Why Linux Will Never Suffer From Viruses Like Windows

Article Index:   

There seems to be a recurring phenomenon in the technology press, where any trojan that affects Linux or Macs becomes front page news. On the other hand, trojans that affect Windows are mostly ignored, perhaps because this is considered to be the normal state of affairs.  

There are two common statements made in the discussions of these rare events:

  • No operating system will ever be secure from Trojans.
  • Linux/Mac only have fewer viruses because no one uses them.

 

The first statement is almost correct, whereas the second one is a flat out myth in my opinion. Let me explain, and I’ll listen if you still disagree after reading the following in its entirety.

1.  No operating system will ever be totally secure from Trojans... but only as long as they allow anyone to write un-sandboxed software for it.

If users have the ability to run anything, they can also install anything they are tricked into running. Anyone can trick people into running a script to format their drive on any operating system... if the user is gullible enough to click through the prompts and enter the admin password. There is only one way around this: Don’t let the users run anything they want!

Take the XBox 360, for example.  It’s actually a full fledged computer, with huge marketshare, running a Microsoft operating system. Yet, with all these compounding points of vulnerability it has no known trojans floating around in the wild. Why? Because full system access is restricted to established companies with a clear chain of responsibility. Users can’t run unsigned software on the system, and even with XNA indie devs get only crippled sandbox access.

Apple’s taking this same approach with their Mac App Store. Apps delivered through the store must run in a sandboxed environment. Microsoft is also doing the same thing with their Windows 8 app store. If devs want to create their own apps with full system access, they won’t be able to play in these ecosystems.  Of course, Apple and Microsoft still let their own apps, the ones devs will be competing against, run with full system access (look for anti-trust lawsuits here later).

After “Secure Boot” (i.e. restricted boot) is prevalent, and the operating systems are locked down to not allow anyone to sideload any non-OEM software, we could be completely free of trojans and viruses.  That might be good for the average level of system security, but it would be a horrible blow to innovation, competition, and the indie/hobbyist developers.

2. Does system adoption directly correlate to an increased likelihood of viruses / trojans? No. Not in my opinion. There are many reasons Linux systems have fewer viruses, and market share is only one factor.  I’ll address these from the Linux perspective. On the Mac side of things, several of the points don’t apply, as Apple has taken free software and brought it into its closed, walled garden.


A huge percentage of Linux software is installed from signed repositories:

1) The downloads themselves are cryptographically signed.

When a user downloads software and drivers for Windows, they’re typically doing it from many different websites on the internet, and trusting that the admins of every one of those sites is competent and has done their due diligence to implement the proper security.  At the time of the download, there is no check to verify that the file the user is getting was actually created by a trusted source (and not a hacker that has pwn’d the site) or is being served by some man in the middle.

On Linux, with few exceptions, the hardware drivers are also included with the kernel. As for software, users typically download that from only a limited set of distro-owned repositories.  All software is delivered in installation packages that are cryptographically signed and those signatures are checked at installation time.  If a package has been replaced with a hacked version and was therefore not signed with a trusted cert, users will get a big fat error warning them of that.

2) The repositories (“repos”, for short) keep all of the software up to date, not just the kernel or things made by the distro creator.

When a security flaw is found in a Windows application, the vendor will usually put an update on their website.  With the exception of a few MS partners that have their drivers on Windows Update, it is up to the user to go discover that and update their software.

On Linux, security issues can be raised and patches created by any entity, not just the original software author.  These updates are applied and pushed into the repos for all applications.  Users become aware of it almost immediately - as most distros check regularly and prompt users to click a button to update the app.


I finally found a trojan! It's a Windows trojan in my Junk email folder, that doesn't work on my Linux box.

More than 99% of the software is open source:

It’s not unreasonable to wonder “How does having the source code available for any nefarious hackers to peruse, make software more secure?”.  The answer can be summed up in something Eric Raymond said about 13 years ago:  “Given enough eyeballs, all bugs are shallow”.

In the Windows world, we are trusting the vendor to have done the due diligence to investigate their own code for buffer overflows and other exploitable flaws. No one else has seen the code, so automated software source scans/reviews are impossible.

In the Linux world, there are dozens of companies and security researchers that constantly run scans over the entire ecosystem of software in their repositories - not just the software they’ve developed themselves.

