Just under a month ago, the official distribution site for the Linux kernel was taken offline following an embarrasing malware incident.
The brains behind the Linux kernel discovered malware on the PC of at least one kernel maintainer, as well as on some of the kernel.org servers themselves. (Yes, Linux malware. Not only in the wild, but on kernel.org!)
The good news is that kernel.org is back online. It’s not all roses, though. As the site itself remarks:
Thanks to all for your patience and understanding during our outage and please bear with us as we bring up the different kernel.org systems over the next few weeks. We will be writing up a report on the incident in the future.
I’m not sure whether the site’s extended recovery time is a positive or a negative result.
Clearly, the kernel chaps have refused to rush their comeback. That’s good.
But with many weeks already past, and some weeks still to go for a full recovery, you’d be forgiven for asking, “Where’s the legendary malware resilience in Linux itself?”
Nevertheless, whether you think the glass is half full, or half empty, I hope you’ll join me in saying, “Welcome back, kernel.org.”
I think historically Linux (/kernel) developers are much more serious about bugs and malware and would rather take the time to make sure everything is in order instead of just rushing it back online and risk another issue. My bet is that the new servers are getting a much more substantial security treatment as well and that simply takes time to get right. Measure twice, cut once.
"Where's the legendary malware resilience in Linux itself?"
Let's say that this was no ordinary incident. That the malware was engineered specifically to target the Linux sites, not just for embarrassment value, but for espionage or to cause damage. If this guess proves accurate, then there really is no Linux malware out there in the wild spreading with viral intensity, covering vasts areas, or decimating vast populations of computers- a la MS virus.
As far as I'm concerned, Linux retains its legendary resilience.
"Where's the legendary malware resilience in Linux itself?"
The author is "Sophos's Head of Technology, Asia Pacific", so the above question perhaps means: "you would really be better off buying Sophos's anti-malware".
I'm pretty happy using Linux (for home and office) for more than 15 years. In fact over that time I bought one copy of Windows XP, explicitly for gaming – the only field MS system might be considered better than Linux, IMHO. My WinXP isn't configured for the Net, because of the "well-known malware resilience in MSWindows itself".