Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Why Not Linux For Security?

timothy posted about 2 years ago | from the you-just-haven't-earned-it-yet-baby dept.

Businesses 627

An anonymous reader writes "In Friday's story about IBM's ban on Cloud storage there was much agreement, such as: 'My company deals with financial services. We are not allowed to access Dropbox either.' So why isn't Linux the first choice for all financial services? I don't know any lawyers, financial advisers, banks, etc., that don't use Windows. I switched to Linux in 2005 — I'm well aware that it's not perfect. But the compromises have been so trivial compared to the complete relief from dealing with Windows security failings. Even if we set aside responsibility and liability, business already do spend a lot of money and time on trying to secure Windows, and cleaning up after it. Linux/Unix should already be a first choice for the business world, yet it's barely even known of. It doesn't make sense. Please discuss; this could use some real insight. And let's at least try to make the flames +5 funny."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


Wonderful Support... (5, Insightful)

Anonymous Coward | about 2 years ago | (#40116249)

The thing people like a lot of the times is that microsoft offers support, they have it stuck in their head that if you spend money on it, it must be better than a free alternative. Pretty simple really but that's human nature in this day and age, we are programed for it from commercials on tv to radio to Target and Walmart.

Re:Wonderful Support... (4, Interesting)

spazdor (902907) | about 2 years ago | (#40116317)

Well if you want to spend a lot of money on a well-supported enterprise solution, there's still Solaris. And it's not like there's any shortage of commercially-supported Linux enterprise OSes too.

I understand that it's more important to some people to be able to have someone to scream at from outside the company who is contractually obligated to fix your stuff when it breaks. Microsoft offers that, but a million other companies do too.

I think it more often comes down to the simple fact that Microsoft stuff has more mindshare, and thus an easier learning curve for a greater number of employees. It's the standard because it's the standard because it's the standard.

Re:Wonderful Support... (2, Interesting)

Anonymous Coward | about 2 years ago | (#40116681)

If you think that Solaris is "well supported", you must spend at least half a million a year on it, since Oracle won't even look at anyone who asks about spending less than that on Solaris/Sun hardware these days. Hell, I'd probably get better support running Debian/Sparc than I would trying to get support from Oracle for Solaris...

Re:Wonderful Support... (5, Informative)

girlintraining (1395911) | about 2 years ago | (#40116849)

The thing people like a lot of the times is that microsoft offers support, they have it stuck in their head that if you spend money on it, it must be better than a free alternative.

I've worked for several Fortune 500 companies. Support has nothing to do with the decision: Exclusionary contracts do. Microsoft offers huge discounts to businesses that agree not to use a competitor's product. They also regularily check for compliance and there are large fines for any company caught using open source software. Management often parrots what Microsoft says to tell the tech workers who question the policy, but if you ask the right people the right questions, you'll find out the company you're working for entered into an exclusive contract with Microsoft, and that was one of the conditions.

Easy Enterprise Controls (0)

Anonymous Coward | about 2 years ago | (#40116261)

...is the major problem afaik.

Dropbox is issue, not just Windows (3, Informative)

billstewart (78916) | about 2 years ago | (#40116901)

The problem with Dropbox isn't just that it exposes Windows insecurities, it's also that it makes it easy to export lots of stuff out of your company, potentially with wimpy passwords, to a storage system which your company doesn't have any control over - Dropbox doesn't even have to tell your company if they've gotten a subpoena or "friendly" FBI request for the material, and with no contract, there's no way to specify data retention limits.

At $DAYJOB, we've got a Dropbox-like service (at least the "upload/download from browser" part of it, not the "glom onto everything" part), because it's useful to have something like that. It goes to our own storage, and has encryption we've got control over, and it keeps the employees from needing to find other ways around the firewall's block on Dropbox uploads.

Fine, I'll bite (4, Interesting)

davidbrit2 (775091) | about 2 years ago | (#40116263)

Maybe it's because Windows' security isn't the rotting mess it was 10-15 years ago?

Re:Fine, I'll bite (3, Insightful)

machine321 (458769) | about 2 years ago | (#40116375)

Additionally, Linux distribution security generally isn't much better than modern Windows. Even small to medium packages tend to pull in everything but the kitchen sink. Of course, if you stick to packages in Linux, you at least have only one update mechanism.

Re:Fine, I'll bite (5, Informative)

ozmanjusri (601766) | about 2 years ago | (#40116513)

Additionally, Linux distribution security generally isn't much better than modern Windows.

Marketing efforts aside, reality disagrees.

The share of Windows malware increased to 99.6%. Classic Windows program files dropped 0.3% proportionately, but the increase in .NET programs compensated for this loss.

In the first half of 2011, the lion share of malware was once again written for Windows systems.

Only one in two hundred and fifty malware programs is not a Windows program file. The proportion of classic Windows program files (Win32) continues to drop. However, .NET programs (MSIL) compensate for this loss of 0.3% and the overall share of Windows malware programs is on the rise.

1 Win32 1.218.138 97,8 %
2 MSIL 21.736 1,7 %
3 WebScripts 3.123 0,3 %
4 Scripts 832 0,1 %
5 Mobile 803 0,1 %
6 Java 313
7 *ix 233
8 NSIS 131

http://www.gdatasoftware.co.uk/uploads/media/G_Data_MalwareReport_H1_2011_EN.pdf [gdatasoftware.co.uk]

Note that the 6% of Apple Macs infested are included in that "*ix 233" figure.

Re:Fine, I'll bite (2)

atlasdropperofworlds (888683) | about 2 years ago | (#40116641)

I don't follow. So more malware is written for windows? Hasn't that always been the case?

Re:Fine, I'll bite (0)

Anonymous Coward | about 2 years ago | (#40116763)

I don't follow. So more malware is written for windows? Hasn't that always been the case?

Yeah. Making Windows a bad choice if you are concerned about malware. Duh. I think the short-bus saved you a seat.

Course it is not just that there's more malware. It's that malware successfully spreads in the wild on Windows. That hasn't happened on *nix for a long time (latest one I know about is the 1988 Morris worm).

Re:Fine, I'll bite (0)

jklovanc (1603149) | about 2 years ago | (#40116871)

Malware is written for the largest target available; currently that is Microsoft Windows. If many businesses switched to *nix on the destop it would become more popular and more malware would be written for it. That would take one back exactly where Windows is today. It may be a short term gain to switch to *nix but as a long term solution it is doomed. This phenomenon can be seen with OSX. As OSX becomes more popular more malware is being written for it. Remember I am talking about *nix on a desktop and not server.

Re:Fine, I'll bite (1)

AmberBlackCat (829689) | about 2 years ago | (#40116823)

So if five people try to beat you up and only one person tries to beat me up, that means you're weaker than me?

