Ubuntu Linux was the only system left unscathed in a multi-platform hacking competition last week, but does that mean it is more secure?
Apple's Leopard OS lasted 30 second, Windows Vista Ultimate lasted until the third day, but Ubuntu's Linux distribution alone was left secure at the end of the "Pwn to Own contest" at CanSecWest security conference held in Vancouver.
James Turner, a security analyst from IBRS said that "in this particular instance, which supports the conclusion that Ubuntu is more secure." However, he said the result is unlikely to cause an increased uptake of Linux amongst business users.
"Most people who are advocating Linux do it to improve their own skill set rather than actively support the business. That creates a problem for CIOs who are there to support the business," said Turner who pointed out that support also remained a major issue for CIOs when considering a Linux implementation.
Jeff Waugh, from Waugh Partners, an Australian open source consulting firm, commented that this result should not be seen as a guarantee that Ubuntu based systems are more secure.
"Certainly one of the exploits [the Flash exploit], would have allowed entry into the Linux system as well," said Waugh, who added that the lower penetration of Linux-based systems gave such systems a security advantage.
"There are not a lot of people focusing on [Ubuntu], because it's not a high profile system. The kind of people participating in this event ... would want the crowning glory from finding something tasty in Windows or Mac OS X," Waugh said. Waugh said that this also highlighted that the OS is not the principal security weakness in a desktop.
"The kind of attack vectors that can be used now are much more effective at the client side on a mass scale, both vectors were client software that connected to the Web. The Web browser is absolutely the most exposed part of any system now." However for Waugh, this was still a win for open source systems.
"It is telling that the folks involved didn't sit down and read the source code and go after something in there ... sure that is evidence enough [against the idea] that if you open your source code you are showing your family jewels to the world."
The competition ran from 26 to 28 March and offered contestants a chance to win the latest Fujistu, Sony and Apple laptops — providing they were able to find a way to access a file on the machines. The laptops on offer included a MacBook Air running OSX 10.5.2, a Fujitsu U810 running Vista Ultimate SP1, and a Sony VAIO running Ubuntu 7.10.
That completely voids this story.
The "hackers" that ended up with the Linux laptop are on record as saying they "didn't want to put the work into developing the exploit code that would be required to win the contest."
Plus there would of course be more glory in hacking OSX or Vista SP1.
So there we go... Linux was not hacked because they couldn't be bothered to! NOT because Linux is more secure and NOT because its better than OSX or Vista.
Please report the facts before inventing your entire storyline.