Is Linux Next?

Linux for users is growing very slowly in the United States, where it runs less than 1% of all desktops, Gartner analyst Michael Silver says. It's used more elsewhere, especially in Eastern Europe. "They need less-expensive alternatives, and they don't have the legacy and compatibility issues we have," Silver says.

As Linux's popularity increases, some question whether the open-source development model will be able to keep it secure.

David Humphrey, a senior technology adviser at consulting firm Ekaru, says kernel security enhancements make Linux one of the most secure operating systems.

Others raise concerns. "To a large extent, [security] could be a failure with open source," says Ira Winkler, president of the Internet Security Advisors Group, and author of Spies Among Us (Wiley, 2005). The primary issue is a lack of consistency in testing methodologies, he says.

The question is whether an open-source model is more or less secure, Forrester's Goulde says. In the plus column, everyone can examine the code for vulnerabilities and submit fixes. But because the source code for any Linux project is so widely circulated, "it's available to every hacker in the world," he says.

Open-source contributors must be accepted into a development project, and acceptance is based on their previous work, Goulde notes. "There's a perception out there that anyone drinking Jolt Cola and eating potato chips in their basement can place code into an open-source project, and that's simply not true."

Many Linux users don't seem all that worried. An InformationWeek survey found that only 10% of 354 business-technology professionals mentioned security as a challenge that they encountered while deploying the software.

Brad Friedman, information services VP at Burlington Coat Factory, hasn't experienced major security problems with the Linux software installed on some 7,000 point-of-sale terminals and workstations. But he remains vigilant. "I'm sure we'll start to see people exploit vulnerabilities in Linux. Every piece of software has holes," he says.

In the end, the burden for securing Linux systems remains with the companies using them. They'll continue to struggle with the imperfect software and the knowledge that the cost of imperfection can be quite high.

Illustration by Peter Horvath