Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It was pretty much all knee-jerk reaction and missing the point.
The one "knee jerk" in this thread was posted by you.
Quote:
Originally Posted by 273
To claim that malware is not generally targeted at Windows PCs because most malware authors and most intended targets of that malware are running Windows is to completely ignore all facts.
I made no such claim, I simply challenged your classic 'windows is the larger target' claim, because I feel that it's an oversimplification. (I managed to do so without dismissing your post as a load of rubbish. I took the time to construct a response and treated your post as worth replying to.)
Quote:
Originally Posted by 273
I replied that the same is true of Windows and there are likely more peole reporting Windows problems which would surely make Windows more secure if problem reporting makes an OS more secure? Explain how one does not follow logically from the other, please?
Except windows does not have more people reporting problems. Free software does, it has mostly public bug tracking and not only upstream but developers of other software and distributions and the multitudes of users are also reporting bugs and coming up with their own patches. MS users for most part just suck it up and reinstall or rely on expensive and bloated and anti malware to police them and their system.
If you examine your statement it doesn't actually make sense:
"In fact, it could be argued that one of the reasons there is more Windows Malware is that there are more people targeting it."
If there are more people targeting it, then there must be more malware. But why are they targeting it in the first place? Of course one factor is that it's the most popular OS, but that's not the one and only factor. Windows has historically made it easy for malware. The system was never shipped locked down, possibly out of fear of scaring the target consumer, and even windows XP which was a much more robust system (NT) than windows 9x was still being shipped to home users in the windows 98 style configuration (one user with admin rights, no password, no firewall (until service pack 1 as I recall), tons of unnecessary and proven vulnerable daemons running by default, etc, etc, etc). Basically in this state just from one execution malware can silently write to the registry and root file system, install services / startup binaries and the typical end user would remain clueless. It was a target not solely because of it's popularity but because it was an open and easy target, things seem to be improving, but they still have a way to go.
Distribution: Ubuntu, mainly. Too much stuff works out of the box O.o
Posts: 71
Rep:
Quote:
Originally Posted by cynwulf
If there are more people targeting it, then there must be more malware. But why are they targeting it in the first place? Of course one factor is that it's the most popular OS, but that's not the one and only factor. Windows has historically made it easy for malware. The system was never shipped locked down, possibly out of fear of scaring the target consumer, and even windows XP which was a much more robust system (NT) than windows 9x was still being shipped to home users in the windows 98 style configuration (one user with admin rights, no password, no firewall (until service pack 1 as I recall), tons of unnecessary and proven vulnerable daemons running by default, etc, etc, etc). Basically in this state just from one execution malware can silently write to the registry and root file system, install services / startup binaries and the typical end user would remain clueless. It was a target not solely because of it's popularity but because it was an open and easy target, things seem to be improving, but they still have a way to go.
How insecure windows was 20 years ago is kind of irrelevant.
As for the bolded part, it really kinda is the one and only factor - the fact that like 85%+ of the world uses it...that's really the only reason. If it was always historically that Linux distributions had that market share you'd see no viruses for Windows, regardless of how insecure it may have been 20 years ago.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by cynwulf
The one "knee jerk" in this thread was posted by you.
I labeled your post as knee-jerk because you replied to my discussion of another poster's points, in which I pointed out the non-controversial point that install base may lead to more malware and more reported malware for Windows, with a post addressed as if it were to a Windows-only user who "deosn't get it".
I am aware that the base of Linux and Unix have historically meant they are more secure by design than Windows but that is largely irrelevant to my reply especially given the post I was replying to.
When you expend your reasoning in subsequent posts I don't think you'll find we disagree in any way that is particularly significant. I just found your post was a distraction to the point I was trying to make to Pan64 that it is not only Linux users who monitor their systems closely so that may not be a point in its favour and, given other factors, could be more to Windows' favour. I was hoping Pan64 would reply with more detail as I think it's an interesting idea to explore.
How insecure windows was 20 years ago is kind of irrelevant.
I was not talking about windows "20 years ago" (1994). That was back in the days of MSDOS and 16 bit windows...
Quote:
Originally Posted by Syndacate
As for the bolded part, it really kinda is the one and only factor - the fact that like 85%+ of the world uses it...that's really the only reason. If it was always historically that Linux distributions had that market share you'd see no viruses for Windows, regardless of how insecure it may have been 20 years ago.
If you actually believe that, then there's no real point in debating this further.