Open source code also tends to lend itself to re-use.  In the Linux world, devs are not even going to be tempted to go implementing a security-centric feature like SSL libraries themselves, when there are perfectly working ones available for their open source apps to use for free.  Having that code open, such that they can step their debugger into and fix any underlying bugs themselves, is a great asset.

On Windows, there’s a reinforcement of the “not invented here” mindset as apps re-implement the wheel for their closed-source project in order to avoid paying other proprietary software developers for a decently vetted utility library. A Linux distribution (distro) is more than just Linux. Linux is the kernel, and many of the other components are part of the GNU environment. Common packages (ex. Apache web server) are used in other open source operating systems, including BSD. And, in case you didn't know, the BSD guys are kind of nuts about security. So, these components have been scrutinized with a hundred fine toothed combs.

Combine the open-source nature of Linux with the repository system used for software distribution, and anyone can see why Linux exploits have shockingly short lifespans:  When a 0-day exploit is found, the geeks rush to see who can come up with the best fix (since everyone has access to the source), and it’s pushed into the repos and out to everyone immediately.


Linux distros are diverse:


Successful trojans rely on some bug or flaw to exist, in order to gain elevated privileges. (I know:  duh, right?) On Windows, malware authors can be pretty sure that the kernel bug that exists on their Windows 7 box also exists on your Windows 7 box (if both are up to date).



On Linux, these would-be-hackers would be extremely lucky if two different distros are running the same kernel  -- much less the same patch-sets -- and maybe if they were built with the same compile options.  The same bugs do not exist everywhere, which makes Linux a less viable target. It's still an attractive target (since a large percentage of the always-on servers on the Internet run it), it's just not as easily exploited at the OS level.

So, the conclusion is obvious:  Even if they had the exact same market share, it is extremely unlikely that Linux would ever have the same number of exploits as we see in closed-source ecosystems such as Windows. This is a direct result of the open nature, which allows for innumerable companies and hobbyists to access and maintain all portions of the system--a feature that simply can't be replicated in proprietary operating systems. Linux will always have more eyes looking through the code to make it secure, than there are eyes looking through the code to exploit it.

I welcome any intelligent discourse on the topic, even if you disagree with me.

Image gallery

Related content

Comments

Comments
ACosta 2 years ago

I work in a school environment running mostly Windows XP where students bring their thumb drives, plug them in do whatever they want. How do I prevent viruses from wreaking havoc on a 12 year old OS? Well, by default, I simply setup a restricted account and that's it.

Jazzyboy 2 years ago

But the issue with this is that your students then have no access to any advanced tools unless you bypass security for them.

 

Now try transfering this situation to a home environment. As a technician, you setup a restricted account on someone's computer. Look at the issue with this. You're now locking away access to any of the tools on that person's computer. You would have to visit them everytime they wish to bypass security.

 

Now, with Linux, as long as security is looked after, these issues can be avoided entirely.

RTietjens 2 years ago

For an environment where the usual unsophisticated user is expected, and frequent software changes are unexpected, a system locker like DeepFreeze will work wonders. I'm sure it can be hacked, but in normal use a simple reboot restores the system to pre-idiot settings.

BurntChz 2 years ago

I work for a small hospital and we use Deep Freeze on our 'public' computers and it saves us a TON of headaches.

OmniDeus 2 years ago

i agree it's amazing how much work faronics saves me. i also bought copies for my parents computers. Instead of going to "mom and dads" house only to fix computers, we can totally sit back and have a nice bbq instead.

3vi1 2 years ago

>> I simply setup a restricted account and that's it.

Kid has Knoppix on his thumbdrive. Kid runs chntpw. Admin account not so restricted now.

MadPhil 2 years ago

BIOS -> no USB boot = Be a great admin

crazy4chrissi 2 years ago

"BIOS -> no USB boot = Be a great admin"

Great? Not the most stupid maybe.

Kid: Boot normal Windows (restricted access) -> run BIOS password tool -> go into bios -> change settings -> boot whatever he wants -> even change the installed windows os

You might say it's not that easy. Fact is, when I was in school, I did exactly that. I managed to install _a webserver_ on one of the computers, that was accessible within the whole school network.

