Linux: The clear choice for security

According to the UK's Communications-Electronics Security Group (CESG), Linux is the clear choice when it comes to security.


Linux security

Recently, the United Kingdom's Communications-Electronics Security Group (CESG) ran a series of tests to find out which operating system would be the most secure platform for the UK government. The test consisted of the following categories:

  • VPN
  • Disk Encryption
  • Authentication
  • Secure Boot
  • Platform Integrity and Sandboxing
  • Application Whitelisting
  • Malicious Code Detection and Prevention
  • Security Policy Enforcement
  • External Interface Protection
  • Device Update Policy
  • Event Collection for Enterprise Analysis
  • Incident Response

The goal was to see which platform would pass most of the 12 tests. The winner, Ubuntu 12.04 (Figure A), was far ahead of both Windows 8 and Mac OS X. The CESG site contains all of the findings, or you can read the Canonical summarization of the report. From the Canonical summary:

“All in all, Ubuntu 12.04 LTS stacks up as the most secure of the current desktop and mobile operating systems. Supported by Canonical with free security updates for 5 years, and without malware problems, it’s hard to beat in official public sector applications. We are working hard to close the gap and make Ubuntu clearly stand out as the most trustworthy operating system for the future and we hope to make excellent progress before our next LTS release in April 2014, 14.04 LTS, which will be even better.”

Figure A


Figure A

The Ubuntu 12.04 desktop ready to install.

One interesting statement from the full report is that no operating system that's currently available can meet all of the above tests. Also interesting from the full report is that Samsung devices running Android 4.2 scored as high as Ubuntu 12.04.

Why 12.04? Because it's the most recent Long Term Support (LTS) release. Canonical is confident that 14.04 (the next LTS release) will meet or exceed the tests passed by 12.04. As for the current LTS: Ubuntu 12.04 passed nine of the 12 tests and had zero significant risks. Windows 8 passed seven with 1 significant risk. OS X passed eight tests with zero significant risks.

What does this mean?

One can surmise that the UK government is looking for their platform of the future. With the dramatic rise in cyber-crime, every government agency (business or enterprise) would be remiss in failing to run similar tests or, at the very least, giving the UK report a close read.

People have argued for years about platform security. There have been numerous events held with the sole purpose of determining a clear winner. Unfortunately, many of those tests and research papers cannot be trusted, simply because they were sponsored events (with vested interests in one particular platform performing beyond the others). But for the needs of a government agency (or an enterprise-grade business), the tests run by the CESG are right on the money. These are unbiased, unfiltered tests with end results that aren't concerned with market share, board of directors, or investors.

And in the end... Linux wins. Period.

No, Linux may not hold the coveted spot on top of the business and home desktop food chain, but now that a government entity has singled out Ubuntu 12.04 as the must secure platform available, this could easily change. Why? Businesses can't function without security. If the thought leaders of industries can't wrap their heads around that one fact, they're dooming countless businesses -- and not recommending Linux for desktop use is senseless.

Over the last five years, I've been working as a remote support engineer for hundreds of clients (with thousands of end users). I can say this with complete assurance: Nearly 100% of the problems I've dealt with could have been avoided by simply using Linux. Desktops have lost data and businesses have lost hundreds of thousands (if not millions) of dollars because of Windows. That is not opinion... that is fact. Had those users been using Linux, that would not be the case.

It never ceases to amaze me the amount of reports and claims of Windows superior security, when real-world results point to quite the opposite. And now, thanks to the UK government, there is official proof that Linux (specifically Ubuntu 12.04) is the best choice in a world where security should be priority number one.

The results of this test couldn't have come at a more poignant time. With Windows XP about to be put to rest, there will be a seemingly endless needs for businesses around the globe to replace those aging desktops. With all of the choices available to them, there is now one that stands well above the rest. That choice is Linux.

 Share your thoughts about this report and the future of Linux in the discussion thread below.