Quote:
Originally Posted by 273
I labeled your post as knee-jerk because you replied to my discussion of another poster's points, in which I pointed out the non-controversial point that install base may lead to more malware and more reported malware for Windows, with a post addressed as if it were to a Windows-only user who "deosn't get it".
Your post came across as being from someone who "doesn't get it". I don't use *nix systems because they're obscure and thus not a target, I use them because they're proven to be more secure - once again what exactly do you think is running on most of the world's servers...?
Quote:
Originally Posted by 273
I am aware that the base of Linux and Unix have historically meant they are more secure by design than Windows but that is largely irrelevant to my reply especially given the post I was replying to.
I don't see how it's irrelevant. You posted something I found to be a glossed over generalisation and I responded.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by cynwulf
Your post came across as being from someone who "doesn't get it". I don't use *nix systems because they're obscure and thus not a target, I use them because they're proven to be more secure - once again what exactly do you think is running on most of the world's servers...?
Servers run by admins who know their stuff and servers which are, generally, in server farms and very, very well secured. Windows runs on more PCs than anything else and that's why the criminals attack it and the casual virus writers used to also, though the latter did it for fun.
Talk of "the biggest server market share" is completely forgetting that any criminal will go after easy pickings. How many kids do you think know how to hot-wire a Ferrari? Ferraris may, or may not, be harder to steal but when it comes down to it the kids don't see them -- the same goes for Linux.
Again, I can't believe I'm having this conversation with people who know about these things. I think it reflects very badly upon Linux that whenever things like the fact market share may affect targeting of malware people get defensive.
To go back to my original points:
It is not enough to say that "I only compile from source because that is safer!" unless you actually read, analyse and understand the source.
It is not enough to say that "I analyse all the coming and going of my Linux system therefore Linus is safer" unless nobody does the same for Windows.
I'm apologise, I fear I am not making myself clear.
Last edited by 273; 06-20-2014 at 04:53 PM.
Reason: Typo'
Again, I can't believe I'm having this conversation with people who know about these things.
I'm of much the same mind. It boggles the mind that you actually think that *nix systems are by nature no more secure than windows - and that it's simply all about market share...
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by cynwulf
I'm of much the same mind. It boggles the mind that you actually think that *nix systems are by nature no more secure than windows - and that it's simply all about market share...
I think I'm done here.
Not what I was saying at all. Why so defensive?
Did you read my last two paragraphs which explained my earlier posts?
How about some actual dialogue about what makes systems trustworthy or secure rather than recycled platitudes?
Distribution: Ubuntu, mainly. Too much stuff works out of the box O.o
Posts: 71
Rep:
Quote:
Originally Posted by cynwulf
I'm of much the same mind. It boggles the mind that you actually think that *nix systems are by nature no more secure than windows - and that it's simply all about market share...
I think I'm done here.
You're right in that *nix systems by design nature are more secure..but is simply all about marketshare.. A targeted attack may not be, since it's targeted, but 273 summed it up best with the Ferrari example.
Security isn't really the problem, though, since the vast majority of malware has some "victim" interaction (be it social or via computer). The problem is where people source software from. Trusted sites really aren't a problem for the most part, closed or open, though with open source you have the peace of mind that you can verify it...but most people don't. If you start running binaries obtained off some sketchy website it doesn't matter much which system is more secure, the malware will be installed because the user allowed it to be.
How insecure windows was 20 years ago is kind of irrelevant.
It's not that irrelevant. There are still computers with their original OS functioning 10+ years later. The FCC comment system is 17 years old. ATMs running XP. In the early days of linux it was a badge of honor to say that your system had been up (and no kernel updates) for hundreds of days.
I don't really trust anything. But there are things I'm not yet able to change. At least with the sources you can audit things and change things. Compiling is probably safer than trusting binary packages, but that assumes some degree of trust about the compiler.
Distribution: Ubuntu, mainly. Too much stuff works out of the box O.o
Posts: 71
Rep:
Quote:
Originally Posted by Shadow_7
It's not that irrelevant. There are still computers with their original OS functioning 10+ years later. The FCC comment system is 17 years old. ATMs running XP. In the early days of linux it was a badge of honor to say that your system had been up (and no kernel updates) for hundreds of days.
I don't really trust anything. But there are things I'm not yet able to change. At least with the sources you can audit things and change things. Compiling is probably safer than trusting binary packages, but that assumes some degree of trust about the compiler.
Well yes, but that's extremely unlikely that the compiler will put in a back door. It assumes that because you CAN analyze the source that you WILL, and that's a bad assumption (ie. TrueCrypt). That being said, because the source is available, it makes malicious features much more unlikely, I do agree there.
