This topic is an extension of the tangent that began here:
I think we can probably all agree that the greatest threat to security is the user itself. Being careful with what you download or where you click on goes a very long way in avoiding unpleasant surprises.
This is like when people complain about how terrible WordPress security is when in reality is just the user's fault for installing random extensions without checking their authenticity or if they are still up to date or not.
I remember reading on this page that Ubuntu 7.10 (Gutsy Gibbon) had a security vulnerability with cryptographic keys, but that was ages ago.
My advise is to install all updates (including programs) immediately as attackers can exploit holes in outdated software.
Is Linux safer in terms of security and Malware Threats?
I would say, "Yes."
Is Linux a target?
Again, "Yes." Linux is widely used for Servers, by the government(s) and Military.
I think the primary concern for most on here is: Is Linux safe and secure for the average Desktop User.
There are some bloopers in recorded history... this is one of my favorites:
Maybe refer to this thread: Latest security news
I would never go so far as to answer no to this question.
But I do got to believe all things being equal Windows is more secure. There are just to many million/billion dollar companies involved looking for holes.
But that doesn’t mean Linux is far behind. I feel perfectly safe on Zorin
I think there is likely a decent bit of stuff like this in Linux code. But there aren’t as many people looking so it goes undiscovered for longer.
While many will say that there are vulnerabilities, almost all of them are local to the computer. You must have physical access to use any of the them. Remote vulnerabilities are very few and usually because of the services offered by the server.
While no computer is one hundred percent secure as long as it's connected to the internet, it is one of the more secure operating systems available today.
It has been proven that GNU/Linux is more secure than Windows (excluding the COWS kernel fault that had been undiscovered for 9 years - not as long as Windows which had one for 15 years before fixed!) because it is community led and fixes/patches are released within days (not compared with M$ which can take weeks if not longer). As 337harvey has pointed out, a lot of vulnerabilities are local, and that will include the PICNIC (Problem In Chair Not In Computer), due to inadvertently clicking on spam email or dodgy website. Security Vectors on most platforms these days tend to be email and Web pages/Web access (Ransomware being an example). Use clam-av to scan emails for potential viruses you would not wish to forward to a friend, and use chkrootkit and rkhunter regularly to check for rootkits.
We have no idea the vulnerabilities that are there. Linux code is not audited anywhere close to the same degree as Windows.
They absolutely exist in all platforms. Luckily for us we are not targeted as often as Windows users
Not true. There was a targeted malware some years ago that targeted GNU/Linux Banking software discovered by Bit Defender. The weakest link for any OS is the Problem In Chair. I don't use any Banking app either on computer or phone. I don't do Internet banking period. A consumer report on internet banking stated the most secure online banking only attained 85%, which helped maintain my stance.
Suggest you take a look here:
You think Windows code is audited to the same degree as Windows? Because I can tell you that is false. I also am not going to trust a website called "Linux Security" to tell me what is the most secure OS. The fact of the matter is it really can not be proven either way.
But I believe with the evidence available to me that all things being equal that Windows would win.
With that said all things are not equal and Windows has far more threats and attacks out there so in the real world Linux is safer
I don't understand this question.
Linux code is not seen by as many eyes as Windows code. Security is not tested as well by independent sources. etc.
Linux distros operate differently from Windows.
Many of these differences are even noted by the users, often by complaining about having to sign in to access Root.
Linux shows more security than Windows:
- On Linux, by default, you must enter your Root Password in order to install Software or make changes in the core system.
- On Windows, by default, you are set as an administrator upon install, allowing you to click on "Run as admin" regularly without ever entering a password.
- On Linux, you install software from vetted repositories. On Windows, you can find any .exe created by anyone and download and install it, without it being vetted nor stored in a secure repository.
- Linux is open source whereas Windows is proprietary. Open Source software can be examined, tested and poked by any white hat. Windows proprietary software cannot be probed except by professionals with access to the source code.
- Linux uses Package Managers for installation of software. Windows does not - you can grab any .exe package that you found lying around on the ground with flies landing on it.
- Windows only provides security patches for Windows and Windows created applications. They leave security patching of independent applications up to those package maintainers. This is a large gaping security hole in Windows.
- Linux uses vetted repositories to supply packages to users, which puts all applications under the same security umbrella.
Handling of Memory:
- Windows does not provide any buffer between UserSpace and the kernel. This allows Random Access Memory to easily be accessed from within USerSpace opening it up for malware.
- Linux has several buffers between the kernel and User Space. Any malware potentially included in a package gained outside of the package management system will not gain access to the kernel.
Linux is more secure than Windows in part due to how Linux is built from the ground up. Linux has clearly defined parameters for User Permissions; which we directly observe being frequently asked about on this forum.
Linux has far fewer exploitable avenues than Windows does, as demonstrated above in regards to repositories and package managers.
It is far better to examine the parameters and attributes than to make speculative assumptions.
Does not help when the person making the point is being biased.
(For instance you fail to mention that most Linux distros do not even use a firewall by default and that Linux distros do not tend to scan for threats like an antivirus on Windows does)
For instance as was linked by @zenzen children accidentally discovered a MAJOR loophole in a major linux distro. Something to this degree would not happen on Windows.
Linux code is not tested anywhere close to the same degree as Windows code and is not verified by independent sources to the same degree.
Anyway I am probably done with this thread as I am not a security expert. But I am not going to pretend there are not security loopholes in Linux code
Biases can be tested and weighed against merit. Having a bias is pretty normal for humans. It is for this reason that we employ The Scientific Method to step around our inherent biases.
It is very difficult to present and defend a case that is made by feelings.
These are speculative assumptions that you make without basis or merit. And the second assumption is simply wrong.
Flat out wrong.
Linux sources are tested much more heavily and regularly.
I already explained this in this post:
The Linux Package Management and Repositories mean all repository stored apps are tested.
Whereas on Windows, users can grab any .exe. from any unvetted source and that software could be hijacked and altered by any third party. This third actor can then distribute outside of secure repositories.
If you can not accept that you made an extremely biased post on the matter I can’t help you. I have a degree in Computer Networking and still do not feel qualified to make a compelling argument on this matter. But you try to make a “factual” point with a clear agenda without mentioning a couple of points I made that are downsides for Linux.
None of us are truly capable of fully comprehending this. There are companies spending millions of dollars that do not even know everything.
Operating system linux is secure, it is more useless depends what you installing on that operating system, like @Aravisian sayed third software can selling your privacy data on your pc. Besides all android phones and iphones do that, when you agree the license statement.