Is Linux really more secure?

Aravisian · 14 June 2023 15:21

This topic is an extension of the tangent that began here:

zenzen · 14 June 2023 15:37

I think we can probably all agree that the greatest threat to security is the user itself. Being careful with what you download or where you click on goes a very long way in avoiding unpleasant surprises.

This is like when people complain about how terrible WordPress security is when in reality is just the user's fault for installing random extensions without checking their authenticity or if they are still up to date or not.

Aravisian · 14 June 2023 15:56

Is Linux safer in terms of security and Malware Threats?
I would say, "Yes."

Is Linux a target?
Again, "Yes." Linux is widely used for Servers, by the government(s) and Military.

I think the primary concern for most on here is: Is Linux safe and secure for the average Desktop User.

zenzen · 14 June 2023 15:59

There are some bloopers in recorded history... this is one of my favorites:

zabadabadoo · 14 June 2023 16:00

Maybe refer to this thread: Latest security news

rolltide101x · 14 June 2023 17:26

I would never go so far as to answer no to this question.

But I do got to believe all things being equal Windows is more secure. There are just to many million/billion dollar companies involved looking for holes.

But that doesn’t mean Linux is far behind. I feel perfectly safe on Zorin

rolltide101x · 14 June 2023 17:32

I think there is likely a decent bit of stuff like this in Linux code. But there aren’t as many people looking so it goes undiscovered for longer.

337harvey · 14 June 2023 21:30

While many will say that there are vulnerabilities, almost all of them are local to the computer. You must have physical access to use any of the them. Remote vulnerabilities are very few and usually because of the services offered by the server.

While no computer is one hundred percent secure as long as it's connected to the internet, it is one of the more secure operating systems available today.

swarfendor437 · 14 June 2023 22:21

It has been proven that GNU/Linux is more secure than Windows (excluding the COWS kernel fault that had been undiscovered for 9 years - not as long as Windows which had one for 15 years before fixed!) because it is community led and fixes/patches are released within days (not compared with M$ which can take weeks if not longer). As 337harvey has pointed out, a lot of vulnerabilities are local, and that will include the PICNIC (Problem In Chair Not In Computer), due to inadvertently clicking on spam email or dodgy website. Security Vectors on most platforms these days tend to be email and Web pages/Web access (Ransomware being an example). Use clam-av to scan emails for potential viruses you would not wish to forward to a friend, and use chkrootkit and rkhunter regularly to check for rootkits.

rolltide101x · 15 June 2023 03:19

We have no idea the vulnerabilities that are there. Linux code is not audited anywhere close to the same degree as Windows.

They absolutely exist in all platforms. Luckily for us we are not targeted as often as Windows users

swarfendor437 · 15 June 2023 08:30

Not true. There was a targeted malware some years ago that targeted GNU/Linux Banking software discovered by Bit Defender. The weakest link for any OS is the Problem In Chair. I don't use any Banking app either on computer or phone. I don't do Internet banking period. A consumer report on internet banking stated the most secure online banking only attained 85%, which helped maintain my stance.
Suggest you take a look here:

https://linuxsecurity.com/features/linux-vs-windows-for-businesses

rolltide101x · 15 June 2023 13:50

You think Windows code is audited to the same degree as Windows? Because I can tell you that is false. I also am not going to trust a website called "Linux Security" to tell me what is the most secure OS. The fact of the matter is it really can not be proven either way.

But I believe with the evidence available to me that all things being equal that Windows would win.

With that said all things are not equal and Windows has far more threats and attacks out there so in the real world Linux is safer

zabadabadoo · 15 June 2023 14:53

I don't understand this question.

rolltide101x · 15 June 2023 15:07

Linux code is not seen by as many eyes as Windows code. Security is not tested as well by independent sources. etc.

Aravisian · 15 June 2023 15:08

Linux distros operate differently from Windows.
Many of these differences are even noted by the users, often by complaining about having to sign in to access Root.

