Now before anybody gets defensive after reading my post subject, I love ubuntu and linux and FOSS. I am asking here more as a messenger-- I am trying to promote linux and FOSS adoption by my college (I am a full time faculty member and I have known the person in charge of the college network for two decades); the main concern he has is whether linux/FOSS would be secure, free of malware, compared to MS-Windows and commercial software like MS-Office. His concern is over whether open source can be trusted.

The main application needs of the college (we are talking many computers here--faculty offices, staff, administration, library computers students use, student computer labs) would be the operating system itself (I would love to see Ubuntu adopted, but if there is a more secure and viable distro so be it--to get any linux adoption would be major!), OpenOffice to replace MS Office, and very importantly groupware for email, etc. The operating system would need to allow for centralized installs and backups of data and configurations-- I am sure I read somewhere recently that there is just such an open source app for Ubuntu.

So the question of the relative risk of malware and general network security seems to me to be limited to the Linux distro itself, OpenOffice, open source groupware, and the centralized network administration of the PCs.

Any comments, help, links, etc. appreciated, so I can help answer the concerns of the person in charge at my college. Currently my college uses MS-Windows XP, MS Office, Novell Groupware (but we are switching to MS Outlook); a horrible combination for someone like me who likes linux! Luckily I teach all by internet and from home and wifi now, so I do not need to personally use the MS products.

This may not be what your looking for, but....

At my college everything is being replaced by Sun thin clients and Sun Servers. Everyone still uses windows, but now we access it though terminal services. I don't see us getting rid of Windows, as much of the software we use is in Windows (not to mention the academic alliance), but it is a step.

I think the thing is that most students (and faculty) are familiar with Windows and MS Office and if they have a computer at home are more likely to have the same. I think it has a lot to do with compatibility and what people are comfortable with. I don't see them changing anytime soon (although I applaud that they now have Star Office alongside MS Office)

I suppose the problem here is that if you have access to the computer and know what your doing you have root access.
This is true for any computer, not just Linux, so if this is a concern, it's also a concern if they're using Windows.

This is true for any computer, not just Linux, so if this is a concern, it's also a concern if they're using Windows.

That is true, I'm not sure why I left that in there, I was debating a much larger paragraph on that topic but decided against it. Removing it now.

:EDIT:

On that note, what happened to strikeout (Line through the middle of words)? This would be a good case for that.

So the question of the relative risk of malware and general network security seems to me to be limited to the Linux distro itself, OpenOffice, open source groupware, and the centralized network administration of the PCs.

general network security is a broad topic with lots of components interacting so you're not going to get an easy yes-or-no answer here. Having said that, Linux was designed for networking whereas Windows was designed as a stand-alone single-user system, and had networking added to it afterwards. Linux therefore has more than enough tools and configurable options to create a safe networking environment, and the multi-user nature with a clear distinction between users and admins of course helps as well.
Downside : a lot depends on how sane the "defaults" that come with the distro are, and the sysadmin/network admin's skills ...

I'm sure you know viruses are not an issue. worms are also not much of a problem, although the first ever worm was a Unix program and did do quite some damage to the internet of those days.
Other malware ? web-based threaths depend on your browser more than on your OS, but even then, as long as you're not running a browser as root, there's very little a web-based script can do. In a Windows environment, users often run as admin for convenience or have more elevated priviligues than on a Linus ssystem so malware can do more damage, and the security zones in IE have been know to be less then bulletproof.

So, all in all, if the people you need to convince are concerned about security, this is going to be a walk in the park :)

You, being the one that proposed the FOSS alternative and therefore the one to blame if anything goes wrong, should be aware that
1- users can screw up security big time (I've seen people usernames and passwords in requests for help).
2- you'll need capable IT staff with an adequate understanding of how to implement things in Linux in a secure way.
3- security is not your only concern. As the previous poster pointed out, migrating the users is a project in itself.
4- not every feature of every tool in Windows has a Linux counterpart so if your IT staff expects a drop-in replacement for Active Directory GPO's or Microsoft SMS, you're in for some serious trouble

Hmm, a complex problem.

First ensure that your servers are secure. Do use long random passwords. I use 16 character semi-pronounceable passwords.
Secondly, you are going to need an information service and your choice is pretty much between Sun NIS and MS Active Directory. NIS has the advantage that it can work through NAT firewalls, while Active Directory (and Exchange) cannot.
If you choose Active Directory, then you can make Linux machines work with it using Samba and Winbind: http://aeronetworks.ca/LinuxActiveDirectory.html
Management of machines is best done using SSH, but Webmin is also an option for the clicketyclick crowd.

I hope that helps a little!

Cheers,

Herman

I'm not sure what there is to add to the security side besides any system will be more secure if competently secured as opposed to secured by amateurs.

Is there a case for converting certain back-side and server-side functions to Linux? Maybe or even probably. At the least, why pay for Windows when there are F/OSS alternatives which provide much of the same functionality?

In terms of core services, email is not a major issue as there are even (I have read, not sure which) versions where you can still have web access to your email--critical for the college student away from their desk or who does not own a computer. IMAP and SMTP have been around forever.

Calendering is a different story . . . I really haven't run into anything on that front. I'm pretty sure Lightning/Sunbird can sync to a remove calender, but I've no idea how extensible that is. It says it can use iCalender and CalDAV for calendars located on the network. If the main calendar users are staff and faculty who can be reasonably assumed to be tied to a particular machine, then this isn't a major issue.

Access to central server space for students (my uni allots everyone .5 gig of space on the central server) is most likely doable (Samba?) even for people using Windows and Mac.

I know there are projects out there explicitly intending to replace Blackboard . . .

Otherwise it's probably on a case by case basis. Some things will be easier than others and there are probably even some of these things that can be piloted on the Windows servers prior to investing in Linux racks to run it all on.

The other issue to consider is that there may be no or little need or desire to convert the user-space to Linux, at least all in one shot. I would suggest trying for a lab or two here or there with Linux on it as a pilot. Get the bugs worked out, track some usage statistics. As crazy as this might sound, a Linux lab that's never used is always more expensive than a Windows one that is for the simple reason that there's no return on investment.

Good luck--but please bear in mind this will probably take years to do well as it will need to be done in small pieces to ensure continuity of service.