Anger in the Linux community over Symantec find

There is great gnashing of teeth and spiting of tacks in the Linux community after Symantec released a report that claimed that penguin boxes were more likely to be spam-senders.

Symantec’s MessageLabs Intelligence Report for April used a technique called ‘passive fingerprinting’ to identify the operating system of a spam-sending machine, then calculated the ratio of spam from a given operating system compared with its market share.Symantec  then divided by its shoe size and worked out that Linux systems originated five percent of spam, compared with 92.65 percent for Microsoft Windows systems.

However the point was that since Linux only has one percent of the operating system market share, as opposed to 91.58 percent for Windows, the figure is five times more than it should be.

Symantec said that calculating a ratio of spam from a given operating system compared to the market share, we can get a ‘spam index’.

The resulting calculation gave Linux a “spam index” of 4.99, compared with an index of 1.01 for Windows.

So in otherwords Linux is a spam trap in comparison to proprietary software.

You will understand that being compared unfavourably to Windows is not something a Linux user likes. In fact the figures do not show that Linux is being disproportionately targeted by spammers, or that it is less secure than Windows.

What it seems to say is that Linux is disporportionately used to run email relay systems.

Mat Nisbet, a malware data analyst with Symantec said that such relays have been set up without following basic anti-spam precautions.

However other security researchers say that the whole report is not worth a bunch of fettered dingo’s kidneys.

PC World  quoted Tyler Reguly, lead research engineer for nCircle, who pointed out that if Symantec was using passive fingerprinting on mail coming into a server, Symantec wouldn’t necessarily have an accurate fingerprint of the host sending the mail.

It was also acknowledged that much of the Linux attributed spam could be coming from direct marketing emails. These would most likely be mailed out through a proper mail server, which is quite likely to be running Linux. Whoops.

Andrew Brandt, lead threat research analyst at Webroot said that the Spam Index feature in the report appears to overemphasise a problem which has little to do with the operating system.

True, Linux servers can be misconfigured to be open mail relays quite easily but this makes no difference to the merits of the operating system under the bonnet.