but they will be vulnerable -- easy targets.
"The problem is that customers design the operating systems (either within open source communities or via market demand) and they choose flexibility over security."
The most secure operating systems such as Symbian 9 and 10 and mobile platform Brew have been pushed aside for their more functional counterparts, according to Kaspersky.
"Secure operating systems are unlikely to emerge in the foreseeable future," he added.
He said the Achilles' heel of flexible, popular operating systems is that they run unsigned applications.
"It takes a long time to get a certificates for applications, so secure operating systems have a limited set of applications and services," Kaspersky said.
According to Kaspersky, secure operating systems only attract about 1 to 3 percent of users because of their functionality limitations.
PureHacking senior security consultant Chris Gatford said the platforms will be increasingly targeted as more people migrate to them.
"It is lucky that to date BSD and Mac users haven't really been targeted yet because there are proof-of-concept malware around and a few in the wild," Gatford said.
"Users will always want to run whatever they want, whenever they want, regardless of security concerns."
» posted by ITworld staff
Computerworld Australia
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Regurgitated warning
This same warning has been repeated not only by this company, but other security companies making their living from selling anti-malware to Windows users for as long as I've been using Linux. The first time I heard one of these warnings was in 2001. I'm still waiting for the other shoe to drop.Pure B.S.
The majority of the world's servers run on Unix or Linux. Most of these keep databases with sensible data from banks accounts to tax payers info. How come nobody has released malware to steal such data?The answer is simple, it is extremely difficult. Unix is well designed to resist attacks.
Hollow scare mongering from someone who benefits from it.
Anti-malware vendors make generalisations and hollow claims periodically to frighten people and thereby drum up more business for themselves.Their targets for fear are where the largest markets are and they throw in some systems considered to be near the heights of "most secure" like OpenBSD, to make people think that there is no other option but to use anti-malware software.
The fact is, that no complex system accessible to potentially malicious people can ever be perfectly secure, since they're designed by fallible people. So there will always be a trade-off between security and usability.
For my systems which need security, I prefer to choose a system which has security as the primary focus, with functionality worked into it as the secondary focus (OpenBSD). Given the complexity required and how hostile the Internet is, it can't be perfect, but at least a best effort is made.
If ever I start getting malware outbreaks on my OpenBSD and Mac systems, I'll then consider the new BSD/Mac anti-malware industry which might pop up. But since I'm past 10 years with these systems with no malware problems, I keep saving my money.
Thanks anyway Kaspersky. I'll just keep waiting for the storm.