By Jonathan Yarden
Every few years, someone decides to cause a stir and claim that someone else's software infringes on a patent or copyright with their software. Last year, SCO Group stepped up to the plate and made headlines with a multi-lawsuit undertaking, filing suit against IBM and other companies for violation of its alleged intellectual property relating to UNIX.
Specifically, SCO claims that some companies—IBM among them—illegally included portions of its operating system in Linux. The lawsuits and SCO's other contentious actions, such as its attempts to invoice companies for using Linux, set an industry controversy in motion.
Now, that controversy has moved into the Internet security realm, manifesting in attacks against SCO. Last year, the company endured several denial-of-service (DoS) attacks that brought down its Web site, and now the MyDoom virus, which targets SCO's Web server, is raging across the Internet, crashing systems of users who know nothing about SCO and earning a reputation for the worst e-mail outbreak ever.
Emotions have a way of overcoming even the most intelligent and rational people. DoS attacks against Web sites are stupid, and attacking SCO in this manner doesn't do any good—and it wastes precious bandwidth.
Unfortunately, SCO's battles will likely wreak plenty more collateral damage before it's all said and done. Too much attention is not always a good thing, especially when it concerns an older UNIX operating system such as SCO OpenServer.
SCO is now a target, and I'm quite sure that there are numerous hacker groups and individuals actively looking for security weaknesses and exploits in SCO OpenServer. SCO has opened the floodgates, and many are already seeking revenge, as evidenced by MyDoom and the numerous DoS attacks.
Unfortunately, I don't think this dispute will restrict itself to SCO's own Web servers. In my opinion, it will quickly spill over and begin endangering SCO customers, many of which are running the initial install of SCO OpenServer without any security updates.
If your organization uses SCO products, now is the time to secure these resources. Putting off applying security patches is never a good idea for any operating system or application, but given recent events, it could be enterprise suicide if you put off updating SCO OpenServer.
Don't wait any longer to secure your SCO systems. SCO is under intense scrutiny by the Internet community, and it's not likely to subside any time soon. SCO's battles with Linux are stirring up all kinds of emotion—don't let your SCO systems become a target for misplaced aggression.
Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.