Re:Fine, I'll bite (1)

ozmanjusri (601766) | about 2 years ago | (#40116883)

It means you're more likely to hand over your customers' money, which is what this discussion is about.

Re:Fine, I'll bite (1)

nzac (1822298) | about 2 years ago | (#40116899)

You should be using a car analogy. This is just improperly generalized and therefore misrepresents the situation.

Those five people are trying to beat me up one a time spread over months/years and no one is wanting to beat you up or if they are their too scared to try.

Re:Fine, I'll bite (2, Insightful)

bmo (77928) | about 2 years ago | (#40116853)

Even small to medium packages tend to pull in everything but the kitchen sink.

Well, if you're going to install something that requires KDE and you don't have KDE installed, be prepared to wind up installing KDE. But then if you are suddenly surprised that you are downloading KDE, it's *your* fault for not looking at the depends in the first place. It's not like this stuff is hidden away.

There *is* a problem with "Recommend" abuse. But then you can just turn off "treat recs as depends" and be done with it.

The system tells you exactly what's going on unless you're using that gawd-awful Ubuntu software center, but then Software Center is a reaction to the windroids that insist they not be told anything about what's going on, because it's "too complicated."

Linux distribution security generally isn't much better than modern Windows.

I dunno about you, but the amount of effort I personally go through keeping a Linux system secure is minuscule compared to having to keep up with Windows security. While this is a sampling of one, I believe my experience is typical.


Re:Fine, I'll bite (4, Insightful)

Yobgod Ababua (68687) | about 2 years ago | (#40116877)

The biggest advantage to Linux security is that it is far far easier to tell what is running, why it's running, and how it is configured, not to mention what ports are open and by whom.

Yes, in the hands of a newb user, both Linux and Windows can be insecure. That said, the training needed to lock down a Linux system is much more accessible and implementable. To properly lock down a Windows box you either need expensive third party tools or a Doctorate in "Making Microsoft do what I say despite what it wants".

Re:Fine, I'll bite (5, Interesting)

smartin (942) | about 2 years ago | (#40116421)

Funny, where I work we still use XP which is still the same rotting mess it was 10 years ago, the only difference is that it is wrapped in so much duct tape and so much time, effort and expense has been invested in it that the infosec people treat Linux and OSX as the same steaming pile of shit and it is really hard to break them free of it.

Re:Fine, I'll bite (1)

Billly Gates (198444) | about 2 years ago | (#40116431)

I would happen to agree with you besides the fact many just upgraded from Windows 2000 just a few years ago all with their shiny new IE 6 browsers. Since they just upgraded they do not feel the need to upgrade again from XP circa 2010.

Ok cutting edge IE 7 is getting popular now and its all soooo secure. Sigh

The finance industry is always the most behind as new operating systems do not drive the share price higher nor help them bet agaisnt currenices and 401ks.

upper management (4, Funny)

Anonymous Coward | about 2 years ago | (#40116271)

Simple, because upper management always wants more windows.

Re:upper management (0)

Anonymous Coward | about 2 years ago | (#40116581)

Job security scam, Windows needs more people, larger budgets, has more problems for greater visibility.

Re:upper management (0)

Anonymous Coward | about 2 years ago | (#40116873)

How many more windows do you want me to have?

security is a system, not in a product (-1)

alen (225700) | about 2 years ago | (#40116291)

linux isn't secure by itself. you have to configure it to be secure and you still have to buy firewalls and all kinds of appliances to monitor traffic. add that up along with the extra work required to set it up compared to windows and its cheaper to buy windows.

people don't work for free. figure $120,000 or so per employee when you figure all the benefits. cheaper to just buy windows

Re:security is a system, not in a product (2, Interesting)

Anonymous Coward | about 2 years ago | (#40116341)

because the windoes security guys work for free!

Re:security is a system, not in a product (1, Insightful)

MightyMartian (840721) | about 2 years ago | (#40116475)

Why would anyone buy firewalls when we have iptables and as far traffic monitoring, why pay for some custom Snort frontend? Actually that goes for iptables too. I haven't boought a router, firewall, traffic monitor, shaper or spam appliance in well over a decade.

Re:security is a system, not in a product (1)

garaged (579941) | about 2 years ago | (#40116657)

I've been working as sysadmin for some 7 years now, almost every company using Linux pays redhat licences (support or whatever) and I have never seen someone actually calling redhat for support...

I happyly use debian in all my computers but I people tends to be afraid of

Re:security is a system, not in a product (2, Informative)

Anonymous Coward | about 2 years ago | (#40116565)

Bullshit, do you have anything to back that up with? Appliances to monitor traffic are not just a Linux thing, if you care about it that much, you'll want them for a Windows only network as well. As for firewalls, if you're at all competent, you should be able to set one up for Linux without any particular trouble, for free. Set up the rules once and you probably don't have to fiddle with them again.

And no, people don't work for free, so I'm curious why you're only counting that when it comes to Linux, I doubt very much that Windows Admins work for free.

Re:security is a system, not in a product (1)

smpoole7 (1467717) | about 2 years ago | (#40116633)

These two statements:

> linux isn't secure by itself. you have to configure it to be secure
> and you still have to buy firewalls and all kinds of appliances to monitor traffic ... make me suspect that you've never actually used a good, modern distribution. To address your latter point (as MightyMartian does elsewhere below), you do NOT have to "buy firewalls and all kinds of appliances," unless you just want to. Our company recently upgraded to Zimbra (the free community build) running on CentOS 6 and we retired our Barracuda Spam Firewall. We just don't need it, saving us several hundred dollars a year in subscription fees. I monitored it very closely for a the first few weeks after going live with it, but now I just check it every other evening or so. Works like a champ and I don't worry a whole lot about someone cracking it. :)

Now for the first point. Any of the major distros that I can think of off the top of my head -- Red Hat/Fedora, SuSE/OpenSuse, Ubuntu, or whatever -- has a default install that is VERY secure. Red Hat even includes the (NSA developed) SELinux, and Suse includes AppArmor. (Not sure about Ubuntu, I don't use it.)

I'm very glad the Windows has finally gotten its act together and has become more secure, but let's face it, it took years. While they were figuring out that it MIGHT not be a good idea to allow someone execute code from a freekin' email, I was learning how to use Linux. Now I'm married to it and don't plan to get a divorce. :)

Re:security is a system, not in a product (1)

autocannon (2494106) | about 2 years ago | (#40116777)

More important than security is productivity. Remember, IT knowledgeable people do not run companies, MBA fuckwads do. And those people don't care about security, they care about productivity. Security is something they care about when shit hits the fan. IT people need to care about security first, but they don't exactly go around making final decisions about the company do they??

