(This page uses style sheets.)
This page posted 17 August 2000
In Computer Weekly, 29th June 2000, a letter from Sophos Anti-Virus Laboratories claimed that viruses exist for Linux. Eddie Bleasdale, Director of netproject, has asked Sophos to demonstrate these viruses on a Linux computer that netproject supplies. Sophos has refused.
'We have been working in the Unix area for over 20 years.' said Eddie Bleasdale 'During this time we have never encountered a Unix or Linux virus nor have heard of any organisation that has been infected by a Unix / Linux virus. We need to stop the fear uncertainty and doubt that the anti virus companies are trying to create around Linux.'
Eddie Bleasdale does not doubt that viruses can be written for any operating system. What is different about Linux, compared with Windows, is that there is no need for anti virus software because controls exist to ensure that only authorised software runs on a correctly configured and administered Linux computer. These controls do not exist for Windows. 'We believe that Linux is pretty much bullet proof and if Sophos are able to infect a well configured Linux box then it will uncover an implementation defect rather than a design flaw. Anti virus software simply treats the symptoms and does not address the fundamental design weaknesses that allow viruses.'
The challenge to Sophos is to send an email with attachments. These will be read and attachments opened. There will be no anti virus software involved in this demonstration. The demonstration can take place in the laboratories of Sophos.
'We believe that this is a fair challenge and it is not one that Microsoft would be prepared to offer. Viruses are a fact of life with Windows because of the design defects and the complacent attitude Microsoft has to security.' said Eddie Bleasdale.
So far Sophos, despite having claimed that viruses exist for Linux, has refused to demonstrate them on any Linux computer that Sophos has not configured. The response received from Sophos is:
'I don't have any response other than that which I have already given you. I'll give the same response to any journalists who might call me up. I don't have any more to say on the matter. I think it will be a waste of our mutual time if you email/phone Sophos on this matter again.
Regards
Graham Cluley, Head of Corporate Communications, Sophos Anti-Virus
email: gcluley@sophos.com http://www.sophos.com'