Linux security is a 'myth', claims Microsoft

A senior Microsoft executive, speaking exclusively to vnunet.com, has dismissed Linux's reputation as a secure platform as a "myth", claiming that the open source development process creates fundamental security problems.

Nick McGrath, head of platform strategy for Microsoft in the UK, said that the myths surrounding the open source operating system are rapidly being exploded, and that customers are dismissing Linux as too immature to cope with mission-critical computing.

"The biggest challenge we need to face centres on the myth and reality. There are lots of myths out there as to what Linux can do. One myth we see is that Linux is more secure than Windows. Another is that there are no viruses for Linux," said McGrath.

"Who is accountable for the security of the Linux kernel? Does Red Hat, for example, take responsibility? It cannot, as it does not produce the Linux kernel. It produces one distribution of Linux.

"In Microsoft's world customers are confidant that we take responsibility. They know that they will get their upgrades and patches."

McGrath went on to claim that another Linux myth centres on the number of open source developers who work to create the operating system.

"There a myth in the market that there are hundreds of thousands of people writing code for the Linux kernel. This is not the case; the number is hundreds, not thousands," he said.

"If you look at the number of people who contribute to the kernel tree, you see that a significant amount of the work is just done by a handful.

"There are very few of the improvements that come through the wider community. There are more skilled developers writing for the Microsoft platform than for open source.

"The way that 2004 started off there were a lot of myths in the marketplace around the cost and capability of Linux. But now a lot of the ideology has been replaced with commercial reality."

McGrath argued that recent growth in Linux deployments came largely at the expense of installed Unix systems, rather than replacement of Windows servers.

"We are increasingly seeing that the biggest challenges in the marketplace are less for Microsoft and more in the Unix space. Customers are moving away from Risc to Intel as the price performance ratio is compelling," he said.

"A lot of the percentage growth figures mask the fact that Linux is coming from a very small base. There are more Unix servers than Linux servers in the UK. There are more Windows servers than Linux servers in the UK."

The credibility of Linux in the enterprise is beginning to suffer, according to McGrath, as companies complete trials and find the platform wanting.

"A lot of customers have got trials and pilots of Linux, but are holding back Linux deployment into the mainstream because the operating system does not have the solution stack that they were expecting," he said.

"Most customers look for more than just a product from their vendors. They need a solution that comes with the appropriate levels of support and service. This is where Linux is becoming more challenged as people expect more from Linux.

"Linux is not ready for mission-critical computing. There are fundamental things missing. For example, there is no single development environment for Linux as there is for Microsoft, neither is there a single sign-on system.

"There are bits of the Linux software stack that are missing. These are factors that are holding back Linux."

Source: VNUNet