Windows is king because people know it, and everyone has it. There's no learning curve when hiring new people. Linux and all it's various flavors presents additional hurdles for employees. Some people just aren't ever going to figure it out. Call them dumb, but it's irrelevent because they won't be fired for it and it will add even more work for the helpdesk people to guide them through any trivial efforts.

been done before (5, Insightful)

inode_buddha (576844) | about 2 years ago | (#40116297)

This has been discussed ad nauseum here over the last decade.
  One big reason why things are the way they are, is that corporate types want somebody to blame when things go pear-shaped. There's not many linux companies of enough size to handle that. Just RedHat and SuSe.

Another reason is yes, the apps. The simply *must* have MS Access and integration with the whole Office suite. Anything that doesn't have this is likely a non-starter.

Re:been done before (5, Interesting)

smpoole7 (1467717) | about 2 years ago | (#40116685)

> corporate types want somebody to blame when things go pear-shaped

I think that's part of it, but an even bigger part is just sheer inertia. Budgets are tight, the economy is still struggling, and even though Windows costs a little more, a lot of PHB's figure they'll just hire people who know how to use Office and Outlook and be done with it.

BUT ... and here's the real reason I popped in here; I've been dying to say this for some time now. :)

I think this is changing. Our own company, as recently as three years ago, was still buying standard laptops with Windows and Office pre-installed. We are now migrating over to iPads and Android tablets. The privacy issues concern us somewhat, but I think this is going to increase in the future. People are willing to learn new "apps" to replace what they used under Windows, too.

I think Microsoft had better be very, very worried about this trend. Years ago, most people who bought computers demanded Windows on it. Nowadays, people buying pads and tablets and they are perfectly willing to use something other than Windows. Most significantly, when someone introduces a smart phone or tablet with Windows on it, the marketplace is saying, "ho, hum."

Especially among younger users, Windows is viewed as, "like, SO 1990." :)

Re:been done before (0)

Anonymous Coward | about 2 years ago | (#40116755)

Not to mention SharePoint.... (true story: less then six months ago, it was pointed as a major reason to "not even consider the adoption of a different SO" at the IT unit where I was working).

Re:been done before (3, Insightful)

npsimons (32752) | about 2 years ago | (#40116963)

One big reason why things are the way they are, is that corporate types want somebody to blame when things go pear-shaped. There's not many linux companies of enough size to handle that. Just RedHat and SuSe.

Hmm, well then they better not have too close a look at any of MS or Apple's EULAs. They're all "no indemnification" and all that. Good luck suing MS or Apple, or even getting a response unless you already paid out the ass for a support contract.

The simple fact of the matter is that when it comes to big companies and technology, the ones making the "corporate" decisions are blithering idiots. Think about it: where are the smartest people you know working? Either they are actually getting (fun) shit done (eg, engineers solving problems), or they are in charge of their own startups (and how many startups go with MS?). Also, as someone else mentioned, there are some other large factors known as "mindshare" (why do you think MS gives deep discounts to college students) and bribes. If there were any justice in this world, MS would have gone out of business ten years ago due to everyone seeing through their BS. The depressing reality is that PT Barnum was right (and even that is a good example of mass ignorance: Barnum didn't say that, his opponent Hull did).

Usability (5, Interesting)

krslynx (1632027) | about 2 years ago | (#40116303)

If you've got things to do, learning how to operate a Linux system is low on the priorities. If people start finding hiccups because of the differences between Linux and Windows they'll rapidly complain to tech. support, who will soon fold under the pressure of people not being able to meet their commitments due to not understanding their workstations.

Linux isn't the top dog because it's 'more secure' than Windows, it's not the top dog because it's not as well known as Windows. I see more people using Mac in the workplace now, and with the popularity spike in BYOD I would suggest that if Linux were to become more user friendly, Linux would be slowly be adopted anyway.

We should remember that >60% of servers run Linux, versus Windows.

Security by obscurity, not by design (-1)

Anonymous Coward | about 2 years ago | (#40116305)

Security breaches have a payoff, usually involving money. OSX has few breaches because it's a bad investment, same with linux. People target bigger market shares, the rest takes the philosophy of security by obscurity.

Re:Security by obscurity, not by design (0)

Anonymous Coward | about 2 years ago | (#40116461)

Yes, but you have to realize that most of those breaches require unpatched vulnerabilities and those are going to be on Windows machines most of the time. Just moving to another OS is sufficient to ensure a higher level of technical competence in most cases.

Windows = Easy + User Friendly (1)

Anonymous Coward | about 2 years ago | (#40116309)

Windows is easy and that's why they use it.

Re:Windows = Easy + User Friendly (4, Insightful)

X0563511 (793323) | about 2 years ago | (#40116407)

... but it really isn't! If you can manage to find someone with zero experience, Windows does not magically make sense to them.

Re:Windows = Easy + User Friendly (0)

Anonymous Coward | about 2 years ago | (#40116875)

I work for a fairly large corporate company and there are very, very few people anything that have no Windows experience.

Re:Windows = Easy + User Friendly (3, Funny)

plover (150551) | about 2 years ago | (#40116967)

... but it really isn't! If you can manage to find someone with zero experience, Windows does not magically make sense to them.

We seem to have no problem finding an endless supply of Windows "admins" with zero experience. I don't know why you think that's such a big deal.

Re:Windows = Easy + User Friendly (0)

Anonymous Coward | about 2 years ago | (#40116629)

so is fast food, and you calculate just the calories not reviewing the source code, right?

Re:Windows = Easy + User Friendly (4, Insightful)

Bill Currie (487) | about 2 years ago | (#40116719)

No, windows is not user friendly. It's actually very user antagonistic. It is, however, corporate (particularly *AA) friendly.

Rather than not being user friendly, Linux's problem is it is too user friendly: it's easy to get lost in the choices.

Most windows users want their hand held. Corporations want to use handcuffs. Windows provides the handcuffs.

Office (0, Flamebait)

wile_e8 (958263) | about 2 years ago | (#40116323)


The formats are a de facto standard, Open/LibreOffice aren't completely interoperable 100% of the time, and no one ever got fired for using the solution that works best with the documents/spreadsheets everyone else is creating.

Re:Office (5, Interesting)

theshowmecanuck (703852) | about 2 years ago | (#40116547)

Office, plus things like Visio and MS Project. And I don't care how much someone argues, Dia is nowhere near a good a product to date as Visio. And there is nothing in the Linux world that even compares to MS Project. There are some apps with 'project' in the name that might even look a little like MS Project, but nothing that can compete. ERD tools are another thing. Yes there are a bunch that run on Linux, but even a mid to low price Windows offering like Toad Data Modeller is head and shoulders above anything you can find for Linux. And the multitude of financials software out there runs on Windows not Linux.