And there were all those usual things like bios passwords, restricted accounts and stuff like that. It was comparably easy still. ;-)

I must admit that before that, the school PCs had these fancy hardware-cards that did not really write anything permanently on hard-drive, so always when you restarted, the computer was clean again. We did not find a way around these. Except using a screwdriver, opening the case and removing the card ;-)

A good physical case could probably avoid that to some extent.

mhenriday 2 years ago

[quote user="crazy4chrissi"]

"BIOS -> no USB boot = Be a great admin"

Great? Not the most stupid maybe.

Kid: Boot normal Windows (restricted access) -> run BIOS password tool -> go into bios -> change settings -> boot whatever he wants -> even change the installed windows os

You might say it's not that easy. Fact is, when I was in school, I did exactly that. I managed to install _a webserver_ on one of the computers, that was accessible within the whole school network.

And there were all those usual things like bios passwords, restricted accounts and stuff like that. It was comparably easy still. ;-)

I must admit that before that, the school PCs had these fancy hardware-cards that did not really write anything permanently on hard-drive, so always when you restarted, the computer was clean again. We did not find a way around these. Except using a screwdriver, opening the case and removing the card ;-)

A good physical case could probably avoid that to some extent.

[/quote]

Selection pressures seem to have made us the most ingenious of animals - great story !...

Henri

MadPhil 2 years ago

Hello,

Can you name ANY bios tool that doesn't require you to type the previous password before doing any change ?

Anyway, let's pretend it's possible, H4xx0r kiddie has to logon on your machine, you have a trace of who did it (or at least who let someone do it by giving his password).

Be a great computer admin, no unauthenticated logins.

(please let's continue this)

YingtongLi one year ago

Au contraire, MadPhil. I know for a fact my school logs logins in an SQL database. With one user account. From a VBS script. *tap tap tap*... 'oops' just wiped everyone's login history.

realneil one year ago

[quote user="MadPhil"]Can you name ANY bios tool that doesn't require you to type the previous password before doing any change ?[/quote]

Yup, the BIOS Reset Jumper on the motherboard does that quite handily.

omegadraco 2 years ago

Very nice article and so true. Market share is certainly a factor but not the end all and be all.

pwrntspd 2 years ago

Good point, Ive always been a big supporter of open source software, and i really do hope linux takes hold as a major OS.

DRoss 2 years ago

Yes. Great article. I can add also that since most software for Linux is free that users are downloading legitimate copies of Gimp and Kdenlive instead of an infected Torrent version of Photoshop or Adobe Premiere.

3vi1 2 years ago

Great point, DRoss. I wish I had thought of that one.

JDiaz 2 years ago

Not really, even on Linux people want to use Photoshop. It's not like open source can replace all the non-free software. Development of really good programs/apps takes time and money and that's hard to do Open Source.

Really, it's been years and yet there's no really good audiophile programs or a real alternative to Photoshop, among other examples. It's why people keep on trying WINE and VM solutions.

Even the move with Valve to put Steam on Linux is not going to be any more free than the Windows version.

DRM, software pirating, etc are all things mainstream OS users will have to deal with regardless of which OS they use!

3vi1 2 years ago

>> Not really, even on Linux people want to use Photoshop

Nope.  I use Gimp.  Free, and does everything most people want.

I have more audio programs than I can shake a stick at, I don't know what 2004-thing you're thinking of.

Software piracy isn't going to be a big problem in Linux, because there's a free solution that is good enough for pretty much everything:  LibreOffice, Inkscape, Audacity... it's not worth the Linux users time to pirate software when there's a free solution with a one-click install right in front of him.

Pirated games?  Sure, I'll wager there'll be a few.  But, the vast majority of Windows/Mac trojans are going to be found in pirated versions of the OS or productivity suites... so the games probably will never be a big deal.  If Valve's smart, they'll do like android and run everything under a separate user account where the games can't even screw with any directory outside Steam.

JDiaz 2 years ago

Sorry but I do use Linux, along with OSX, Windows, Android, and iOS. I'm not picky! I just know better to think that any one of them is invulnerable or in any way perfect. All OS have their strength and weaknesses.

Linux has some good defaults but it still requires a good setup and careful users.

While you obviously don't use Windows if you think it's still easy to do unsophisticated attacks. Drivers like the video drivers have been sand boxed since Vista. Along with a lot of security features that's been added over the years.

The majority of Attacks on Windows are Trojans, not viruses!

