I was having a discussion with an acquaintance the other day about how Linux is superior to Windoze. We came upon the subject of malware and my acquaintance claimed that the amount of malware affecting each system is proportional to its number of users. Windoze has truck-loads of people using it, and therefore there are more viruses. Linux has few in comparison, and therefore there is a smaller amount of malware.

I think that may be part of why malware for Linux is rare but I believe there is much more to it than that. I gave my acquaintance a few more reasons:

- Ideology. Linux is free and open for everyone to use and modify. Most malware authors would probably get their jollies by targeting a large, multi-billion dollar corporation instead of a free community effort.

- Open source. Most software used on Linux platforms is open-source, and therefore any author who tried to sneak malicious code would be caught dead in the water.

- Package management. Rather than hunting around the insane internet for software, most Linux users utilize software repositories packaged and maintained by people dedicated to security.

Now I've started to think (dangerous, I know) and I'm curious about what other aspects there may be as to why Linux is mostly malware-free and secure.

Malware, on Windows machines, when executed by a user can pretty much do whatever it wants to the underlying operating system; this is because there really isn't much to prevent a user from doing anything her or she wants to.

Linux (and Unix) machines, on the other hand, do not permit users to do that sort of thing (you have to be the super user to cause much damage). Thus, it just isn't effective to write something that will turn a Linux/Unix system into a zombie simply because it really can't be done (unless the system administrator is really, really dumb -- contrasted with Windows which is "dumb" by default and you have to do a lot to un-dumb it).

There are also a number of things that prevent hacker/malware tricks-of-the-trade (like writing into kernel space to take over a machine which is so easy to do on a Windows box). The reason there's so much crap floating around for Windows (and no effective crap that I'm aware of for Linux/Unix) is that it's so easy to do; get a user to open an attachment and there you go.

Hope this helps some.

1 members found this post helpful.

I agree with you.

Because it is FLOSS, there are more eyes looking at the code and more chances of an exploit being found and reported. There's also more motivation to report an exploit rather than exploiting the exploit, you know. With proprietary software, why should anyone bother reporting an exploit rather than exploiting it instead ? With FLOSS you report the exploit because you want to use the program and for the program to be more secure. Ideology, like you mentioned, is also important.

Technically there have been recent cases of malware being snuck into FLOSS, but it was due to bad and insecure practices by the devs, they didn't even checksum anything much less use gpg. This may actually be the reason for the huge amount of malware on Window$, bad security practices on the part of everyone, the user, the developer, and others.

Window$ is just inherently insecure and badly designed, and it hasn't improved any, I don't think they even care to develop this aspect of window$, they only care about eye candy and making a profit. Did you know that you can download all versions of Window$ ever made on a single DVD ? I've seen it, and it's because it compresses easily, and this means they really haven't changed much at all, just the UI.

I don't even think Window$ and Linux can be and should be compared in these terms, they're just so different. I wouldn't even argue with people over this, they should just try Linux, and if they don't like it, just continue using Window$. That's my usual answer for arguments against Linux, I mean Linux is FLOSS, if you're too lazy to download it and try it, instead of arguing with me over technicalities, then go on and keep using Window$.

I think one reason is that Windows is standardized, the malware has a defined base to work on, whereas there are so many Linux distros that do the things in different ways. Even when you look only at one distro, there is not really a standard. My Debian installs are set up from a minimal install and then tailored to my needs and I think many people do it that way. The malware has no standard base to work on.

1 members found this post helpful.

That's basically what I ended up telling him. Virtually all popular distro's are absolutely free of charge and available on LiveCD, so there is no commitment outside of a few minutes to give things a go. My acquaintance decided to keep using his expensive malware-box. Stinks to be him, glad it's not me.

I'd argue against his comment of "each system is proportional to its number of users". That may've been true back in 1998, but this is 2010...lots of people have a basic understanding of what Linux is, even if they haven't used it.

I'd argue that the difference between the two in regards to malware impacting each is, Linux (*nix in general) has a better security model. Each normal user account is pretty much locked down, permission-wise. Even if a normal account were compromised, the compromise is somewhat isolated. Each account is a container. If a container is breached, it doesn't typically spill over into the main machine. (yeah, I'm using a lot of analogies here)

Each user is limited in privilege also (in *nix).

I'm not saying that Linux machines are rock solid, but the success of an attack is directly dependent upon how diligent the admin is, IMO. This is also true of MS OSs, though...so, there must be a mentality/perspective issue between the people who admin MS OSs and Linux distributions.

I'll not get into the codebase and developers. Purely from a usage model perspective, the security focus is quite different.

The usual argument against this is Apache. By far and away the most used webserver on the internet http://news.netcraft.com/archives/ca...server-survey/