Kaspersky: Mac, Linux, BSD open for attack
Looming attacks will soon pop the security bubble enjoyed by Linux and Macintosh users, according to Russian security expert Eugene Kaspersky.
The co-founder of IT security company Kaspersky Labs said Linux and Mac users will be "easy targets" for hackers and malware writers over the next few years.
"Modern operating systems are flawed by design," Kaspersky said, "including OpenBSD".
"Mac and Linux are not as secure as [users] think; criminals pay no attention to them at the moment, but they will be vulnerable -- easy targets.
"The problem is that customers design the operating systems (either within open source communities or via market demand) and they choose flexibility over security."
The most secure operating systems such as Symbian 9 and 10 and mobile platform Brew have been pushed aside for their more functional counterparts, according to Kaspersky.
"Secure operating systems are unlikely to emerge in the foreseeable future," he added.
He said the Achilles' heel of flexible, popular operating systems is that they run unsigned applications.
"It takes a long time to get a certificates for applications, so secure operating systems have a limited set of applications and services," Kaspersky said.
According to Kaspersky, secure operating systems only attract about 1 to 3 percent of users because of their functionality limitations.
PureHacking senior security consultant Chris Gatford said the platforms will be increasingly targeted as more people migrate to them.
"It is lucky that to date BSD and Mac users haven't really been targeted yet because there are proof-of-concept malware around and a few in the wild," Gatford said.
"Users will always want to run whatever they want, whenever they want, regardless of security concerns."
» posted by ITworld staff
Computerworld Australia
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by TwitterOn Twitter now
security
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Regurgitated warning
This same warning has been repeated not only by this company, but other security companies making their living from selling anti-malware to Windows users for as long as I've been using Linux. The first time I heard one of these warnings was in 2001. I'm still waiting for the other shoe to drop.Pure B.S.
The majority of the world's servers run on Unix or Linux. Most of these keep databases with sensible data from banks accounts to tax payers info. How come nobody has released malware to steal such data?The answer is simple, it is extremely difficult. Unix is well designed to resist attacks.
Hollow scare mongering from someone who benefits from it.
Anti-malware vendors make generalisations and hollow claims periodically to frighten people and thereby drum up more business for themselves.Their targets for fear are where the largest markets are and they throw in some systems considered to be near the heights of "most secure" like OpenBSD, to make people think that there is no other option but to use anti-malware software.
The fact is, that no complex system accessible to potentially malicious people can ever be perfectly secure, since they're designed by fallible people. So there will always be a trade-off between security and usability.
For my systems which need security, I prefer to choose a system which has security as the primary focus, with functionality worked into it as the secondary focus (OpenBSD). Given the complexity required and how hostile the Internet is, it can't be perfect, but at least a best effort is made.
If ever I start getting malware outbreaks on my OpenBSD and Mac systems, I'll then consider the new BSD/Mac anti-malware industry which might pop up. But since I'm past 10 years with these systems with no malware problems, I keep saving my money.
Thanks anyway Kaspersky. I'll just keep waiting for the storm.