Software

Why a Linux-powered botnet shouldn't send you scurrying back to Windows

The revelation that online attacks are being mounted using a large network of compromised Linux computers shouldn't deter you from trying out an open-source desktop.

Image: iStock
The discovery of a sizeable Linux botnet may be worrying some new converts to the open-source OS.

However, even if you're running a Linux-based OS on your desktop there's a good chance you're not vulnerable to the malware that is forcing machines to join this botnet.

For a start, Ubuntu, one of the most popular Linux-based operating systems, isn't set up in a way that allows new users to get infected.

For the XOR DDoS malware to spread to an Ubuntu OS, the user needs to have made a series of deliberate changes to the default configuration of the system, without proper regard to security.

So this malware isn't going to catch out the average person who's testing Ubuntu on an old machine or an experienced administrator who's versed in keeping systems secure.

"Any Ubuntu machine that might be susceptible to this XOS.DDoS attack, is in a very small minority of the millions of Ubuntu systems in the world," said Dustin Kirkland, security specialist at Canonical, the company behind Ubuntu, who added that the free antivirus ClamAV is also able to clean XOR DDoS from affected systems.

Ubuntu isn't the only major Linux distro that's not vulnerable to this malware out of the box. The default release of Linux Mint, another very popular distribution, doesn't include the remote access software the malware needs to break into the machine.

It also isn't right to say this malware is exploiting a bug at the heart of the Linux OS, instead it takes over machines by brute forcing access to the root user account via remote access software.

That's not to underplay the fact that a significant number of computers seem to have been forcibly recruited into this botnet. Criminals are using this network of machines to orchestrate attacks on around 20 targets a day, according Akamai. The content delivery network claims to have blocked attempts to flood organisations' websites with 50 Gbps and 100 Gbps of traffic - some way behind the 300-plus Gbps of the biggest DDoSes but not trivial either.

How Linux measures up on security

No-one should argue that Linux-based machines are invulnerable but they certainly come under less sustained attack. While the occasional virus and rootkit crops up from time to time, the amount of malware targeting Linux platforms remains far below that aimed at Windows.

When it comes to open source security, a frequent argument is that "many eyes makes for secure code". The contention is that, because the Linux source code is open for experts across the world to view, vulnerabilities and deliberate exploits are more likely to be spotted.

Not everyone agrees, however, including Dr Iain Levy, the technical director at the UK's Communications-Electronics Security Group (CESG) - part of the security agency GCHQ. Levy questioned how many users are competent enough to "judge the security of the Linux kernel". But he was equally dismissive of the claim that it's easier to find weaknesses in open source systems because the code is available to all, an assertion that is frequently used to diminish Linux's security credentials.

And while no system is 100 percent secure, last year the UK's CESG ruled that Ubuntu scored the highest in 12 different tests of security, well in front of Windows 8 and Mac OS X.

Perhaps the key lesson when it comes to security is that it's better to focus on the strengths and weaknesses of the software, and not get hung up on whether it's proprietary or open source.

About Nick Heath

Nick Heath is chief reporter for TechRepublic. He writes about the technology that IT decision makers need to know about, and the latest happenings in the European tech scene.

Editor's Picks

Free Newsletters, In your Inbox