Rogue Linux Installs on the Rise

Computerworld - A recent encounter with the Mumu worm continues to cause my company's security team great frustration, because new infection reports keep trickling in. And as if viruses weren't enough, we now have another problem.
As for Mumu, most of the company is aware of the outbreak. We've communicated specific instructions via e-mail and an intranet Web page on how to detect and remove the virus. And at this point, the desktop support department has taken over responsibility for dealing with this issue.
But while cleaning up Mumu in remote offices, we discovered something else: We have a growing number of unofficial Linux installations on desktops and servers throughout the company, and they aren't configured for optimum security.
The weaknesses from the rogue installs don't necessarily stem from the Linux operating system itself. Rather, they come from the installation of third-party applications and utilities, which can leave a desktop or server vulnerable to attack if set up incorrectly.
Growing in Popularity
Until now, we haven't had a policy on using Linux because there wasn't a need. One year ago, only a small subset of users ran Linux. The Linux desktops mostly belonged to developers or quality assurance and technical support staffers responsible for supporting our company's software on Linux. Now there are many more. Employees are installing Linux on their desktops, either as the primary operating system or as a second one alongside Windows 2000, our corporate standard.
Staff members are doing this using VMware from Palo Alto, Calif.-based VMware Inc. and other programs that allow multiple operating systems to run on the same machine.
Also, my company is using Red Hat Linux for more of its application servers. For example, we recently purchased an application for conducting surveys that runs only on Linux.
With the increased emphasis on Linux, some departments within the company, including mine, are considering using more open-source tools to help with day-to-day operations. I'm looking at a Linux-based knowledge base engine for the IT security department.
Knowledge base applications are good to have, especially in a department that has many applications to support. Certain configuration problems and associated remedies can be stored within the knowledge base system for future reference.
I'm also looking at security incident reporting programs to keep track of problems that occur frequently. One thing that frustrates me is having to read through incident reports - we generate more than 300 of them per year -- looking for anomalies.
Currently, we write incident reports in Microsoft Word using a template and save them