What I mean by it being irrelevant is not that there's no systems running old software, but rather you can't use it as a metric for "standard security" when the majority of systems are running up-to-date server software. Finding a vulnerability with the latest/most relevant software I feel is much more important over finding one in old, outdated software. Software development is a continuous development process, so the vast majority of times software will get better given time.
You're right in that *nix systems by design nature are more secure..but is simply all about marketshare..
Almost nothing in world is due to only one factor. Claiming that the targets for malware attacks are chosen only on the basis of market share and directed at only the company with the largest share* is, I shall be diplomatic with my words, very naive.
*In case it misses the notice of anyone, Microsoft is not the only large software company. In fact, the last I read, Apple is making more money than Microsoft.
For some reason you also view home and office systems as the only targets. Since most of the world's servers use Linux and BSD systems, why would they not be a preferred target? Internet traffic has increased dramatically and become somewhat important. Thus:
Quote:
Security isn't really the problem, though, since the vast majority of malware has some "victim" interaction (be it social or via computer).
And how do those victims encounter said malware? On the internet perhaps? I do not want to bash Windows here, but with viruses and other so-called malware infesting websites, a system as vulnerable to security threats as Windows is will have proportionately more "victims" than other systems.
Last edited by Randicus Draco Albus; 06-20-2014 at 10:45 PM.
Not defensive at all. I've already quoted the one overly defensive post in this thread - and it wasn't one of mine.
Quote:
Originally Posted by 273
Did you read my last two paragraphs which explained my earlier posts?
Did you read or understand anything I posted? It appears not.
Quote:
Originally Posted by 273
How about some actual dialogue about what makes systems trustworthy or secure rather than recycled platitudes?
That's what is being attempted, though if you really want to know why *nix systems are more secure than windows, you'd better do some reading...
Quote:
Originally Posted by Syndacate
You're right in that *nix systems by design nature are more secure..but is simply all about marketshare..
Do you not see how nonsensical this statement is?
Quote:
Originally Posted by Syndacate
Security isn't really the problem, though, since the vast majority of malware has some "victim" interaction (be it social or via computer). The problem is where people source software from.
Security isn't the problem? "Security" is what we have, along with good system administration practices, to prevent malware taking over a system. I touched on where people source software from already - as one of the main flaws of windws.
Quote:
Originally Posted by Syndacate
Trusted sites really aren't a problem for the most part, closed or open, though with open source you have the peace of mind that you can verify it...but most people don't. If you start running binaries obtained off some sketchy website it doesn't matter much which system is more secure, the malware will be installed because the user allowed it to be.
You miss the point entirely. Of course almost no end users look through the source of every, or indeed any, program they install. GNU/Linux being open source is a big factor in it being more secure, but the source being open to end users to look at before deciding to install software is not an issue.
Comparing a multi user UNIX - like operating system like OpenBSD, NetBSD, Debian, RHEL all based on open source code which has been tried, tested and audited over 40+ years to an OS like windows (closed source, small team, proven record of major security flaws, holes) in terms of security is pointless. I won't do the research for you, do some reading... or not - up to you.
...What I mean by it being irrelevant is not that there's no systems running old software, but rather you can't use it as a metric for "standard security" when the majority of systems are running up-to-date server software. Finding a vulnerability with the latest/most relevant software I feel is much more important over finding one in old, outdated software. Software development is a continuous development process, so the vast majority of times software will get better given time.
I would call that optimistic. But I guess it depends on what you call a server. My ddwrt routers at home run a version of the firmware that is over a year old and is not the latest by any stretch. The lastest version of the firmware does run and doesn't brick the device, but I lose hardware support (wireless) on them, so that's not going to happen.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I can't believe that the same old claptrap about Linux running on so many servers so that means it has a higher market share than Microsoft thus proving that malware is not targeted by market share is being trotted out. Really, I expected better.
If you don't understand the difference between cheap, mass-produced malware requiring user interaction and targeted server attacks then I suggest you think about it a little.
I now know why so many people dismiss Linux when the advocates try to deny the most simple premise to try to venerate their most trusted operating system.
By the way, Shadow_7, I'd google around a bit as a lot of older router firmware has been found to be vulnerable. I'm sure that's just because it is a badly written operating system though and not because it has been a round a while.
Similarly I'm sure that the malware in the Android store is only because Linux is a rubbish insecure operating system by design and not because Android is increasingly popular.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.