So it's mostly user error and things like not all users necessarily take advantage of those security features, like many insist on always logging in as administrator instead of a limited account even if they never really need admin privileges.

Also you're assuming things like Java actually has to be installed on Windows just like Linux. So either way user permission is required.

Windows 8 Modern UI brings in the latest security improvements, like all modern UI apps run sand boxed just like Linux. Secure Boot, etc are all enhancing Windows security higher than it's ever been before. The new MS App store will make it a lot harder to attack users through apps, etc.

While like it or not though Gimp is no replacement for Photoshop, sorry but I've worked as a graphic designer and theirs no real replacement for Photoshop. Gimp is more in the class of something like Photoshop Elements, Photoshop features but not the same as the full program.

There are also no really good audio editing programs for Linux.

Really, check out the "Why Linux Sucks | LFNW 2012" (part of LinuxFest North West) on youtube. It covers what Linux still needs to overcome and it's made by pro-Linux people!

3vi1 2 years ago

>> While you obviously don't use Windows

I've used it every day in my professional work for the last 20 years, and been writing software for it all that time..

>> Gimp is no replacement for Photoshop,

For the majority of us, it is. It's just not a replacement for everyday professional designers that need that final 5% - and who probably own Mac's (and therefore have OSX) for that type of work.

>> There are also no really good audio editing programs for Linux

http://ardour.org/

>> Really, check out the "Why Linux Sucks | LFNW 2012" (part of LinuxFest North West) on youtube. It covers what Linux still needs to overcome and it's made by pro-Linux people!

I'm very familiar with Bryan's work, having been a long-time viewer of The Linux Action Show. He gives that talk each year to show the progress. You should watch the talk he gave afterwards, called "Why Linux Does Not Suck (Even A Little)".

JDiaz 2 years ago

"I've used it every day in my professional work for the last 20 years, and been writing software for it all that time.."

Then you should have known better on all counts!

"For the majority of us, it is. It's just not a replacement for everyday professional designers that need that final 5% - and who probably own Mac's (and therefore have OSX) for that type of work."

Doesn't change the point that until Linux has a real replacement then it won't appeal to the professionals!

"http://ardour.org/"

Sorry but that's like GIMP for audio, it's not a pro tool like ProTools, Cubase, Sonar, and Reaper.

"I'm very familiar with Bryan's work, having been a long-time viewer of The Linux Action Show. He gives that talk each year to show the progress. You should watch the talk he gave afterwards, called "Why Linux Does Not Suck (Even A Little)"."

I did watch both, so sorry but I'm not the one in denial here. The first video clearly points out things like Linux has yet to get any really good pro tools for audio and video editing. Among other things that still need to change for Linux.

So, like I said before, Linux has some good defaults but it still requires a good setup (it can actually be made quite a bit more secure) and careful users. Especially the latter as any attack that targets the user can bypass any security the user has access to!

ADent 2 years ago

>Linux has some good defaults but it still requires a good setup and careful users.

My 8yr old installed Linux on his computer this week clicking Enter about a dozen times.

Really not hard to setup..

Careful users?

I call BS on this. If anything, you have to be more careful on Windows.

Granted, use Linux for a while and you become a little cocky. My dad watches sports on Rojadirecta when he is at home using Linux and used it at a friends place one day and within a few mins, that Windows machine was infested.

Had he been using Windows, i would have warned him that hackerz, warez, live feeds. *** sites are high risk...

I have 4 kids running Linux including my sisters and inlaws kids thats 13 kids from 5 to 16yrs old. Careful kids you say?

I have Linux running on many friends and family's computers who always asked me for help since I 'know computers' (telling them I write Perl and Python and dont know user infterfaces is useless) and most of the time it was the same old song and dance. with infested computers.

Counting inlaws-parents-aunts,etc, thats 14 senior citizens using Linux of which more than half never touched a computer before.

Careful users? Dont make me laugh.

I just went through the 10.04 to 12.04LTS upgrade this summer for my family that uses Kubuntu and its been smooth.

The past 4 years of switching all these people (some have dual boots or Virtualbox for work stuff) has meant that my free tech support has diminished by 90%. heck, I use KRDC most times and dont even seen them when there is something that comes up...

And btw, my wife works as project manager for a design company so she uses Photoshop at home (Win7 running through Virtuabox) and is one of the rare people I know that actually NEEDS it for work or that has a legal copy of it.

Its a question system admnistrators always talk about when chatting about what people download at work "How many people have Photoshop and paid for it / or need it?".

My eldest went to Prek years ago and half the mommies used Photoshop. Not well might I add (nightmares of

embossed and lens flare). None paid for it. People think they need it because thats the only thing they have ever heard.

Let's face it, there is barely anyone in our IT department that DOESNT have it. Same at where friends work.

Then ask how many people need it for work or paid for it and you will see that even though the world is full of graphic artists or 'web designers', the majority of those people havent shelled a grand for Photoshop.

There isnt a huge throng of geeks out there looking to get a version of Autocad but tons of people who see themselves as artists who think that the only thing thats stopping them from creating images or movies is their access to the top of

the top of software.

mhenriday 2 years ago

Excellent post, A Dent - your description parallels my own (limited) experience in installing Linux (Ubuntu) on the computers of the retirees I often help. I usually have no problem convincing them to install and try Firefox and/or Chrome alongside the pre-installed IE, and the vast majority seem to prefer these browsers and to stick with one of them. But I've found suggesting a non-legacy operating system far more difficult ; generally speaking I refrain from doing so. In a few cases, however, I've lent refurbished older computers on which I've installed Ubuntu to members of our organisation ; these users have universally found it easy to operate and I've noticed that they have required much less follow-up help than their coevals using various versions of Windows....

Henri

nervecenter 2 years ago

This is the kind of stuff that people laugh at years down the line. It's nothing new.

If Valve or any other commercial giant is successful at driving a large market onto Linux for whatever reason (because the open-source community has proven they can't do it themselves; only commercial entities, like Canonical and Google, have had any success), chances are most people are going to have the most up-to-date version of the latest LTS distribution of Ubuntu. That vastly reduces the target variety and gives malware creators a whole hell of a lot of information to steal.

If Canonical can create a robust sandbox for developers of software commonly used by average, somewhat Linux-literate users, then that's great. But for the power user, that succeeds in only doing what they're trying to avoid in Windows 8 and OSX: reigning in many parts of the OS for the sake of safety and user experience at the expense of the core Linux philosophies. It sounds untenable, but who knows, maybe somebody will figure it out.

PLowe 2 years ago

The problem isn't the operating system, and it never was. It's the users. I deal very regularly with a lot of low-income computer users, generally running donated or very old used computers, more often than not running Ubuntu. A Linux-targetted botnet would have no trouble reaching these users...it wouldn't even need to use any exploits or 0-days; all it would need to do is trick the user into entering their password with the promise of free porn, or a working Flash plugin, or even funny cat videos. Honestly, I'm shocked this hasn't been tried (or if it has, I'm shocked it's not ubiquitous). The only way to secure things for everyone in the long term is educating the users, whether they're on Windows or something else.

3vi1 2 years ago

>>  A Linux-targetted botnet would have no trouble reaching these users...it wouldn't even need to use any exploits or 0-days; all it would need to do is trick the user into entering their password with the promise of free porn

I'm guessing you don't use Linux.  Linux browsers don't support ActiveX, nor do they have Java enabled by default.  It's not near as easy to start an attack on an unsophisticated user as on Windows.

JDiaz 2 years ago

You might want to read more carefully because tricking the user into giving access has nothing to do with exploiting system vulnerabilities but exploiting the users gullibility!

Such attacks can be created with anything run online, including HTML5, and it doesn't really matter what you're running if you give the access information away.

The idea that it can only happen to a more vulnerable system is an exaggeration. User error is user error regardless of what's running, only by not giving the user any access can it be avoided.

mhenriday 2 years ago

While I submit, PLowe, that you are wrong with respect to operating systems, Windows being inherently more vulnerable than GNU/Linux, I quite agree that the most important thing to do is to educate users. But when you assume, as you seem to do, that «low-income computer users» are inherently less capable of adhering to good computing practice and/or more susceptible to the blandishment of free pornography than their more well-situated counterparts, your prejudices are showing. Indeed, with such an attitude, I wonder how successful you are in «educating» those low-income consumers with whom you deal so regularly....

Henri

realneil 2 years ago

My wife teaches High School in an area that has a mix of high and low income families.

