SAN FRANCISCO (CNN/Money) -
Did you get hit? I did. So did my grandfather and a few of my friends. The MS Blaster and SoBig worms made a lot of noise and left a lot of damage in their wakes, once again elevating the issue of computer security -- and the seeming lack thereof -- to the hot topic of the day.
Go ahead, open your newspaper. I guarantee you'll find rundowns on the FBI's efforts to track down the authors, techy postmortems about how the worms were created, and financial tallies of the damage they wrought.
With all the news coverage and full-page mea culpas from Microsoft (MSFT: Research, Estimates), I've noticed something missing: any sort of response from the Linux community. It seemed on its face a tremendous opportunity for companies such as IBM (IBM: Research, Estimates), Red Hat (RHAT: Research, Estimates), and others to call attention to their products' security features.
Companies like Oracle (ORCL: Research, Estimates) and Sun (SUNW: Research, Estimates) are (in)famous for taking out full-page ads that poke fun at the foibles of their competition's products. Where were the open-source advertisements? Where was the ironclad penguin?
"The open-source community hasn't learned to do bare-knuckle marketing yet," says John Pescatore, vice president for Internet security coverage at Gartner. "But every time Microsoft has these problems, it helps Linux in a very big way."
In some areas, Linux really needs the help. While Unix-based programs dominate the server market, on the desktop (where these worms dig their holes), Linux is still a virtual nonplayer. According to the latest data from Forrester Research (FORR: Research, Estimates), only 0.2 percent of desktops are running Linux, while 96 percent run Windows programs, and the remainder run Apple (AAPL: Research, Estimates).
|Recently in Tech Biz
"If you're a virus writer, there's no glory in attacking Linux on the desktop," says Forrester Research's Ted Schadler.
Another reason for the muted response is that when it comes to security, many companies have found that poking fun at your competitors' weaknesses is not looked upon favorably.
"The Linux community doesn't want to be seen as ambulance chasers," says Gartner's Pescatore, who points to the diminished market share of such companies as Sun and Network Associates, both of which aggressively promoted their products after the Code Red Nimba virus of 2001. "Companies that don't follow etiquette rules in security lose share."
Etiquette and naïveté aside, however, perhaps the biggest reason Linux companies haven't touted their products' security advantages is that it's unclear right now how much of an advantage they really possess.
Consider this: The Computer Emergency Response Team (CERT) released data showing that 16 of the 29 security advisories it released last year involved Linux or open-source products.
"The level of a product's security is inversely proportionate to its position in the marketplace," says Charles Kolodgy, a research director at IDC. "If Linux had a 50 percent market share, you'd see more Linux vulnerabilities exposed."
That puts the Linux community in a bit of a pickle. It desperately needs to grow its desktop market share and continue its server-based gains. Even if Linux code isn't inherently more secure than Microsoft's, as some analysts I spoke with assert, it does hold key advantages over Windows -- namely, that it can be fixed quickly and on the cheap, so a virus's damage can be contained more easily.
Calling attention to that, however, could make Linux more of a target for hackers. For now, it seems the best Linux marketing strategy is to keep the emperor out of sight, and assure the minions that he is, in fact, clothed.
Sign up to receive the Tech Biz column by e-mail.
Plus, see more tech commentary and get the latest tech news.