Kaspersky: Mac, Linux, BSD open for attack
Looming attacks will soon pop the security bubble enjoyed by Linux and Macintosh users, according to Russian security expert Eugene Kaspersky.
The co-founder of IT security company Kaspersky Labs said Linux and Mac users will be "easy targets" for hackers and malware writers over the next few years.
"Modern operating systems are flawed by design," Kaspersky said, "including OpenBSD".
"Mac and Linux are not as secure as [users] think; criminals pay no attention to them at the moment, but they will be vulnerable -- easy targets.
"The problem is that customers design the operating systems (either within open source communities or via market demand) and they choose flexibility over security."
The most secure operating systems such as Symbian 9 and 10 and mobile platform Brew have been pushed aside for their more functional counterparts, according to Kaspersky.
"Secure operating systems are unlikely to emerge in the foreseeable future," he added.
He said the Achilles' heel of flexible, popular operating systems is that they run unsigned applications.
"It takes a long time to get a certificates for applications, so secure operating systems have a limited set of applications and services," Kaspersky said.
According to Kaspersky, secure operating systems only attract about 1 to 3 percent of users because of their functionality limitations.
PureHacking senior security consultant Chris Gatford said the platforms will be increasingly targeted as more people migrate to them.
"It is lucky that to date BSD and Mac users haven't really been targeted yet because there are proof-of-concept malware around and a few in the wild," Gatford said.
"Users will always want to run whatever they want, whenever they want, regardless of security concerns."
» posted by ITworld staff
Computerworld Australia
Build your tech library with our book giveaways.
Hacking Exposed, Sixth Edition
By Stuart McClure, Joel Scambray, George Kurtz; Published by McGraw-Hill/Osborne
The original Hacking Exposed authors rejoin forces on this tenth anniversary edition to offer completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using their proven methodology, the authors reveal how to locate and patch system vulnerabilities. The book includes new coverage of ISO images, wireless and RFID attacks, Web 2.0 vulnerabilities, anonymous hacking tools, Ubuntu, Windows Server 2008, mobile devices, and more. Enter now!
Regurgitated warning
This same warning has been repeated not only by this company, but other security companies making their living from selling anti-malware to Windows users for as long as I've been using Linux. The first time I heard one of these warnings was in 2001. I'm still waiting for the other shoe to drop.Pure B.S.
The majority of the world's servers run on Unix or Linux. Most of these keep databases with sensible data from banks accounts to tax payers info. How come nobody has released malware to steal such data?The answer is simple, it is extremely difficult. Unix is well designed to resist attacks.
Hollow scare mongering from someone who benefits from it.
Anti-malware vendors make generalisations and hollow claims periodically to frighten people and thereby drum up more business for themselves.Their targets for fear are where the largest markets are and they throw in some systems considered to be near the heights of "most secure" like OpenBSD, to make people think that there is no other option but to use anti-malware software.
The fact is, that no complex system accessible to potentially malicious people can ever be perfectly secure, since they're designed by fallible people. So there will always be a trade-off between security and usability.
For my systems which need security, I prefer to choose a system which has security as the primary focus, with functionality worked into it as the secondary focus (OpenBSD). Given the complexity required and how hostile the Internet is, it can't be perfect, but at least a best effort is made.
If ever I start getting malware outbreaks on my OpenBSD and Mac systems, I'll then consider the new BSD/Mac anti-malware industry which might pop up. But since I'm past 10 years with these systems with no malware problems, I keep saving my money.
Thanks anyway Kaspersky. I'll just keep waiting for the storm.