January 10, 2006 5:00 AM PST

Novell delivers security shield for Linux computers

Novell plans to release software on Tuesday that is designed to make it harder for new attacks to compromise existing Linux-based computers.

The software, called AppArmor, is one of several products in the security realm based on the idea of mandatory access controls. The technology limits a running software program's privileges only to those absolutely necessary.

Novell's chief rival, Red Hat, has been adding such features into its product through the use of SELinux, added to Red Hat Enterprise Linux in 2005.

The AppArmor software is available for download and will be integrated into OpenSuse on Jan. 19, Novell said. It's based on software Novell obtained when it bought Immunix, a Linux security company, in 2005.

AppArmor lets an administrator create a profile that describes which files a given application may use. The software then enforces that profile. Consquently, if a remote attacker takes over that application, it's more difficult for the attacker to use the application for malicious purposes, such as taking over the entire computer.

Novell argues that AppArmor is "much easier to use than SELinux," according to the project's Web site. Policy generation is automated, configuration can be handled through Suse's YAST tool, Novell said. In addition, the performance penalty--a measure of the effect of the software on a system's performance--ranges from 0 percent to 2 percent compared with SELinux's 7 percent, the company added.

AppArmor is being released under the General Public License, or GPL, Novell said.

See more CNET content tagged:
Novell AppArmor, Novell Inc., GPL, Linux, Red Hat Inc.

15 comments

Join the conversation!
Add your comment
That's odd....
For all I hear about the security of Linux (no viruses, etc.) you'd hardly think this would be needed.

Of course, the only reason Linux isn't hit as hard as Windows with viruses is that it is so insignificant in the number of users affected.

After all.....who wants to egg a house that nobody lives in?
Posted by Jim Hubbard (326 comments )
Reply Link Flag
Security through obsecurity...?
Not likely.

I don't think you'd find many that claim Linux is anymore (or less) secure than Windows. The only secure computer is one that is....

I think the difference is in the respective user populations. Users of *nix are likely to be more security conscious than users of Win*. Users of *nix are likely to implement such features as those outlined in this article. Users of Win* are likely to download the latest shareware, blindly open email attachments, and not keep virus definitions and app\operating system patches up to date.

As to the egging, I am perfectly content to live in an egg and tp free house, even it means having to deal with interoperablity issues with the rest of the civilized world. If I lived in a "network neighborhood" where I was constantly getting egged, I think I'd find a new neighborhood.
Posted by (3 comments )
Link Flag
linux has more server share
Linux is on about 30% of servers so it's not 'obscure.' Actaully the government has just published this report. They even down UNIX in favor of Linux becaseu UNIX is closed source. So Sun Solaris would fit into their scheme because it is opensource now.

<a class="jive-link-external" href="http://www.desktoplinux.com/news/NS9678543684.html" target="_newWindow">http://www.desktoplinux.com/news/NS9678543684.html</a>

It is also on about 5% or more of the world's Desktop PCs so I wouldnt call that a too small a market share with China looking to adopt it right now.

Also this rarely happens to Linux because of the quick pathching etc. and alao the better initial security that Firefox and opensource browsers provide. As well as browsers following specific standards that opensource follows unlike MS.

They said IF a hacker takes control over a competer which rarely is a problem and if it was is fixed qucik enough where system backups shouldnt take down an entire network or cause major soical trouble and costs.

Come on, join the train :)
Posted by Blito (436 comments )
Link Flag
re
They are generally speaking of an applciation flaw, not an OS flaw. Things like buffer overruns. When this happens, someone can add in executable code to the stack frame, or change the return address, so something else runs. While it is an easy error to avoid, it is extremely common, making the bulk of the security flaws, regardless of the OS.

Windows has crappy memory and user management, so when a poorly written piece of code gets attacked, the result is more damage.

In Linux and other systems, it is minimized due to the way permissions works.

In this new system, it takes the current permissions and tightens it more.

You comments about Linux not being exploitable because it is a target is so ignorant it really doesn't deserve a response. It has been debunked countless times. Bottom line: Linbux is more secure because it was designed from the ground up to be secure. Securit in windows is an afterthought(even in vista)
Posted by Bill Dautrive (1179 comments )
Link Flag
The propaganda veil slips
I'm synchronizing this article into laptop AND my external pocket drive as I type...

next time I have to listen to some Linux (or apple since as they say it is a linux shell) freak talk about how they have no security issues etc Ill be able to maybe shut them up for 1/10 of a second with this....

of cours they'll point out that its not really needed but just an update to the existing forms of perfection....


zzzzzz
Posted by The user with no name (259 comments )
Reply Link Flag
Windows fanboy?
Yup, I thought so. Another Windows fanboy.

Nobody claims that Linux has no security issues. They claim, quite accurately, that it has fewer. If you lump all versions together as was done in the latest reports, it looks worse. Separate them, however, and you will find that each distribution shows fewer problems than Windows.

Linux is more secure. Unix is more secure. They were built that way.
Posted by ddesy (4336 comments )
Link Flag
Mmmm
Strange. Apparently some people are so accustomed to reacting on threats that they think it is weird when threats are stopped before they occur.

Go on chasing viruses on your windows brick
Posted by Steven N (487 comments )
Link Flag
Never enough security sofware ?
Obviosly security software is never enough.
Posted by kalimero74 (3 comments )
Reply Link Flag
Linux security......?
Linux fans cannot go back on what they have been saying in the past. All you hear in the forums is how Linux does not have any security issues. As much as in some posts to new users, Linux advocates even suggest not having to use any security software with their systems! I know it is nice to have your cake and eat, but sorry, it doesn't work very good that way.
I dual boot XP and Suse 10.0 just to learn and keep up with it. I download as many or more, updates and security updates, for Suse as XP. Thank you for my broadband in both! Pretty much I can do anything on Suse Linux as I can do on XP, as long as I am always on Internet. Programs that I need for my business and inventments, can only be found on XP. And even if they were in open source, I would be hesitant to use them if they did not come from a reputable company that would charge us for support. So again, where are the savings?
The learning curve is pretty high also. I am still fighting to get Suse(forget about telling me about other distros. I found Suse the easiest install and best usability of several I have tried.) to work with my wireless correctly, not to shut down my PC when some program crashes, etc.
As for Windows, the biggest mistake MS has made has been to keep Windows backward compatible to DOS and previous Windows versions. They should have allowed legacy software to die and start a new Windows OS from scratch. That could have created a safe and more secure environment. Windows users like myself are part of the blame for Windows security problems. Just this past weekend I loaded a game that I bought in 1996 for Windows 95 and it played great on XP. Try that with, for example, an Apple game that you bought in 1996, try to run it on OS X.

Like another posting said, once, if ever, Linux gets a decent market share of the desktop market, you will see an exponential increase in the number of threats in Linux.

Again, Linux fans, do not react violently to my observations. Thay are just that, my personal observations of the attitude of many Linux supporters in forums and my personal experiences with Windows and Linux.
Posted by El Dominicano (4 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.