Software vendors simply don't want to deal with the GPL if it means there is any chance that they will have to give away the code they spent hundreds of thousands, if not millions of dollars to develop. You will find them occasionally making software that will also run on OSX, but again the license there won't force them to give away anything. And I know there is the LGPL, but it still has GPL in the name which rightly scares the vendors. And with the way some of the more rabid FOSS people are, vendors don't want the worry of a v4 of the GPL and/or something that deletes the LGPL, etc. Unless vendors can be guaranteed to make money on their investment they won't write top level code for Linux, and without top level apps, people won't use it... except for programmers who have made tons of decent apps to work on the platform they code entereprise apps for (not the client apps that the bosses use).

Re:Office (2, Insightful)

alexander_686 (957440) | about 2 years ago | (#40116735)

I work in financial services and we are addicted to Microsoft Excel.

I get "relational data" in Excel spreadsheet form from outside vendors all of the time. I can't even get them to send me the data in a flat text file so Excel won't chop off the leading (and necessary) zeros.

It is what everybody knows.Not the way it should be, but that's life.

To use the bad car analogy... (1)

CajunArson (465943) | about 2 years ago | (#40116331)

This is like saying: Some companies have prevented their drivers from parking their cars in the bad part of town (i.e. the cloud). These guys all drive Fords, but I drive a Chevy. So why not leave my Chevy in the bad part of town instead!

Oh wait...

I'm pretty sure DropBox runs its servers on Linux, but that's completely beside the point. Guess what's more secure? A fileserver that you own and physcially control that happens to be running Windows that's properly configured with strong ACLs and sits behind a VPN gateway... or a Linux powered PHP CMS setup that is leased from one of your competitors and is accessible to anyone who can guess a username/passwor combo?

Guess what: that example doesn't mean that "Linux is not secure" or that "only Windows is secure" either. Frankly, BOTH can be insecure and BOTH can be secure based on the usage and competency of the people who set them up.

Must we ...? (2, Insightful)

Anonymous Coward | about 2 years ago | (#40116333)

Must we really re-hash windows vs linux? Must we?

Fear of Backdoors? (5, Insightful)

JoeMerchant (803320) | about 2 years ago | (#40116335)

If I were a too busy to be bothered executive, my high level opinion of the hobbyist operating system would be that it's bound to be full of backdoors put in by the coders. What's worse, is when those backdoors cause my golden parachute producing institution serious financial harm, there's nobody to sue. At least if Microsoft were to do something dastardly, there's a few billion in assets to get the lawyers worked up over.

Re:Fear of Backdoors? (0)

Anonymous Coward | about 2 years ago | (#40116819)

Times are a-changing, my friend...

Re:Fear of Backdoors? (0)

Anonymous Coward | about 2 years ago | (#40116821)

Linux isn't a hobbyist OS. Hasn't been in over a decade. A RHEL or Suse license costs plenty, and you definitely get a strong warranty against backdoors.

Re:Fear of Backdoors? (0)

Anonymous Coward | about 2 years ago | (#40116839)

If I were a too busy to be bothered executive, my high level opinion of the hobbyist operating system would be that it's bound to be full of backdoors put in by the coders. What's worse, is when those backdoors cause my golden parachute producing institution serious financial harm, there's nobody to sue. At least if Microsoft were to do something dastardly, there's a few billion in assets to get the lawyers worked up over.

This is why business execs should not make technical decisions. It is the same reason they do not practice medicine. They should hire someone who is technically competent, put them in charge of getting results, hold them accountable, and let that person do whatever best fits the situation. That wouldn't always be Linux but it often would be.

Here are a few reasons (1)

dougsyo (84601) | about 2 years ago | (#40116337)

Enterprise management capabilities, genuine software (Office, in particular) as opposed to "compatible" or "capable" software, familiarity, upper management, vendor packages that require MS servers, and relative lack of people that can "fix things" along with their regular responsibilities, are just a few reasons why.

Re:Here are a few reasons (1)

the eric conspiracy (20178) | about 2 years ago | (#40116609)

Having an application like Office is completely irrelevant to a security infrastructure.

Security Space and W3Tech's's latest surveys came up with a > 60% market share for Linux servers. I imagine the people to support it are equally available.

That of course doesn't mean squat when it comes to security. Great security means one thing - having great people managing and implementing security.

One reason (2)

gallondr00nk (868673) | about 2 years ago | (#40116343)

One reason is because in many cases your system is only as good as your administrator. Bad linux admins are worse than competent Windows ones.

The only thing secure about Linux is Linux (0)

TubeSteak (669689) | about 2 years ago | (#40116353)

The security problems are from everything else you want to run on Linux.
Linux as, a complete platform, ends up just as exploitable as any Windows installation.
Or do you not recall the hacking of Kernel.org and Linux.com?

Linux servers/users are just as likely as Windows users to be running their OS & software without being fully patched.

Re:The only thing secure about Linux is Linux (1, Flamebait)

nzac (1822298) | about 2 years ago | (#40116527)

The security problems are from everything else you want to run on Linux.
Linux as, a complete platform, ends up just as exploitable as any Windows installation.
Or do you not recall the hacking of Kernel.org and Linux.com?

Linux servers/users are just as likely as Windows users to be running their OS & software without being fully patched.

Seriously are you a registered shrill? so much vague FUD.

While some of what you say is true they are used way out of context to imply things they really don't prove.
So most Linux insecurities are from third party apps* but the only example you provide is a privilege escalation exploit.
*This is still a theoretical argument.

I see what you did there. (1)

thePowerOfGrayskull (905905) | about 2 years ago | (#40116357)

such as: 'My company deals with financial services. We are not allowed to access Dropbox either.' So why isn't Linux the first choice for all financial services?

Wait, what? What does one have to do with the other?

To answer the question - based on my own time served working in the financial industry - it comes down to support. They want the security of the big-time support contracts. Sure, there is Red Hat and others - but frankly, Red Hat's marketing machine isn't nearly as good as Microsoft's.

That being said: we upgraded to Windows 2000 on employee desktops from OS/2 Warp. At that time, enterprise Linux didn't have the same maturity that it does now. By the time we looked again, we had built a very involved application ecosystem using VC++ and MFC. The cost of porting it (or replacing it, which would have been better) was in the tens if not hundreds of millions. There's no way anybody was going to make the call to do that - better to go with the flow.

More importantly - Windows XP (finished upgrading a couple-few years ago) and even 2000 simply did not present us with major security flaws in any way that put our business at significant risk. All of our users had locked down non-admin privileges, and were tightly restricted in what they were allowed to do. The vast majority of these users (and we're talking 10s of thousands) didn't even have email access. Internet access was to a small list of whitelisted sites.

