When the Indiana Department of Education rolled out PCs running Linux to schools last year, it installed open-source antivirus software on the servers connected to the desktop systems to scan incoming e-mail. But it didn’t bother to put antivirus tools on the PCs themselves.
“I hate to admit this, but I wasn’t worried,” said Forrest Gaston, a consultant who is managing the project for the Indianapolis-based agency.
And despite heavy Internet usage by students, Gaston’s optimism has been borne out thus far. Desktop security “hasn’t been an issue,” he said.
Linux’s relative immunity to viruses, spyware, worms and other malware has long been one of the open-source operating system’s key attractions. Exhibitors at the Desktop Linux Summit 2006 in San Diego last month touted a lack of security threats as a big selling point.
“There are almost no viruses for Linux. Certainly, I’ve never seen one,” said Tom Welch, chief technology officer at Linspire Inc., a San Diego-based desktop Linux company.
In a recent blog entry, Jeffrey Jaffe, Novell Inc.’s chief technology officer, wrote that since joining Novell late last year and switching from Windows to Linux on the desktop, viruses have become “things of the past” for him.
Even companies hawking Linux antivirus products acknowledge that the operating system doesn’t suffer from many security woes at this point.
“Our product is more used to filtering Windows viruses than actual Linux viruses,” said Ron O’Brien, an analyst at Sophos PLC, a security firm in Abingdon, England.
But John Andrews, president of market research firm Evans Data Corp. in Santa Cruz, Calif., said that Linux is slowly becoming a bigger target for attackers. “Windows was the only game in town, but now Linux is offering a more tempting prize,” he said.
In a survey of 450 Linux software developers conducted by Evans Data, just under 11 per cent of the respondents said they had found viruses on their systems.
The results, which were released last month, show that more than a third of the affected users reported that they had three or more infections. Those are the highest totals ever reported in the twice-yearly survey.
In April, a cross-platform virus emerged that could theoretically infect both Windows and Linux systems. Johannes Ullrich, chief research officer at the SANS Institute in Bethesda, Md., said that such proof-of-concept code has traditionally presaged the development of actual malware. “I think we’ll see an increase in virus activity as Linux becomes more mainstream,” he added.