No platform is immune. But how does Linux and open source manage to overcome issues like Linux.encoder.1 with such efficiency? Jack Wallen ponders this issue.
Let me just put this out there for your consideration.
All platforms are insecure. They can all be exploited in one way or another. At some point in time, it will be announced that no operating system is invulnerable and every single one of them has their kryptonite. Every. Single. One.
Windows. OSX. Linux. Android. iOS. None of them are one hundred percent safe. Plug them into a network and their security is compromised. It doesn't matter how well the platform is designed, there will be those up to the challenge of taking it down.
However, there is one platform that is better suited for overcoming that which ails the flawed ones and zeros. One platform that is not only adept and agile enough to run toe to toe with entropy and infiltration...one that can overcome.
Recently it was announced (in typical modern-day fashion) that a ransomware had been discovered on the Linux platform. Word spread quickly and some were predicting the fall of Linux and open source. Soon after the announcement, it was discovered that the ransomware, Linux.encoder.1, had infected "Tens of users". Tens. Of. Users. That's how prevalent Linux.endcoder.1 was.
Shortly after that, it was discovered, after the ballyhoo of making it sound like Linux was doomed, that the only systems vulnerable to Linux.encoder.1 were those that used Magento and hadn't been updated since February 9, 2015. Anyone that had an updated Magento installation was fine.
So what happened? Well, first and foremost, we live in a knee-jerk global society. Anyone could get on Facebook, and shout to all that will listen, that Linux was created by Hitler and contains code designed to steal your children and take your job. Soon after that proclamation, people would be spreading the word and the validity of Linux would be called into question. This is how word of a ransomware that affected tens of users across the globe so quickly turned into a near open source apocalypse.
However (there's always an "however")...open source has this wonderful way of overcoming such things. How, you ask? First, and foremost, the very nature of open source allows for quick and easy vetting by peers. The second Linux.encoder.1 was announced, every open source developer across the globe could crack open the code and find out just what this ransomware does and how it attacks. This means that Jane or Joe coder from Fargo, ND or Muncie, IN could discover the issue, submit it to the developer and, viola!, the vulnerability is patched. That's easily millions of developers at work solving a single problem.
In the case of Linux.encoder.1, it was discovered the creators of the ransomware even made a fundamental mistake in that their encryption method employed a faulty implementation of Advanced Encryption Standard (AES). What this did was, effectively, generate the ransom key from the affected system using the libc rand() function seeded with the current system time-stamp. Of course, not everyone is capable of putting that two and two together to come up with a key. To that end, Bitdefender has created a script that will do this for you. So if you happen to have been using an outdated instance of Magento and are infected with Linux.encoder.1, download the script and use it to uncover the necessary encryption key and unlock your data.
But there's another reason, one that very few ever bother to mention, that open source bests all other platforms at overcoming such issues.
Open source is only beholden to the community.
Proprietary software happens to be beholden to a CEO, to a board of directors...to the dreaded bottom line. That means when the likes of Linux.encoder.1 is discovered, the first thing they must do is contain the damage...not to the software, but to the company. Once that "public statement" is made, they can then begin, in earnest, to work toward a solution. Once the solution is discovered, they then must vet the solution before releasing it to the public. This all takes time; but because proprietary software is, above all else, beholden to the bottom line, releasing a fix isn't as simple as discovering the issue and fixing said issue.
This is not to say that Linux and open source will always get off this easily. This time around, the creators of the ransomware made a crucial error. Who's to say next go 'round they won't make that error and find a vulnerability in an even more prevalent software to use. Say, for example, they find a vulnerability in Apache or BIND...that could spiral into a catastrophe. And considering some vendors (such as IBM) are so lazy that they cannot adequately get their software to function with SELinux (so much so, they advise users to disable the critical security layer), more and more vulnerabilities will be found. Linux is, in no way, immune to attacks. They will happen. But thanks to the very nature of the platform, overcoming such issues is far easier and expeditious than its proprietary counterpart.
The unfortunate reality is there is no sure thing when it comes to platform security...unless you consider a powered-off machine to be viable. No operating system is immune to the constant attacks from those who work tirelessly to "hack the planet". It's only a matter of time until your platform is taken down. Will you be ready when it happens?