Windows, like Linux, is secure when properly managed. And until recently, Windows provided better tools for easily managing a secure installation on an enterprise scale.

Few reasons (4, Insightful)

Sycraft-fu (314770) | about 2 years ago | (#40116379)

1) Trying to run away from good security practice by going to something you perceive to be less targeted or better able to save you from yourself isn't a good idea. Hate to break it to you but really Windows itself is pretty good security wise these days. If you are having trouble the question to be asking yourself is what is wrong with the way things are set up. To me it is like having your house robbed and moving to a new neighbourhood, rather than locking your door at night. We run a mixed environment at work, and we don't have many Windows security issues, despite it being our big OS. Reason is we have a good security setup that provides defense in depth. We have real proactive security, not ostrich security.

2) Because often the products businesses need aren't available for Linux. People will point to half-assed alternatives because said half-assed alternatives are the best they can find. "Just write your own," is completely unfeasible to many companies, and uneconomical to others. If you'd save $X in terms of security issues and licensing but spend $X*10 to develop and support your software that does what you need, it isn't a good move.

3) Because Linux doesn't always, maybe even not usually, have a lower TCO. In our environment it requires a hell of a lot more fiddling than Windows to make it work. Our Linux lead spends a lot of time hacking around with things to make them work right, and dealing with customized setups (which we do a lot of being a research university) is a pain. I spend way less time fiddling to make Windows work, and not because I'm smarter to better than him. He's damn good. It just seems to be more trouble to get Linux to do what we need, the enterprise support tools aren't as robust.

Remember that security is only one facet of cost, and also remember Linux doesn't provide perfect security. You can argue if it is better or not, though many of the better arguments are just arguments of less targeting. Things like malware that the user has to download and run, an OS can provide no defense against that short of trusted computing or the like.

So you have to look at what it would cost and save in total.

Also as I said, really security talk needs to be about defense in depth and how to prevent problems, not about trying to run away from them. Security failures WILL happen, anyone who's done physical security know there's no such thing as a perfect defense, everything is fallible, and you have to have layers and you have to monitor and adapt to maintain good security.

I would rank a place high security that runs Windows but does things like: Have regular users run deprivileged and not hand out admin accounts. Have a good, but sensible password policy and use two factor authentication. Have all systems patched regularly and quickly and monitored. Run a host based firewall on all systems. Run an on access and on download virus scanner on all systems, centrally monitored. Run a network based firewall and IDS, maybe even more than one. Segments servers from workstations and only allows the access needed. Proactively monitors for problems. And so on.

I would rank a place low security if they just run Linux, give local users sudo, and say "Have fun, Linux is safe!"

Linux could potentially help with security, that would need to be evaluated by someone competent case-by-case. Linux does not give good security, it is layers and a process, not a magic bullet.

iPhones also banned at IBM over Siri worries (2)

Bushido Hacks (788211) | about 2 years ago | (#40116395)

It's stories like this that make me wonder why IBM isn't laying off people instead of HP. (Truth: HP wouldn't need to lay off so many people if they could tell people how to swap the crappy batter on the HP Touchpad. Then again, Meg Whitman is Carily Fiorina 2.0 now with Romney cues.)

But IBM has has also rejected allowing anyone from using an iPhone at office meetings over concerns that Siri may be spying on the company.

Also, remember a few years back how IBM was so eager for businesses to switch to Linux? Clearly they're not following their own advice considering they were hacked last week according to The Hacker News.

We can't move forward if everyone is taking steps backward.

old stereotype (1)

Anonymous Coward | about 2 years ago | (#40116399)

These days Windows is no less secure than Linux. May be even more secure, for the gung-ho attitude of Linux enthusiasts towards security issues doesn't make any good. Microsoft, on the other hand, takes security quite seriously.
Linux doesn't come close to Windows in the choice of business applications. I myself am a long time Linux user: switched over 10 years ago. It certainly became more usable in those years, but is still pain in the ass some times.

Maybe they are (1)

drinkypoo (153816) | about 2 years ago | (#40116401)

some claim [highbeam.com] (I'm not about to pay to read the article) that Linux is being used more. ISTR something about Solaris being taken up more in banking too, but that was long ago, before the Oracle buyout. Nobody with half a fucking brain is even considering putting Sun equipment into their infrastructure if they don't already have some.

Problem is the user, not the OS (4, Interesting)

gman003 (1693318) | about 2 years ago | (#40116403)

At least at the level of "business desktop", I believe "user stupidity" is a far bigger threat than "insecure operating system". Yeah, for a ___ server, or firewall, or really any sort of system managed by trained, competent people, the OS or applications may indeed be the bigger risk, but on the desktop? All it means is that instead of attaching bank_of_nigeria__withdrawal_forms.pdf.bat, they'll attach bank_of_nigeria__withdrawal_forms.pdf.pl when running a scam.

Linux is not a magic security bullet - such a thing simply does not exist. No OS is unbreakable. My company found that out ourselves, when we discovered just how completely '0wn3d' a particular clients' Linux servers were - let's just say the guy who configured them is now fleeing the *country* to escape the gross negligence and breach-of-contract lawsuits (when your job description is "keep these servers up-to-date and secure", and they're still running a version of Debian from '02 and participating in Anonymous DDoS attacks, you've failed).

Windows also, I have to admit, has gotten much better at security compared to the 95/98 days, or even the XP SP0 days. Linux still has a security lead, but that lead is now orders of magnitude smaller (especially since Linux, at least for certain distros, seems to be trading security for usability).

Are you unable to grasp the article? (0)

Anonymous Coward | about 2 years ago | (#40116405)

This is not about Windows, or Unix, or Linux, or OSX. This is about 3rd party apps, and their connectivity to the internet. Does Linux magically prevent Drop Box from sharing files? Does Linux magically prevent company data from moving offsite? This is about "Cloud" apps, not about Microsoft. Your reading comprehension falls below minimally accepted levels. You are banned to Facebook. Now GO! Stop Posting here. Further more whoever approved this article should stop working here.

Under 30 minutes (0)

Anonymous Coward | about 2 years ago | (#40116413)

It don't matter to me what software you use. If inclined I could crack just about anything in under 30 minutes. The problem isn't the software, it's people. People are trivial to fool, especially the ones who have a false sense of security, ie. people using a non-mainstream OS because they think it's impervious. Just remember, locks are made to keep honest people out.

Re:Under 30 minutes (1)

lewko (195646) | about 2 years ago | (#40116897)

Whilst I bow in front of your 31337 hax0r skillz, you are wrong about locks.

BAD locks (cheap, easily defeated) are only good to keep honest people out. That does not mean all locks are easily defeated. ANY system badly implemented would suck. I would happily race a well hardened Windows system against a badly installed *nix setup (albeit the latter is probably a bit safer straight out of the box).