She has discovered that income has no bearing on a student's computer prowess at all. The kids with no computers at home are using them at their freind's houses and they know plenty about them anyways.


i86e2 2 years ago

Don’t let the users run anything they want? Is that the secret? Well, thank you, but I think I will pass on that one, I'm not a complete moron. I've seen this strategy on windows 7, when I tried to modify a system file, it was a nightmare to gain administrator access to it, something about "trusted installer". Anyway, there will always be a Linux distro that does not treat me as a moron, so I'm not worrying.

The problem lies with the user who is installing software from an untrusted source. Ubuntu, for example, is making it very easy to install .deb files from the internet. This is the danger. Someone could easily make a virus for that. Maybe they should have left out gdebi, if the user wants to install .deb files, they should have some knowledge.

3vi1 2 years ago

>> Ubuntu, for example, is making it very easy to install .deb files from the internet. This is the danger. Someone could easily make a virus for that. Maybe they should have left out gdebi...

Actually the recent direction with Ubuntu is now to put those "Install in Ubuntu" apt-link logos on the site. The links they point to are not actual debs, but entries in the software center. If you click one of those links and have not manually added the source as a trusted repo, Software Center gives you a big "Not Found" error.

.debs are no longer associated with gdebi. GDebi's not even installed by default anymore.  Packages open with Software Center (which is almost as bad, in my opinion). So, users could still save a deb locally and double-click to install it without knowing how to use dpkg if they really wanted to do that (though the official Ubuntu documentation tells you you shouldn't install things in this way, and why).  At least they're somewhat filtered in that unlike Windows exe's the .debs will open inside of Software Center... which gives Canonical an easy vector to stop them if any known malicious packages were to ever start making the rounds.

I could see where people that come from Windows might get themselves bit if they are still under the misconception that downloading packages from random sites and running them and typing in the admin password is a good idea, but people who learn from the ground up or actually read the documentation will know that you do everything via the software center or a package manager (unless you'e 1337 haxor), should therefore not be tricked by a malicious package.

wanderson@nac.net 2 years ago

I hae given many lectures on GNU/Linux and alway got same question or argument about the differences in security record between Linux and Windows.

The two very good analogies I use to (usually) satisfy the Windows advocates are:

Apache versus Microsoft IIS HTTP Servers. While Apache occupies approximately 68 - 72 % of Web servers (worldwide) as compared to approximatel 17% for IIS, the Microsoft product still registers significantly more vulnerabilities and actual intrusions than Apache, accoding to Cert.org, Threatpost.com and other security watch organizations.

The second example is Drupal Content Management system (CMS) Web site applications versus (any) similar category Dot.Net based website. Similar results from Web hosting and review entities, in favour of Drupal.

These two alone have been very persuasive and convincing when promoting benefits of Linux, although there will always be rabid Microsoft skeptics for whom nothing else matters.

JDiaz 2 years ago

As there will always be rabid Linux skeptics.

Like pointing out servers are far less often targets than individual users and of course the obvious differences between server and consumer desktop software makes such comparisons obviously one sided.

Also, not all servers are set up with just the defaults and not all servers are equal targets or even equally maintained.

Not to mention ignoring that vulnerabilities like open ports, whether the systems are running anything legacy related, etc are things to watch out for regardless of what OS is running.

Having good or better defaults is just a good start, but with the ever increasing number of attacks security should be improved regardless of what level it's at. As no system is perfect and every security setup can be improved from its defaults.

Whether another OS is more vulnerable should never be the measure of satisfactory security! Unless you're only point is trash another OS in which case you're not talking about security but bragging rights!

i86e2 2 years ago

As it has been pointed out, the main question is: "Is open source software more secure than closed source software?". I believe it is, therefore, open source operating systems will be more secure than closed source operating systems. If, say, Skype has some serious vulnerability, it could affect both Windows and Linux, so, yeah, Linux could potentially have security problems caused by closed source apps, just like Windows does. If you believe there is no difference in security between open source and closed source, then we will agree to disagree. :)

Linux does have some security advantages "by design", but that's another story. Anyway, I've never had security problems with Linux (as far as I know), but on Windows I did have some viruses, spyware and other malware, although I've used Linux for a longer time. You may say that I was at fault for that, that may be so, but I do have more computer knowledge than the average Joe, therefore, the average Joe would be far safer on Linux than on Windows, and I think most people would agree with me on this one, the reasons don't really matter, be it market share, open source or good design.

