Linux Myths, Legends, and FUD
The rise in the popularity of Linux has led to rampant (and sometimes strange) speculation about
all the terrible things it could lead to or, conversely, to almost manic declarations of how Linux will
solve all the problems of the world. I'll try as best I can (with my own admitted bias toward Linux)
to present facts to address beliefs about Linux and to combat some of the unrealistic fear, uncer-
tainty, and doubt (FUD) being spread by those with a vested interest in seeing Linux not succeed.
Can You Stop Worrying About Viruses?
Well, you can (and should) always worry about the security of any computer connected to the
Internet. At the moment, however, you are probably less likely to get a virus from infected e-mail
or untrusted Web sites with standard e-mail clients and Web browsers that come with Linux sys-
tems than you would with those that come with the average Microsoft Windows system.
The most commonly cited warnings to back up that statement come in a report from the United
States Computer Emergency Readiness Team (CERT) regarding a vulnerability in Microsoft Internet
Explorer (
www·kb.cert·org/vuls/id/713878
):
There are a number of significant vulnerabilities in technologies relating to the IE
domain/zone security model, the DHTML object model, MIME type determination,
and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a differ-
ent Web browser, especially when browsing untrusted sites. Such a decision may, how-
ever, reduce the functionality of sites that require IE-specific features such as DHTML,
VBScript, and ActiveX. Note that using a different Web browser will not remove IE from
a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control,
or the HTML rendering engine (MSHTML).
US-CERT Vulnerability Note VU#713878
While the note also recommends keeping up with patches from Microsoft to reduce your risks, it
seems that the only real solutions are to disable Active scripting and ActiveX, use plain text e-mail,
and don't visit sites you don't trust with Internet Explorer. In other words, use a browser that dis-
ables insecure features included in Microsoft products.
This announcement apparently caused quite a run on the Mozilla·org site to download a Firefox
browser and related e-mail client (described in Chapter 22 of this book). Versions of those software
projects run on Windows and Mac OS X, as well as on Linux. Many believe that browsers such as
Firefox are inherently more secure because they don't allow nonstandard Web features that might
do such things as automatically download unrequested software without your knowledge.
Research into hijacked computers being taken over, by the thousands, to be used as botnets has
shown a very high percentage to be Microsoft Windows systems. The disturbing thing about the
statistics, however, is that many of these systems have been upgraded with Microsoft Service Pack 2
(SP2) or other patches that were supposed to protect from those types of infections. A type of
trojan referred to as SpamThru (resulting in botnets that turn out thousands of spam messages)
23
Starting with Linux
1