Your premise is wrong. (4, Insightful)

GNUALMAFUERTE (697061) | about 2 years ago | (#40116427)

Unix is actually very popular where security is a concern. Most of the internet runs on some variety of Unix.

Same in business.

But the reasons it's not even more widespread are:

a) Management and HR are clueless, and so they implement the wrong policies and hire the wrong people.
b) Microsoft spends a lot of money on getting people hooked on their technologies, including getting most universities to teach their crap, so many sysadmins are clueless regarding anything outside Microsoft.
c) CTOs get bribed. Those bribes determine what technology they buy. The FSF doesn't have much money to waste on bribes, but many corporations do.

...Cuz Windows... (5, Insightful)

AndrewX (680681) | about 2 years ago | (#40116457)

One of the parts of the otherwise totally asinine "Zen and the Art of Motorcycle Maintenance" that actually did stick with me was the story about some little part of a motorcycle that can be replaced with just a little piece of tin can if it breaks, and in some ways it even works better if you do. But, in the auto parts store it costs $15. The point is this guy's friend would never consider using a piece of tin can on his bike, and would always buy the expensive part every time because he's the kind of guy that associates paying for something with quality. You could never convince him that a free alternative to anything could be better, because then why would anyone ever pay for it? And since there's these successful and widely popular companies selling the widget for lots of money and making a killing, they must be doing something right that can't be offered anywhere else. Having dealt with enough executive types that make decisions like these for large companies, they are almost universally this type of person. It's not that free can't be better, it's just out of their comfort zones. Really, I think it stems from faith in capitalism. Windows is it because its the big one that everyone uses, and that means everything to some people (unfortunately).

Re:...Cuz Windows... (2)

AndrewX (680681) | about 2 years ago | (#40116557)

In other words, some people think that if something is free, then there must be something wrong with it because if it really was as good or better, someone would be making money on it. So they won't give it a chance, and go with the popular and expensive one because that's "what they know".

Re:...Cuz Windows... (0)

Anonymous Coward | about 2 years ago | (#40116635)

1. you make the replacement part out of tin can
2. charge him $15 for it.
3. profit!

At least for IBM... (4, Interesting)

fuzzyfuzzyfungus (1223518) | about 2 years ago | (#40116469)

I suspect that, for large enterprises, 'security' as measured by 'how fucked it is after 6 months of clueless use by Joe Pornhound, his wife Jenny Incredimail, and his son Timmy Warez' is basically irrelevant.

Home users are basically helpless cattle; but they are also low value targets. If a drive-by download or a trivial trojan can't land some malware, they are safe. If it can, they are helpless.

Your enterprise, on the other hand, likely has the desktops locked down good and hard, firewall and IDS and people paid to care. However, they are a high value target. It is plausible, indeed quite likely, that they are getting actual human attention, from actually competent attackers, customized payloads, possibly even the honor of having one or more zero-days used against them. They are also much more likely to be running complex, web-facing applications, where the security may not rely on the underlying OS that much at all(how many sites have been exploited purely through more-or-less OS agnostic attacks on their CMS?)

In this scenario, it isn't entirely clear how much better Linux is than Windows(and, also, it isn't necessarily the case that the desktop OS matters nearly as much as the competence and vigilance of the chaps watching the network for funny business).

Visual Studio and Windows Forms (1)

Anonymous Coward | about 2 years ago | (#40116507)

Although Eclipse is a good IDE, Visual Studio simply feels more polished. Dev managers like the idea of a robust visual debugger. And Windows Forms has much more fancier (and useful) controls than Swing or anything in the Java world.

One could argue that providing component libraries of complex GUI controls is a lot of what Microsoft is about. That's a big issue in financial services, where they develop and use rich clients instead of (or in addition to) web apps.

Now, you might argue that Swing (or SWT, etc) is cross-platform, while Windows Forms isn't. Yes, but that's not an issue for big corporations because Windows is on everyone's laptops and desktops.

Because Security is not a priority for Linux (0)

metrix007 (200091) | about 2 years ago | (#40116543)

Linus and more so Greg K-H have said so.

Security is not a priority. A security bug should be treated like any other bug. Which is bullshit. A bug that can allow full compromise of your system is obviously more severe than a bug that maybe uses up more memory than it should. Especially with Linux being used in a server role more than anything.

Not to mention the dev team seems somewhat anti-full-disclosure, advocating keeping vulnerabilities secret, or at least not publicly disclosing/admitting them until they decide to/feel like fixing them.

Linux is fine for a desktop, but without some sort of MAC(in which case it would surpass most competing platforms when it comes to security), it's worse than Windows.

I need to know what vulnerabilities are on my system, when they will be fixed, and to know that the developers have security as a priority. Sadly, that describes Microsoft far more than it does Linux.

Bring on the troll mods.

Re:Because Security is not a priority for Linux (5, Informative)

VortexCortex (1117377) | about 2 years ago | (#40116913)

No, you're wrong. Every single day I get updates. The "bug" I submitted to the patch for in Linux? It was patched in 2 weeks. The "bug" I submitted the whitepaper and proof of concept code under "responsible disclosure" to MS? It's been 2 years, and some of my unsavory friends who worked on the bug with me are now exploiting it. UPDATEs, FASTER. Linux wins.

Applications (3, Interesting)

chill (34294) | about 2 years ago | (#40116549)

People use computers to run applications. The operating system should be chosen to support the applications they need, not the other way around.

Business already has too many problems with Mac fanatics insisting on using Apple products. The main issue is they demand the computer/OS *before* seeing if any of the applications used at the office are supported. Ass backwards.

However, the question in the article was a non-sequitur. The use of cloud services has absolutely nothing to do with operating system of choice. It has to do with losing control of data.

Case in point, IBM didn't say "You can't use Dropbox on Windows", they said "You can't use Dropbox". Yes, there is a Linux client for Dropbox.

As for the Lawyers . . . (2, Informative)

Anonymous Coward | about 2 years ago | (#40116553)

I can't speak for the financial advisors and banks, but for the lawyers, it is inertia. In 2000, when I graduated from law school, the firm I worked at still used Word Perfect 5.1 on Windows 97. They were convinced in 2001, to upgrade to Windows 2000. Even then they ran Word Perfect in a DOS box. They kept this for two reasons. The first was they didn't want to retrain their legal secretaries. Document formatting is very important and intensive in legal briefs, so you need to know the word processor in much greater detail than to write a term paper. The second reason is that they had purchased a customized version of Word Perfect that integrated with the accounting software the firm used. This was not easily duplicated. When they finally did upgrade to Word, they had to buy a whole new accounting package, and the conversion process, including training, took months.

I suspect that what keeps law firms, and most other professionals, from making a switch to Linux is the desire to avoid the unknown and the learning that goes with it. That is bolstered by the fact that every industry has some killer app that just doesn't exist on Linux.

It's about support, not technology (0)

Anonymous Coward | about 2 years ago | (#40116575)

Sorry for the anonymous post. I'm a regular /. reader but infrequent poster. It really comes down to convenience and support, not technology. I've worked in IT for a while (pretty much my adult life) and have been a Linux user/open-source advocate for over a decade now. The reason open-source OS's like Linux and BSD arn't dominating is support. This is why Redhat dominates the commercial Linux market, even though long lived distributions like Debian (my personal favorite) rival it in features and security, for free. Businesses generally quantify in monetary terms. Spending money on something that you can quantify, like support and a general expectation of performance (true or not), is an easier "sell" to management. Tech oriented companies generally don't have financially biased opinions, which explains why Linux and BSD excel in the web and mobile markets but stalwarts of industry stick to commercial solutions, such as Microsoft. But that's just my 2 cents...

Because ... (0)

PPH (736903) | about 2 years ago | (#40116585)

... Linux is for geeks. Geeks know their way around an O/S. And that knowledge costs money. Windows is easy. You can run the boss' idiot nephew through a few courses, get him his MCSE and put him to work. Not that all Windows admins are idiots. Some are quite smart. But the labor pool is much larger and that helps to hold the price down.

Is a Linux desktop *really* that much more secure? (1)

hythlodayr (709935) | about 2 years ago | (#40116655)

Or is it security by being a minority (e.g., think Apple)? I'm betting even an OpenBSD workstation is prone to become compromised once it's handed over to the average "user", who'll want to download and install unvetted software (etc.). And really, what do I know about the majority of the smaller software packages in the Ubuntu Software Center?

Re:Is a Linux desktop *really* that much more secu (0)

Anonymous Coward | about 2 years ago | (#40116801)

Yes, but you could also hand the computer directly over to a black hat hacker as well. Doesn't mean the system is any less secure by default, it just means that you're a fucking moron. The operator is always going to be a factor.

Linux isn't more secure (1)

hawguy (1600213) | about 2 years ago | (#40116671)

Linux isn't really more secure since the weakest link is always the user. There's nothing inherent in Linux that makes a Linux user less likely than a Windows user to type in his password when he sees a website popup a window that says "Disk Corruption Detected. Please enter your password to automatically fix it".

Even if the linux kernel and root owned files are secure from the user, it doesn't matter since if I want to compromise a user I don't need to write to /bin/*, I just need to write to his ~/.profile (or whatever startup scripts he runs). If there was money to be made in hacking linux (like, say, if every investment banker ran Linux as his desktop), there would be plenty of malware targeting linux.

Linux is mostly security through obscurity - aside from a few remote exploits (ssh vulnerabilities, apache vulnerabilities, etc) that can be used to take over servers, there just hasn't been a concerted effort to target Desktop Linux with malware because there's not much payback in it.

The cloud is the problem, not the client. (1)

nicoleb_x (1571029) | about 2 years ago | (#40116707)

The ability to upload customer data to the cloud is the issue. I have no idea why you think this has anything to do with the client OS.

you're looking at it backwards. (1)

retchdog (1319261) | about 2 years ago | (#40116747)

the security they want in this case isn't to keep people out; they have separate firewalls for that... it's to keep their employees and their data in.

i don't know how easy it is to lock-down windows, but i assume there are some industry standards for it. are there vendors of certified locked-down linux? that's what it would take. by definition, they can't trust their own IT to do it, after all.

Because linux is secure (0)

WaffleMonster (969671) | about 2 years ago | (#40116765)

If anyone thinks their favorite general purpose operating system is secure they are dellusioned fools. They all fail every last one of them. No exceptions. The only thing you can do is lock your shitty bug laden OS down to minimize your exposure.

The next time you think Linux is secure browse filter your favorite distributions software update database by security fixes and go running home in tears to your mommy.

Re:Because linux is secure (2, Insightful)

Anonymous Coward | about 2 years ago | (#40116869)

One word: OpenBSD. It is more secure. You can debate the reasons all day long. But the fact of the matter is, even an OpenBSD box running SSH, SMTP, and HTTP services isn't going to get hacked. Forget remote root exploits. Let's talk about local root exploits, which are found regularly on Linux and Windows. OpenBSD? The most recent local root exploit, circa 2009, didn't work on the then current--or prior--release. Thus it was tagged--arguably improperly---as a reliability fix.

So it's not that bugs aren't found in OpenBSD. It's that their "proactive security" mantra has substance to it. The developers see where the state-of-the-art hacking techniques are going, and cut them off at the pass with counter measures. Contrast this with Linux or Windows, where they react after the fact; and after countless people have been p0wned.

Linux and Windows code is chock full of amazing algorithms and sophisticated hacks. OpenBSD code tends to be extremely dumbed down. If you're concerned with security, you want the dumb code. The more sophisticated the code, the harder it is to debug. The old adage that anyone who codes to the best of their ability is by definition incapable of debugging that code rings true.

Ease of management? (1)

gtirloni (1531285) | about 2 years ago | (#40116769)

I manage hundreds of Linux *servers* and I wouldn't consider running Windows on them. Period.

But I've the impression that managing thousands of Linux *desktops* distributed cross several departments with users requesting little changes and you name it.... would be a huge mess to manage. Again, totally subjective opinion based on what I've seen being used but never used myself... it seems easier to manage a network of thousands of Windows desktops with the M$ tooling.

Anyone got experience managing both OSes in a huge network and cares to weight in?

How did this get to the front page?? (1)

FSWKU (551325) | about 2 years ago | (#40116797)

'My company deals with financial services. We are not allowed to access Dropbox either.' So why isn't Linux the first choice for all financial services?

The problem is that your question makes absolutely no sense whatsoever. "We can't use Dropbox, so why doesn't our company use Linux"? Banning cloud services has nothing to do with what OS you prefer. It's all about restricting ways users can get potentially confidential data offsite to places the employer can't control. That's it. End of story. Turning this into a Linux vs Windows debate not only strains logic, but hurts your cause. You're feeding the stereotype that Linux users are nothing but unruly zealots who try to cram their ideology into any conversation, regardless of wether or not it's invited or warranted.

Not to mention the submission is flat out absurd from a logical standpoint. "My employer doesn't allow cameras in the building. So why don't more companies have an on-site cafeteria?" makes about as much sense. Seriously, timothy...were you asleep at the wheel and just blindly posting whatever came across your screen? How about you may me to sit there and look at submissions instead. I'd at least put some actual effort into it.

what world... (0)

Anonymous Coward | about 2 years ago | (#40116803)

what planet does this guy live on? linux is used all over in the business world. maybe the author needs to experience life in IT or something.

Vulnerable telcos, networks, operating systems (1)

quarkscat (697644) | about 2 years ago | (#40116865)

That IBM would reject Cloud storage is totally understandable, or at least I understand it. The most sensitive information My Company would want to preserve from prying eyes is stored on Hollerith Cards pre-positioned in RFIDed burn bags. Everything else is stored on an internal fiber optic ring network on a robust ftp server running patched Novell 4.0.1. & Unix Services. Try to match that for a category of ancient information security (and no, cuneiform-engraved-into-beeswax-on-stone doesn't count).

Now, you young whippersnapper, get off my lawn ...

Been asking for 20 years ... (1)

Spiked_Three (626260) | about 2 years ago | (#40116907)

OMG. You are the first person to ever think of this, NOT. And the results show the results. Many have tried, none have been successful. When I hear Linux people say "it works fine for me" it usually means "I don't do very much, and not anything more complicated than notepad."

Anyone doing more than that has had to 'fix it themselves' for something.

90% of business is interested in deploying for the least costs. That means buying off the shelf, and having an install of additional products that work. I know you will not admit it but, Linux is broken off the shelf 8 out of 10 times. It requires admins that are much more rare than dime a dozen MS admins to spend days/weeks getting a stable platform. Then go to which web site and buy what software? The huge vast majority is written for windows. There is some for the Mac. I do not know of 1 web site store, that sells commercial software for linux, so it ends up being even more buggy untested non-QA open source junk. Sure there are a few decent open source apps, but not many. And I don't know of any outside of server oriented stuff.

Until you recognize the obvious truths, you will keep asking why, and keep getting the same answer. It is no big secret, open source, with few exceptions, does not come close to matching commercial software. Why should/would it? By the very definition you can not make money creating it, so how good is it ever going to be? A tiny success here and there in a small part of a very large market. It is an OS for and by people wanting to tinker with the guts. It fits some disciplines (Robotics/ROS) but not day to day business users.

There are exceptions (1)

Anonymous Coward | about 2 years ago | (#40116919)

The financial services company I work for (a super-major one) has a policy of replacing all licenced Windows-server boxes with RHEL. Windows will stay on the desktop for a while yet but wherever possible it's being replaced server-side. Contrary to the Slashdot "clueless manager theory", architecture generally decide upon the solution, not management. Where's there's policy in place for a particular product it's because there is a Procurement preferred-supplier policy.. but once again, this is usually decided by architecture/infrastructure, perhaps for reasons of compatibility or support, but not because mythical Pointy-haired bosses have anything to do with it.

PS The question is a totally bullshit assumption, that the business world "barely know of" Linux/Unix. Sure it's not on the the desktop but it's basically everywhere that it counts. There's just no-one to toot Linux's horn in the media when it wins one over Windows

Posting anonymously because system privacy IS taken very seriously in financial services

Futile (1)

Beryllium Sphere(tm) (193358) | about 2 years ago | (#40116921)

If it has a browser, and has Flash or Adobe PDF plugins, it's vulnerable.

Software repositories free of spyware are a boon, but any corporate system is likely to be locked down anyway so users can't install software.

Linux desktops do benefit from being a smaller target. That's a fragile kind of protection that I'd hate to call "security", but as one friend of mine put it, "I'll take that!"

You want real security? (1)

mikein08 (1722754) | about 2 years ago | (#40116951)

Use VMS. A properly administered and monitored VMS system is the most hackproof I've ever seen (admittedly I've no experience of IBM mainframes).

They do use Linux. (5, Informative)

colonel (4464) | about 2 years ago | (#40116953)

I've worked for some of the largest banks in the world, and:
1.) They use craploads of Linux.
2.) They're going to stop using Windows.
3.) They'll never use dropbox.


1.) They use craploads of Linux.

Just about every bank has declared Linux to be the future for application services, with a few exceptions for specific applications. Accounting will stay mainframe for a very long time, Collaboration will remain MSExchange for a very long time, Sharepoint probably as well, and rinky-dink one-off applications may still run only on Windows servers, but only if those apps come from software shops built by math/business/commerce geeks (algo stuff, etc.). Most databases, report generation, records keeping, document management, webbanking backends, and other banking stuff will continue their current trend of UNIX-to-Linux. Some banks are 20% along their UNIX-to-Linux projects, some are at 80%, but I don't know any that aren't on that road.

I think you were talking about desktops, though, not the datacenters and server farms. That's a very superficial way to look at banking computing. Banks do not use Windows machines to do banking, they use Windows machines as desktops for running Exchange, and Office, and banks are thrilled that they can *also* use those same pieces of hardware as dumbterms for people to SSH/Telnet to some banking applications and also access the newer applications through the browser. But, if it wasn't for Exchange and Office, they wouldn't use Windows, they'd use Linux thin clients. I actually know one bank that's trying to migrate people to Google Apps for just this reason, but it's really hard, because bankers really do love office/exchange.

2.) They're going to stop using Windows.

But they're not going to go to Linux. The banks are all calling it "BYOD" for "Bring Your Own Device." Bankers really, really, really want to use Mac desktops and iPads and Android phones and ditch Windows -- but there's no way they'll switch to Linux on the desktop unless that Linux is called Android. So, the banks are currently running well-funded projects to replace all their Windows-desktop-only applications with web-based apps that'll work from any browser, and also throwing lots of money at companies like Good Technology to be able to get iPads and Android Tablets in to the workplace.

Microsoft is trying to use Office360 or WTF it's called so that they can still sell stuff to banks that have ditched Windows on the desktop, but there's going to be lots of turmoil over the next 5-10 years as that progresses. Windows on the desktop in banks is effectively dead already -- I know 3 banks that have decided to stick with XP on the desktop instead of upgrading to Win7 because the Win7 upgrade costs are better spent in moving faster to this better future.

3.) They'll never use dropbox.

Banks are required to log everything, and logging everything you upload to dropbox and everyone that downloads it and all of that crap is so expensive that you should find out what the approved tools are for doing what you want to do. Most banks will allow SFTP/SCP between trusted endpoints if the right people sign the right forms. In my experience, dropbox is only ever requested in banks by someone that wants to break the law and is too stupid to know what law they'd be breaking.

Dropbox blocking is not something IT decided to do, it's something the lawyers required IT to do, and it has nothing to do with "security" in the way that there are "security" differences between operating systems. It has to do with the kind of security you have in the lobby that would ask questions if you started walking out the door with canvas bags that have dollar signs on them. If the banks allowed dropbox, naughty employees would copy documents to home that their daytrader spouses would use for insider trading (seen that more than once).

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account