Why the media loves to exaggerate Linux security problems

In today's open source roundup: The media makes money by exaggerating Linux security problems. Plus: Is Android too much like a PC? And Linux Mint 17 name and release date announced

By , ITworld |  Open Source, Android, Linux

There have been a lot of media reports about Linux security problems recently. ZDNet has taken a stand and pointed out that the problem isn't with Linux, the problem is with certain Linux users and administrators. I'd also argue that the problem is also with certain media outlets who jump on the "linux security stinks!" bandwagon at the earliest opportunity.

I couldn't blame you, if -- based on recent headlines such as "Linux worm Darlloz targets Intel architecture to mine digital currency" and "Botnet of thousands of Linux servers pumps Windows desktop malware onto web" -- you thought Linux was as full of holes as Windows XP. If you take a closer look, you'll find that Linux isn't the problem. No, the real security hole lies with some of Linux's administrators and users.

The moral of the story? If you hand the bad guys user ID and passwords, of course, you're going to get hacked. Linux, FreeBSD, Windows Server 2012 -- the operating system doesn't matter. If you leave your front door open, a crook will walk in. As security guru Bruce Schneier wisely said way back in 2000, "Security is a process, not a product."

More at ZDNet

Linux Security Botnets
Image credit: ZDNet

I've learned to take media reports about Linux security problems with a huge grain of salt. In the past I've had a knee-jerk reaction to them, and that has not proven to be wise. Always remember that in the media "if it bleeds, it leads" and you'll understand why sensationalistic headlines involving Linux security get thrown around with reckless abandon.

It's much better to step back and calmly evaluate the reality of the situation instead of depending on the media to present facts in stories involving Linux security. Facts often tend to be boring, and don't make for compelling clickability in headlines. It's much easier to blast out a scary headline than it is to put problems in perspective in a reasonable and thoughtful way.

I covered this in a column a while back called "Desktop Linux: The Presstitutes Strike Again!" and what I said then remains true now. It's not just Linux that gets this treatment though, take a look at how Apple is treated in the media. You'd think the company was down to its last dollar, and that its sales had utterly collapsed if you believe some of the silly stuff in the press.

On and on it goes as one media outlet after another seeks to get your attention, clicks and ad revenue. Sensationalistic headlines often do get a lot of clicks, and that brings in ad revenue as people load the page in their browsers. Never underestimate the importance of this when you see an over-the-top headline, it's click-bait for you and other readers.

I think it also has a lot to do with taking down a perceived winner in one technology category or the other. Certainly Linux has had a very good reputation when it comes to security, so any potential security problems are a terrific excuse to do a take-down of Linux and knock it off its security pedestal.

This is a problem that I don't think will ever end. It's just too tempting a revenue opportunity for some media outlets to pass up. So the distorted headlines will continue and readers will become more and more cynical as they realize that they've been deceived.

The best way to deal with this sort of thing is to avoid clicking on deceptive headlines, if at all possible. If you recognize a trend toward that sort of thing from a media outlet then it might be a good idea to skip reading content from that site.

Is Android too much like a PC?
Speaking of security problems, InfoWorld takes on the issue of Android and its open nature. Is it a good thing or a bad thing that it's similar to a PC in some ways?

Yes, Google hardly vets apps in the Google Play market for Android, so it's rife with malware and spyware that people install naively. If you enable this capability (very easy to do in the Settings app), Android lets you sideload apps from websites and other sources, which makes it an easy target for phishers. Like I said, it's like Windows. But it's unfair to blame Android for this situation.

Frankly, people need to stop expecting technology to do everything for them. Installing free apps is dangerous. Not making sure an app is from who it's supposed to be is dangerous. Installing apps from websites and email links is even more dangerous. Don't do it. And don't blame Android when you do.

More at InfoWorld

Android Security Problems
Image credit: InfoWorld

I'm inclined to agree with the write on this. Ultimate responsibility for the security of any device remains with the user. If you run around installing apps from the gods know where, you are liable to end up having some serious security problems.

At some point people have to accept responsibility for the choices they make on their Android devices, just as they do on their PCs. It's unfair to blame Google or Android for every security problem that occurs when people install malware-laden apps from unknown or shady sources.

I think a little common sense would go a very long way in avoiding Android security problems. The alternative is for people to move from Android into a walled-garden system like iOS, and I doubt very much that there are many Android users who would want to lose the freedom Android provides by making such a move.

Linux Mint 17 name and release date announced
Softpedia reports that the name and release date for Linux Mint 17 have been announced by Clement Lefebvre.

Once a year, the creator of Linux Mint announces the name of the next iteration, and this year it’s “Qiana.” The distributions always had interesting names, and one of the main reasons for this is that the community has no say in it. In other projects, like Fedora for example, the community decides the name, which hasn't worked out so well in the past.

“Linux Mint 17 will be named ‘Qiana’ and should be available at the end of May 2014. Qiana is pronounced kee-AHN-ah. It was the name of a fashion silk-like material, introduced in the 1970s and popular in the disco-era, when it was made into loud, shiny shirts with pointy collars. The feminine name is of American origin, and its meaning is ‘silky.’ In some languages Qiana also means ‘singers,’ ‘light,’ or ‘deity’,” said Clement Lefebvre in a very short post.

More at Softpedia

You can read the official release on the Linux Mint blog, including comments by Clem in response to questions posed by Linux Mint users.

It seems that there might be some changes to how Linux Mint uses Ubuntu as its base. I found this tidbit in post number 10 quite interesting:

@Clem: Do you intend to pass by Ubuntu’s next three normal releases, i.e. to drop their base because they are far too short to be supported effectively?

Edit by Clem: The decision wasn’t made yet, and after/if it is made we can always adapt it based on how things go. The length of the support is an element but it’s not the most important one at play. There’s also an element of quality and a wish to run mature and proven software rather than to jump on brand new frameworks, techs and toolkits every 6 months.

And then there’s the fact that we want to develop more. We want to push innovation on Cinnamon, be more active in the development of MATE, better support Mint tools and engage in projects we’ve postponed for years. So the idea is to boost all that by only adapting to new bases once every 2 years, to better commit to that one base shared by all releases and to better support it, and to have our hands freed to do exciting stuff. Note that all will become important post-Qiana though, around November 2014.

What's your take on all this? Tell me in the comments below.

The opinions expressed by the author do not necessarily reflect the views
of ITworld.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness