Con Zymaris conz at cyber.com.au
Thu May 6 12:56:02 UTC 2004

[feel free to disseminate this to other lists]


For Immediate Release.


Australia -- 6th May, 2004

Since the 'Sasser' worm hit the Telstra BigPond network at 1AM Saturday,
1st May, Australian computer users have suffered major disruptions, with
thousands of home and business users running Microsoft operating systems
infected and others experiencing network congestion.

No users of the popular open source operating systems such as Linux and
FreeBSD have been infected. Nor were Apple Mac OS X or Unix users. As
with the 'Blaster' worm in 2003, users of many ISPs have experienced
network congestion and sluggishness.

Blaster, along with Slammer, Netsky, CodeRed, Bagle, Mydoom, Magistr and
hundreds of other nasty pieces of malware, only infect Microsoft
platforms and applications. The 'Sasser' worm is therefore only one in a
long line that exploits well-documented vulnerabilities or design flaws
within Windows and its apps. Other operating systems such as Linux, Unix
and Mac OS X do not experience this constant series of security

"Open source operating systems are reliable and secure," stated OSIA
spokesman Stephen Jenkin. "The number and frequency of viruses and worms
affecting Microsoft operating systems and applications in particular is
completely out of proportion to their market share. Those wanting to
exploit weaknesses will always pick the softest targets, and on the
Internet that's consistently the same platform: Windows. Open source
platforms suffer far fewer problems of this sort, even when they
constitute the majority for a given platform space. For example, the
Apache web-server has three times the market share of Microsoft's
equivalent, but when was the last time you heard of a serious attack on
Apache systems which infected the tens of millions of Apache servers
on the Internet?"

Claims by vested-interest software vendors that open source software is
less secure than closed source are exposed as a fallacy by the
robustness and reliability of Linux, FreeBSD and Apache in the face of
the constant stream of worms and viruses on the Internet. Additionally, 
malware constitutes a serious TCO expense for Windows users, which open    
source users do not have to pay.

"Sasser has thus far infected millions of systems, including American
Express, the UK Coast Guard and Australia's Westpac Bank," added fellow
OSIA member Steven D'Aprano. "With even a nominal cost allocated to
repair the damage caused by Sasser, the cost to industry, government and
consumer could be hundreds of millions of dollars. Infestations such as
Sasser leave the ICT industry looking inept and incompetent in the eyes
of managers and ordinary computer users worldwide. It also makes these
users more hesitant to move further into the online world, which is an
additional detriment to our industry."

The first worm, by Robert Morris Junior, son of a senior NSA computer
security expert and Unix pioneer, occurred in 1988. Even though it was
not malicious and accidentally escaped from a lab, it brought the
Internet to its knees for a few days. It directly caused the creation of
a number of agencies, primarily CERT - Computer Emergency and Response
Team. What the Morris Worm did clearly demonstrate is that there are
substantial advantages for any organisation in using operating systems,
middleware and applications from more than one codebase. Organisations
who had a variety of platforms were able to keep part of their
computing infrastructure going.

"A homogeneous environment, one with only Microsoft platforms and
applications, is the worst from a security and survivability
perspective," continued Jenkin. "It's the same as having a whole wheat
field made up of genetically identical plants. Introducing a propagating
virus into just a single plant could be enough to wipe out the entire
crop, as happened in the Irish Potato Famine. This same process applies
to computer systems. By designing your network so that half of your
organisation's computer systems are open source Linux or BSD Unix, you
will ensure that some of your computer systems will always survive the  
next major malware outbreak, meaning your business stays in business."  

- - -

About Open Source Industry Australia

OSIA is the industry body for Open Source within Australia. We exist to
further the cause of Free and Open Source software (FOSS) in Australia
and to help our members to improve their business success in this
growing sector of the global Information and Communication Technology   
(ICT) market.


Contact: Con Zymaris
Phone: 03 9621 2377
Fax: 03 9621 2477
Email: conz at cyber.com.au

- - - END - - -

Con Zymaris <conz at cyber.com.au> Level 4, 10 Queen St, Melbourne, Australia 
Cybersource: Australia's Leading Linux and Open Source Solutions Company 
Web: http://www.cyber.com.au/  Phone: 03 9621 2377   Fax: 03 9621 2477

More information about the linux-aus mailing list