Why Linux Will Never Suffer From Viruses Like Windows

Why Linux Will Never Suffer From Viruses Like Windows

There seems to be a recurring phenomenon in the technology press, where any trojan that affects Linux or Macs becomes front page news. On the other hand, trojans that affect Windows are mostly ignored, perhaps because this is considered to be the normal state of affairs. 

There are two common statements made in the discussions of these rare events: 1, No operating system will ever be secure from Trojans and 2, Linux/Mac only have fewer viruses because no one uses them. The first statement is almost correct, whereas the second one is a flat out myth in my opinion. Let me explain, and I’ll listen if you still disagree after reading the following in its entirety.

 

0
+ -

>>  A Linux-targetted botnet would have no trouble reaching these users...it wouldn't even need to use any exploits or 0-days; all it would need to do is trick the user into entering their password with the promise of free porn

I'm guessing you don't use Linux.  Linux browsers don't support ActiveX, nor do they have Java enabled by default.  It's not near as easy to start an attack on an unsophisticated user as on Windows.

0
+ -

You might want to read more carefully because tricking the user into giving access has nothing to do with exploiting system vulnerabilities but exploiting the users gullibility!

Such attacks can be created with anything run online, including HTML5, and it doesn't really matter what you're running if you give the access information away.

The idea that it can only happen to a more vulnerable system is an exaggeration. User error is user error regardless of what's running, only by not giving the user any access can it be avoided.

0
+ -

While I submit, PLowe, that you are wrong with respect to operating systems, Windows being inherently more vulnerable than GNU/Linux, I quite agree that the most important thing to do is to educate users. But when you assume, as you seem to do, that «low-income computer users» are inherently less capable of adhering to good computing practice and/or more susceptible to the blandishment of free pornography than their more well-situated counterparts, your prejudices are showing. Indeed, with such an attitude, I wonder how successful you are in «educating» those low-income consumers with whom you deal so regularly....

Henri

+1
+ -

My wife teaches High School in an area that has a mix of high and low income families.

She has discovered that income has no bearing on a student's computer prowess at all. The kids with no computers at home are using them at their freind's houses and they know plenty about them anyways.


+2
+ -

Don’t let the users run anything they want? Is that the secret? Well, thank you, but I think I will pass on that one, I'm not a complete moron. I've seen this strategy on windows 7, when I tried to modify a system file, it was a nightmare to gain administrator access to it, something about "trusted installer". Anyway, there will always be a Linux distro that does not treat me as a moron, so I'm not worrying.

The problem lies with the user who is installing software from an untrusted source. Ubuntu, for example, is making it very easy to install .deb files from the internet. This is the danger. Someone could easily make a virus for that. Maybe they should have left out gdebi, if the user wants to install .deb files, they should have some knowledge.

+1
+ -

>> Ubuntu, for example, is making it very easy to install .deb files from the internet. This is the danger. Someone could easily make a virus for that. Maybe they should have left out gdebi...

Actually the recent direction with Ubuntu is now to put those "Install in Ubuntu" apt-link logos on the site. The links they point to are not actual debs, but entries in the software center. If you click one of those links and have not manually added the source as a trusted repo, Software Center gives you a big "Not Found" error.

.debs are no longer associated with gdebi. GDebi's not even installed by default anymore.  Packages open with Software Center (which is almost as bad, in my opinion). So, users could still save a deb locally and double-click to install it without knowing how to use dpkg if they really wanted to do that (though the official Ubuntu documentation tells you you shouldn't install things in this way, and why).  At least they're somewhat filtered in that unlike Windows exe's the .debs will open inside of Software Center... which gives Canonical an easy vector to stop them if any known malicious packages were to ever start making the rounds.

I could see where people that come from Windows might get themselves bit if they are still under the misconception that downloading packages from random sites and running them and typing in the admin password is a good idea, but people who learn from the ground up or actually read the documentation will know that you do everything via the software center or a package manager (unless you'e 1337 haxor), should therefore not be tricked by a malicious package.

0
+ -

I hae given many lectures on GNU/Linux and alway got same question or argument about the differences in security record between Linux and Windows.

The two very good analogies I use to (usually) satisfy the Windows advocates are:

Apache versus Microsoft IIS HTTP Servers. While Apache occupies approximately 68 - 72 % of Web servers (worldwide) as compared to approximatel 17% for IIS, the Microsoft product still registers significantly more vulnerabilities and actual intrusions than Apache, accoding to Cert.org, Threatpost.com and other security watch organizations.

The second example is Drupal Content Management system (CMS) Web site applications versus (any) similar category Dot.Net based website. Similar results from Web hosting and review entities, in favour of Drupal.

These two alone have been very persuasive and convincing when promoting benefits of Linux, although there will always be rabid Microsoft skeptics for whom nothing else matters.

-1
+ -

As there will always be rabid Linux skeptics.

Like pointing out servers are far less often targets than individual users and of course the obvious differences between server and consumer desktop software makes such comparisons obviously one sided.

Also, not all servers are set up with just the defaults and not all servers are equal targets or even equally maintained.

Not to mention ignoring that vulnerabilities like open ports, whether the systems are running anything legacy related, etc are things to watch out for regardless of what OS is running.

