Linux Security and Patching: Are You As Safe As You Think You Are?

Guest Contributor: Aravind P R E, Product Consultant, ManageEngine

A common question posed by enterprises when it comes to defending against cyberthreats is “Which operating system is most secure?” There are only a few major operating systems (OSs) available, so enterprises aren’t left with many choices. Out of the big three OSs, one has to be the most secure — right? Across enterprises, the most prevalent OSs are:

  • Microsoft Windows, the most popular OS among the three, but also the one with the most vulnerabilities.
  • macOS, the Unix-based OS that powers Apple systems.
  • Linux OS, which covers all Linux distributions (distros).

According to statistics from NetMarketShare, 88 percent of all computers run on Windows. This OS’s widespread use makes it an easy target for malware, as seen with the WannaCry and NotPetya attacks in 2017. And contrary to popular opinion, macOS is not immune to attacks — in fact, Mac malware is on the rise. That leaves Linux which, unlike Windows and macOS, has open-source development. Out of the box, Linux is much more secure since it has a global community of users who review the code and make sure there aren’t any bugs or backdoors present.

Linux is one of the safest OSs in the industry right now; for this sole reason, many servers are being deployed with Linux OS rather than the conventional Windows OS. According to Wired, around 67 percent of web servers worldwide run on Linux. Linux security isn’t easy to breach, but it is still susceptible to malware attacks, including those from applications installed in the systems that have root access; these are the applications that have the potential to spread malicious packages in Linux OS. Based on reports from AV-TEST, by the end of the second quarter of 2016, the malware detected for Linux alone had increased two-fold when compared to the previous year. That’s why businesses that run Linux OS need to understand the importance of Linux patching.

How Are These Linux Vulnerabilities Being Tackled?

Linux patches and hotfixes are released periodically to address bugs and vulnerabilities. For example, Red Hat Enterprise Linux (RHEL) has released 452 security advisories this year.

A Patching Solution for Linux Security

Manually checking for update releases from OS vendors and applying them is a cumbersome task. The real problem arises when organizations have multiple endpoint systems connected to their network. What IT admins need is a good Linux patch management solution that is versatile and has a vast repository of supported software applications so enterprises can have peace of mind when it comes to Linux security.

Choosing the Right Patch Management Tool for Linux

The ideal patch management solution for Linux is a well-rounded product that not only offers great reliability but also complete control over patches. Admins must be able to deploy, roll back or decline patches for a specific group of machines. Since BYOD policies are making networks more diverse, admins should also look for a solution that supports all the major flavors of Linux in addition to Windows and macOS. Below are some more patch management features to look for:

  • Patch testing and approval to avoid deployment failure.
  • Policies for scheduling patch deployment.
  • Predefined reports for patches, systems and configurations as well as customized reports.

Cyberthreats can weaken the most secure OS, even Linux. Automated patch management gives enterprises the security boost they need to keep delivering quality products and winning customers’ trust.

Aravind P R E is a product consultant at ManageEngine, a division of Zoho Corp. He is an ardent follower of happenings in the cyberworld and a tech geek with a love for motorcycles. For more information on ManageEngine, the real-time IT management company, please visit; follow the company blog at, and on LinkedIn at, Facebook at and Twitter @ManageEngine.