Novell Home

SUSE Linux Enterprise Desktop

Strengthen Security

SUSE® Linux Enterprise Desktop 10 delivers the most secure desktop computing platform available today. Beginning with its heritage in the UNIX world, and adding the strength and manageability of the leading application security technology, SUSE Linux Enterprise Desktop gives you the peace of mind to focus on innovating instead of defending.

AppArmor®, which is included with SUSE Linux Enterprise Desktop, ensures a more secure platform than Windows Vista. In fact, some of Vista's security features are so intrusive that many reviewers–including those from Yankee Group 1 – think users may simply turn them off. AppArmor protects applications and systems against attacks and latent defects by isolating and controlling all applications that face the network. Many desktop applications communicate with the outside world through open network ports, leaving the applications and their host vulnerable to attack. AppArmor addresses threats inherent in many essential desktop applications by detecting and isolating unusual behaviors, while remaining transparent to applications.

When you think of Windows security, infamous viruses, worms, and long delays in patching come to mind. Security flaws cost organizations hundreds of millions of dollars per year as they patch Windows and install new service packs (SPs) marketed as providing better security. This approach to security costs businesses and employees enormously in lost productivity. Gartner estimates that Windows security vulnerabilities have increased desktop TCO by as much as US$200 per user per year. 2

Why is Windows an inherently insecure operating system? There are two main reasons:

  1. Windows was designed without security as a key principle and was allowed to grow into a monolithic collection of code (more than 50 million lines today).
  2. Applications such as Internet Explorer have been tightly integrated with Windows, providing an intruder broad access to the system if the application is compromised via a security flaw and the user is running with administrator access control privileges. With so many users running with administrator privileges, security risks can become severe.

Microsoft claims that it has improved the security of Vista over its previous versions of Windows. It has done this by adding security features at the upper layers of Vista. However, improving operating system security without a complete re-design and re-implementation is nearly impossible. Time will tell if Vista proves to be more secure than previous Windows desktop operating systems, but the fact that Vista contains much of the older, insecure code does not bode well for it.

Moreover, computer security researchers and hackers have already begun to find serious security flaws in Windows Vista. 3 In December 2006, a Russian programmer discovered a flaw in Vista that makes it possible to increase a user's privileges. Following this discovery, a Silicon Valley computer security firm said that it had found the same flaw, as well as five other vulnerabilities, including one serious security vulnerability in the new Internet Explorer 7 browser. The browser's flaw means that Web users can become infected with harmful software merely by visiting a malicious site.

In May 2006, Yankee Group issued a report on Windows Vista security. Its conclusions include the following 4:

  1. Vista's security features may be so user-unfriendly as to delay users' adoption of them.
  2. Microsoft's attempt to improve security in Vista is significantly off the mark.
  3. Vista did not close some of the biggest Windows security vulnerabilities such as those in Active X, NetBIOS, RPC, IIS and others.
  4. Clamping down on security and eliminating backwards compatibility (the source of many security problems) will cause tens of thousands of applications that rely on these legacy APIs and functions to stop working.
  5. Software developers testing early versions of Vista indicate that the intrusive nature of the security features, such as User Account Control (UAC) and User Access Protection (UAP), could turn off IT administrators and users.
  6. Some Vista security features require a user to gain permissions to perform tasks that are easily done today. Rather than go through that hassle, users may simply ignore or turn off the features, making Vista no more secure than earlier versions without those features.
  7. Many third-party applications will need modifications to run on Vista, possibly delaying their availability by as much as a year after Vista is released.

Unfortunately, security concerns in Windows Vista remain just as prominent as in past Windows releases. SUSE Linux Enterprise Desktop from Novell is the compelling alternative to Windows Vista. Because Linux is inherently more secure than Windows, and by utilizing advanced security technology such as Novell AppArmor, SUSE Linux Enterprise Desktop offers the most secure desktop computing platform available today.


Notes:
1 http://www.eweek.com/article2/0,1895,1958355,00.asp and    http://www.itjungle.com/two/two051006-story01.html

2 http://www.symantec.com/enterprise/library/article.jsp?aid=automating_patch_management

3  http://www.nytimes.com/2006/12/25/technology/25vista.html?ex=1324702800&en=49a6ffcc2da87302&ei=5090

4 http://www.eweek.com/article2/0,1895,1958355,00.asp

Take a Closer Look

  • Use the Reviewers Guide to guide your exploration of all the features of SUSE Linux Enterprise Desktop in greater detail.
  • Want to see SUSE Linux Enterprise Desktop in action? Check out the product presentation and demos.

Talk to us about SUSE Linux Enterprise Desktop 10. 

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.