Having good or better defaults is just a good start, but with the ever increasing number of attacks security should be improved regardless of what level it's at. As no system is perfect and every security setup can be improved from its defaults.

Whether another OS is more vulnerable should never be the measure of satisfactory security! Unless you're only point is trash another OS in which case you're not talking about security but bragging rights!

+1
+ -

As it has been pointed out, the main question is: "Is open source software more secure than closed source software?". I believe it is, therefore, open source operating systems will be more secure than closed source operating systems. If, say, Skype has some serious vulnerability, it could affect both Windows and Linux, so, yeah, Linux could potentially have security problems caused by closed source apps, just like Windows does. If you believe there is no difference in security between open source and closed source, then we will agree to disagree. :)

Linux does have some security advantages "by design", but that's another story. Anyway, I've never had security problems with Linux (as far as I know), but on Windows I did have some viruses, spyware and other malware, although I've used Linux for a longer time. You may say that I was at fault for that, that may be so, but I do have more computer knowledge than the average Joe, therefore, the average Joe would be far safer on Linux than on Windows, and I think most people would agree with me on this one, the reasons don't really matter, be it market share, open source or good design.

-1
+ -

"Is open source software more secure than closed source software?".

Depends by what you are referring to by either... There are examples of Open Source with lousy security and there are Closed software that's also very secure.

Like Android is a very vulnerable platform that doesn't utilize all of the default security that is normally seen with GNU/Linux.

Though it can be said that Android is not entirely Open Source but goes to the point that it's not the difference between Open and Closed that determine whether a system is secure but rather how the software is setup that determines level of security.

By and large, Linux does have pretty good defaults and as long as developers actually use those defaults then it's pretty good security. However, those defaults only make them a little more secure than many other alternatives. Systems can be made even more secure and often should be.

While any system that lets the user modify it is open to user error and users being tricked. It's just a question of how likely the user will be tricked and whether the user is in a position to be tasked more or less often than other users.

Thus the discrepancy in opinions...

0
+ -

JDiaz:

As there will always be rabid Linux skeptics.

Like pointing out servers are far less often targets than individual users and of course the obvious differences between server and consumer desktop software makes such comparisons obviously one sided.

Also, not all servers are set up with just the defaults and not all servers are equal targets or even equally maintained.

Not to mention ignoring that vulnerabilities like open ports, whether the systems are running anything legacy related, etc are things to watch out for regardless of what OS is running.

Having good or better defaults is just a good start, but with the ever increasing number of attacks security should be improved regardless of what level it's at. As no system is perfect and every security setup can be improved from its defaults.

Whether another OS is more vulnerable should never be the measure of satisfactory security! Unless you're only point is trash another OS in which case you're not talking about security but bragging rights!

Damn, well said.

0
+ -

 

double post -with quote is better-

 

0
+ -

wanderson@nac.net:
Apache versus Microsoft IIS HTTP Servers. While Apache occupies approximately 68 - 72 % of Web servers (worldwide) as compared to approximatel 17% for IIS, the Microsoft product still registers significantly more vulnerabilities and actual intrusions than Apache, accoding to Cert.org, Threatpost.com and other security watch organizations.

 

Apache is covering 3/4 of the "market" ? Remember what OS does the same and what you think about it ?

The best vulnerability I know is called slowloris, so fun it works 68 - 72% of the time you attack a website...

0
+ -

So why are you running on IIS ?

-1
+ -

Someone broke into NY Rep. Michael Grimm's HQ and installed Linux on the computers. Wow

 

STATEN ISLAND, N.Y.  -- An overnight intruder smashed several windows and gained entry into Rep. Michael Grimm's New Dorp headquarters over the weekend, possibly tampering with computers inside the office, authorities said.

 

Grimm's staff discovered the damage Sunday morning -- two large chunks of cement and some smaller rocks had been hurled through three, 4x8-foot vertical windows, according to a campaign spokeswoman. They also believed that someone had deleted computer hard drives. The congressman and his campaign staff believe the vandalism was staged to cover up the computer tampering.

On further inspection it was determined the intruder had caused a different type of damage -- someone installed the Linux operating system on the office's computers, Grimm told the Advance Sunday night, and in the process wiped the hard drives clean. "All of my polling data, all of the data from my IDs of voters, and a bunch of other campaign information. But fortunately we had everything backed up from literally hours before, so we don't lose anything because we have backups," Grimm said. 

 

 

 

 

 

+1
+ -

The Congressman put this "politically-motivated" spin on the story because he's been under an ongoing investigation by the FBI.

The vandalism was done by a pair of 8th graders who have since confessed.

The installation of Linux was done by the congressman's own IT staffer to test the hardware, as the Windows installation had corrupted itself.

http://www.wnyc.org/blogs/wnyc-news-blog/2012/sep/26/rep-grimm-backtracks-claims-vandalism-was-politically-motivated/

+1
+ -

3vi1:

The Congressman put this "politically-motivated" spin on the story because he's been under an ongoing investigation by the FBI.

The vandalism was done by a pair of 8th graders who have since confessed.

The installation of Linux was done by the congressman's own IT staffer to test the hardware, as the Windows installation had corrupted itself.

 

LOL!

 

Prev 1 2
Login or Register to Comment
Post a Comment
Username:   Password: