Ask Slashdot: Why Not Linux For Security?
An anonymous reader writes "In Friday's story about IBM's ban on Cloud storage there was much agreement, such as: 'My company deals with financial services. We are not allowed to access Dropbox either.' So why isn't Linux the first choice for all financial services? I don't know any lawyers, financial advisers, banks, etc., that don't use Windows. I switched to Linux in 2005 — I'm well aware that it's not perfect. But the compromises have been so trivial compared to the complete relief from dealing with Windows security failings. Even if we set aside responsibility and liability, business already do spend a lot of money and time on trying to secure Windows, and cleaning up after it. Linux/Unix should already be a first choice for the business world, yet it's barely even known of. It doesn't make sense. Please discuss; this could use some real insight. And let's at least try to make the flames +5 funny."
This is Slashdot. It's full of lies and FUD when it comes to MS.
Exactly.
And Linux users shouldn't feel smug, because the exploit used by Flashback affects Linux as well. It's just the payload was written to only affect MacOS X - the very same Java flaws that made Flashback get in the news were present in the Linux version as well.
Additionally - there ARE a lot of Linux malware out there. It's just instead of infecting the machine, they take advantage of the server role and use it serve malware. All the infected installations of websites using WordPress and other blogging software that are manipulated into serving up crap for Windows and MacOS X (Flashback was spread from infected webservers). I suppose we usually attribute these to "vulnerable" installations of Apache/WordPress/PHP/what-have-you rather than Linux itself, since in Linux we treat each piece of software that comes with the distribution as a separate component, whereas in Windows and MacOS X, we treat what it comes with as part of the OS even though they can be separate items (e.g., if a vulnerable Apache ships with OS X, we attribute it to OS X and not Apache)
As for using Linux to stay secure in the business - it seems that updates in Linux are just ... horrible. Sure most distributions have excellent update mechanisms, and they do have superb patch and update times, but the big problem is an update can easily screw you over in weird and wonderful ways. It's usually at the point where no one installs updates until they come to a point where they can deal with breakage - e.g., project's over, now upgrade from Ubuntu 8.04 LTS to 12.04LTS. After all, who knows if an update will suddenly cause something to break and slip the release?