The Linux virus threat?

Some of the recent press regarding the "Goner" e-mail virus has brought about interesting commentary from anti-virus manufacturers. It seems that a number of these folks feel that Linux viruses soon will be rampaging through the Internet alongside their Windows brethren.

Don't hold your breath.

Why? Is Linux totally impervious to an e-mail virus? In theory, no. But in practice, it comes close.

The current crop of e-mail viruses relies heavily on the knowledge that most people are using the exact same e-mail client: Microsoft Corp.'s Outlook. With that knowledge, virus creators can focus on a single attack vector, capitalizing on the fact that Outlook allows incoming messages to be executed as programs. These programs can manipulate files on the recipient's system and mail themselves to other poor souls in the receiver's address book.

Outlook's vulnerability is due to the misguided attempt to introduce collaboration features, such as the execution of incoming programs, in a tool that does not properly implement the most critical collaboration feature of all: security. If you cannot determine that you trust both the message and the sender, it is a mistake to put yourself at the mercy of the message.

Open source provides an inherent advantage in protecting against vulnerability exploits. Rather than standardizing on a particular program with all its peculiar weaknesses, open-source solutions standardize on protocols.

When everyone can see your code, you cannot hide the way you speak to other parts of the system. The protocols are laid bare. The issue becomes, Which program provides the best implementation of the protocol and the best features?

This leads to two natural defenses against today's e-mail viruses. First, a program that suffers from a lack of security is not likely to remain unchanged for long. You can bet that if a vulnerability in an open-source e-mail program threatened devastation on the scale of the "I Love You" virus, for instance, a patch to plug the hole would be available on the Web within hours. Every company that got burned would have the patch installed within days, and the exploit in question would rapidly fade into history.

Second, standardizing on protocols rather than on programs yields competition. Different products may dot the IT landscape, but data interchange will be unhindered through support of these common protocols. Consequently, there will be no single programming flaw to exploit and bring the corporate world to its knees. There will be no universal, brain-dead hole for virus writers to target.

The world will still need to guard against worms and Trojan horses. But viruses will find a body of software that is much more resistant to infection than ever before. And that is a good thing -- unless you make your living selling anti-virus software.

Join the newsletter!

Error: Please check your email address.

More about Microsoft

Show Comments