JDiaz 2 years ago

"Is open source software more secure than closed source software?".

Depends by what you are referring to by either... There are examples of Open Source with lousy security and there are Closed software that's also very secure.

Like Android is a very vulnerable platform that doesn't utilize all of the default security that is normally seen with GNU/Linux.

Though it can be said that Android is not entirely Open Source but goes to the point that it's not the difference between Open and Closed that determine whether a system is secure but rather how the software is setup that determines level of security.

By and large, Linux does have pretty good defaults and as long as developers actually use those defaults then it's pretty good security. However, those defaults only make them a little more secure than many other alternatives. Systems can be made even more secure and often should be.

While any system that lets the user modify it is open to user error and users being tricked. It's just a question of how likely the user will be tricked and whether the user is in a position to be tasked more or less often than other users.

Thus the discrepancy in opinions...

Clixxer one year ago

[quote user="JDiaz"]

As there will always be rabid Linux skeptics.

Like pointing out servers are far less often targets than individual users and of course the obvious differences between server and consumer desktop software makes such comparisons obviously one sided.

Also, not all servers are set up with just the defaults and not all servers are equal targets or even equally maintained.

Not to mention ignoring that vulnerabilities like open ports, whether the systems are running anything legacy related, etc are things to watch out for regardless of what OS is running.

Having good or better defaults is just a good start, but with the ever increasing number of attacks security should be improved regardless of what level it's at. As no system is perfect and every security setup can be improved from its defaults.

Whether another OS is more vulnerable should never be the measure of satisfactory security! Unless you're only point is trash another OS in which case you're not talking about security but bragging rights!

[/quote]

Damn, well said.

MadPhil 2 years ago

 

double post -with quote is better-

 

MadPhil 2 years ago

[quote user="wanderson@nac.net"]Apache versus Microsoft IIS HTTP Servers. While Apache occupies approximately 68 - 72 % of Web servers (worldwide) as compared to approximatel 17% for IIS, the Microsoft product still registers significantly more vulnerabilities and actual intrusions than Apache, accoding to Cert.org, Threatpost.com and other security watch organizations.[/quote]

 

Apache is covering 3/4 of the "market" ? Remember what OS does the same and what you think about it ?

The best vulnerability I know is called slowloris, so fun it works 68 - 72% of the time you attack a website...

Dragnucs 2 years ago

So why are you running on IIS ?

digitaldd 2 years ago

Someone broke into NY Rep. Michael Grimm's HQ and installed Linux on the computers. Wow

 

STATEN ISLAND, N.Y.  -- An overnight intruder smashed several windows and gained entry into Rep. Michael Grimm's New Dorp headquarters over the weekend, possibly tampering with computers inside the office, authorities said.

 

Grimm's staff discovered the damage Sunday morning -- two large chunks of cement and some smaller rocks had been hurled through three, 4x8-foot vertical windows, according to a campaign spokeswoman. They also believed that someone had deleted computer hard drives. The congressman and his campaign staff believe the vandalism was staged to cover up the computer tampering.

On further inspection it was determined the intruder had caused a different type of damage -- someone installed the Linux operating system on the office's computers, Grimm told the Advance Sunday night, and in the process wiped the hard drives clean. "All of my polling data, all of the data from my IDs of voters, and a bunch of other campaign information. But fortunately we had everything backed up from literally hours before, so we don't lose anything because we have backups," Grimm said. 

 

 

 

 

 

3vi1 2 years ago

The Congressman put this "politically-motivated" spin on the story because he's been under an ongoing investigation by the FBI.

The vandalism was done by a pair of 8th graders who have since confessed.

The installation of Linux was done by the congressman's own IT staffer to test the hardware, as the Windows installation had corrupted itself.

http://www.wnyc.org/blogs/wnyc-news-blog/2012/sep/26/rep-grimm-backtracks-claims-vandalism-was-politically-motivated/

realneil 2 years ago

[quote user="3vi1"]

The Congressman put this "politically-motivated" spin on the story because he's been under an ongoing investigation by the FBI.

The vandalism was done by a pair of 8th graders who have since confessed.

The installation of Linux was done by the congressman's own IT staffer to test the hardware, as the Windows installation had corrupted itself.

[/quote]

 

LOL!

 

Post a Comment
or Register to comment