ARRL Web Site Publishes Questionable Virus Notice

ARRL should not be publishing this sort of notice,  because ARRL does not have the expertise to determine its legitimacy or correctness. In the case of Linux, virus warnings should come only from the producer of your Linux system: Ubuntu, Debian, Red Hat, etc. These people are responsible for removing any holes that allow a virus in, and will tell you how to update your system correctly. Linux is not Windows, and does not depend on third-party virus scanners for its security.

The company that published the virus warning has a commercial interest, in that it produces commercial virus and security programs and services, and these notices have the purpose of promoting their expertise (if they are right) and thus selling their products and services. The Open Source developer community provides these products and services at no cost, and the providers of your Linux distribution generally use the Open Source ones. They will update their systems as necessary to remove the threat, and will publish their own warnings as appropriate.

If you would like to learn more about this issue, please read this guide to responsible disclosure of security issues.

If you trust unauthorized sources to instruct you on the security of your Linux, Windows, or Mac systems, it will be a short time before one of them instructs you to perform some action which defeats your security. ARRL should know better.


    Bruce Perens K6BP (Co-founder of the Open Source movement in software.)