Why the media loves to exaggerate Linux security problems

In today's open source roundup: The media makes money by exaggerating Linux security problems. Plus: Is Android too much like a PC? And Linux Mint 17 name and release date announced

There have been a lot of media reports about Linux security problems recently. ZDNet has taken a stand and pointed out that the problem isn't with Linux, the problem is with certain Linux users and administrators. I'd also argue that the problem is also with certain media outlets who jump on the "linux security stinks!" bandwagon at the earliest opportunity.

I couldn't blame you, if -- based on recent headlines such as "Linux worm Darlloz targets Intel architecture to mine digital currency" and "Botnet of thousands of Linux servers pumps Windows desktop malware onto web" -- you thought Linux was as full of holes as Windows XP. If you take a closer look, you'll find that Linux isn't the problem. No, the real security hole lies with some of Linux's administrators and users.

The moral of the story? If you hand the bad guys user ID and passwords, of course, you're going to get hacked. Linux, FreeBSD, Windows Server 2012 -- the operating system doesn't matter. If you leave your front door open, a crook will walk in. As security guru Bruce Schneier wisely said way back in 2000, "Security is a process, not a product."

More at ZDNet
Linux Security Botnets
Image credit: ZDNet

I've learned to take media reports about Linux security problems with a huge grain of salt. In the past I've had a knee-jerk reaction to them, and that has not proven to be wise. Always remember that in the media "if it bleeds, it leads" and you'll understand why sensationalistic headlines involving Linux security get thrown around with reckless abandon.

It's much better to step back and calmly evaluate the reality of the situation instead of depending on the media to present facts in stories involving Linux security. Facts often tend to be boring, and don't make for compelling clickability in headlines. It's much easier to blast out a scary headline than it is to put problems in perspective in a reasonable and thoughtful way.

I covered this in a column a while back called "Desktop Linux: The Presstitutes Strike Again!" and what I said then remains true now. It's not just Linux that gets this treatment though, take a look at how Apple is treated in the media. You'd think the company was down to its last dollar, and that its sales had utterly collapsed if you believe some of the silly stuff in the press.

On and on it goes as one media outlet after another seeks to get your attention, clicks and ad revenue. Sensationalistic headlines often do get a lot of clicks, and that brings in ad revenue as people load the page in their browsers. Never underestimate the importance of this when you see an over-the-top headline, it's click-bait for you and other readers.

I think it also has a lot to do with taking down a perceived winner in one technology category or the other. Certainly Linux has had a very good reputation when it comes to security, so any potential security problems are a terrific excuse to do a take-down of Linux and knock it off its security pedestal.

This is a problem that I don't think will ever end. It's just too tempting a revenue opportunity for some media outlets to pass up. So the distorted headlines will continue and readers will become more and more cynical as they realize that they've been deceived.

The best way to deal with this sort of thing is to avoid clicking on deceptive headlines, if at all possible. If you recognize a trend toward that sort of thing from a media outlet then it might be a good idea to skip reading content from that site.

Is Android too much like a PC?

Speaking of security problems, InfoWorld takes on the issue of Android and its open nature. Is it a good thing or a bad thing that it's similar to a PC in some ways?

1 2 Page 1