Linux shows more security than Windows:

On Linux, by default, you must enter your Root Password in order to install Software or make changes in the core system.
On Windows, by default, you are set as an administrator upon install, allowing you to click on "Run as admin" regularly without ever entering a password.

Installing Software:

On Linux, you install software from vetted repositories. On Windows, you can find any .exe created by anyone and download and install it, without it being vetted nor stored in a secure repository.
Linux is open source whereas Windows is proprietary. Open Source software can be examined, tested and poked by any white hat. Windows proprietary software cannot be probed except by professionals with access to the source code.
Linux uses Package Managers for installation of software. Windows does not - you can grab any .exe package that you found lying around on the ground with flies landing on it.

Security patches:

Windows only provides security patches for Windows and Windows created applications. They leave security patching of independent applications up to those package maintainers. This is a large gaping security hole in Windows.
Linux uses vetted repositories to supply packages to users, which puts all applications under the same security umbrella.

Handling of Memory:

Windows does not provide any buffer between UserSpace and the kernel. This allows Random Access Memory to easily be accessed from within USerSpace opening it up for malware.
Linux has several buffers between the kernel and User Space. Any malware potentially included in a package gained outside of the package management system will not gain access to the kernel.

Linux is more secure than Windows in part due to how Linux is built from the ground up. Linux has clearly defined parameters for User Permissions; which we directly observe being frequently asked about on this forum.
Linux has far fewer exploitable avenues than Windows does, as demonstrated above in regards to repositories and package managers.

It is far better to examine the parameters and attributes than to make speculative assumptions.

rolltide101x · 15 June 2023 15:12

Does not help when the person making the point is being biased.
(For instance you fail to mention that most Linux distros do not even use a firewall by default and that Linux distros do not tend to scan for threats like an antivirus on Windows does)

For instance as was linked by @zenzen children accidentally discovered a MAJOR loophole in a major linux distro. Something to this degree would not happen on Windows.

Linux code is not tested anywhere close to the same degree as Windows code and is not verified by independent sources to the same degree.

Anyway I am probably done with this thread as I am not a security expert. But I am not going to pretend there are not security loopholes in Linux code

Aravisian · 15 June 2023 15:18

Biases can be tested and weighed against merit. Having a bias is pretty normal for humans. It is for this reason that we employ The Scientific Method to step around our inherent biases.
It is very difficult to present and defend a case that is made by feelings.

These are speculative assumptions that you make without basis or merit. And the second assumption is simply wrong.
Flat out wrong.
Linux sources are tested much more heavily and regularly.
I already explained this in this post:

The Linux Package Management and Repositories mean all repository stored apps are tested.
Whereas on Windows, users can grab any .exe. from any unvetted source and that software could be hijacked and altered by any third party. This third actor can then distribute outside of secure repositories.

rolltide101x · 15 June 2023 15:24

If you can not accept that you made an extremely biased post on the matter I can’t help you. I have a degree in Computer Networking and still do not feel qualified to make a compelling argument on this matter. But you try to make a “factual” point with a clear agenda without mentioning a couple of points I made that are downsides for Linux.

None of us are truly capable of fully comprehending this. There are companies spending millions of dollars that do not even know everything.

Bourne · 15 June 2023 15:25

Operating system linux is secure, it is more useless depends what you installing on that operating system, like @Aravisian sayed third software can selling your privacy data on your pc. Besides all android phones and iphones do that, when you agree the license statement.

Aravisian · 15 June 2023 15:37

Provide an evidence based argument to support this claim. You did not refute my points in any way, nor address anything you might claim is a flaw in the logic. Instead, you resort to just attacking my character.

All computing security has exploitable downsides. All Of Them. It is just the nature of computing with a network and having a degree, you should understand this quite well.
The existence of possible exploits does not invalidate the post I made in any way whatsoever.
The post clarifies why Linux is inherently more secure. Not that Linux is perfectly secure. You shifted the goal posts by using a red herring as leverage.