LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-18-2009, 05:54 AM   #1
Dutch72
Member
 
Registered: Jun 2008
Location: Rotterdam
Distribution: Ubuntu
Posts: 31

Rep: Reputation: 17
Linux security: request opinions


Hi All,

I am switching from Windows to Linux /Ubuntu.
One main reason for this is security concerns.
This prompted me to think of the following:


1) Currently, Windows has approx 90% marketshare, Linux approx 1%
(The balance being Mac, mobiles and others.)

2) Currently, almost all viruses, spyware etc. target Windows.


Now, let's assume linux gets mainstream and achieves a marketshare of approx 40%. This would make it, based on potential number of victims, a much more attractive target for hackers.

Also: linux is now mainly used by computer-literates. Even the newbies on this forum (i.e. me) know the risk of installing software from unverified sources. As market share increases, the average literacy will decrease. Some users will gladly install a new Sudoku if it has nice flashy colors.

So, my questions:

Would linux security decrease with increasing market share?

Does Linux' architecture (repositories, user administration etc.) prevent security risks better than Windows (eg. Vista)?

Does the opensource model (source code freely available to everyone) help or prevent intentional hacking?

I am genuinely interested in your opinions.

Thanks
Dutch

PS, I do not want to start a "linux is better than windows - no it isn't" discussion. I am interested in "market share vs. security" opinions.
 
Old 03-18-2009, 06:36 AM   #2
bitpicker
Member
 
Registered: Jul 2003
Location: Germany
Distribution: Xubuntu, Ubuntu
Posts: 416
Blog Entries: 14

Rep: Reputation: 35
Would linux security decrease with increasing market share?

I suppose, yes, in a way. It is much harder to write a working virus for Linux (see below), I see the danger more in stupid users than in Linux becoming a more attractive target. I wrote my most recent blog entry about this, so I don't have to repeat myself here.

Does Linux' architecture (repositories, user administration etc.) prevent security risks better than Windows (eg. Vista)?

Definitely. Let's take the e-mail attachment approach: not only do you have to execute it, you have to make it executable before you can execute it. And you're still not running as root (I hope), so there's little it can achieve if you actually do that.

It's also a lot harder to infect a repository (and keep it infected for a longer time) than to just distribute infected software from somewhere else.

But there's nothing to guard against users working as root, downloading software from untrustworthy sources and generally being a nuisance. But at least we know that you have to be stupid to do that. Windows users do not necessarily have to be stupid to get infected, it just helps.

Furthermore, security leaks in browsers may affect Linux, too. For instance, there was this illicit Firefox extension which tried to pose as Greasemonkey, an extension which allows you to inject JavaScript of your own design into webpages. It was called something slightly different, like 'Greesemonkey' or so, and you downloaded it from some inofficial site. It would then wait for you to log into your bank account if that account was from a bank on a list the extension had, and would send your user data and password etc. to an e-mail address in Russia. I suppose that would have worked in Linux and OS X, too.

Does the opensource model (source code freely available to everyone) help or prevent intentional hacking?

I would say it helps preventing it. I couldn't tell virus code from valid code, but I hope others can.
 
Old 03-18-2009, 06:37 AM   #3
beachboy2
Senior Member
 
Registered: Jan 2007
Location: Wild West Wales, UK
Distribution: Linux Mint 18 MATE, Solus 3 MATE, antiX-17, MX-16
Posts: 2,161
Blog Entries: 9

Rep: Reputation: 773Reputation: 773Reputation: 773Reputation: 773Reputation: 773Reputation: 773Reputation: 773
Dutch72,

Brief answers:
1) Highly unlikely but obviously the crackers would pay more attention to Linux when it has a larger market share.
2) Yes
3) Helps prevent it

This link is 10 good reasons for you to justify a move to Linux on the grounds of improved security.
Mention it to your Windows-using friends.

http://news.bbc.co.uk/1/hi/technology/7946574.stm

Regardless of which operating system is used, the easiest way to get round computer security is to target the weakest link, i.e. the pc user, by various social engineering cons (e.g. spoof emails allegedly from your bank requesting password details, fake web pages etc).

Last edited by beachboy2; 03-18-2009 at 06:48 AM.
 
Old 03-18-2009, 06:42 AM   #4
bitpicker
Member
 
Registered: Jul 2003
Location: Germany
Distribution: Xubuntu, Ubuntu
Posts: 416
Blog Entries: 14

Rep: Reputation: 35
-Content made obsolete by changes to the previous message-

Robin

Last edited by bitpicker; 03-18-2009 at 06:46 AM.
 
Old 03-18-2009, 09:33 AM   #5
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 12,892
Blog Entries: 27

Rep: Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182
Hi,

Security is an issue with any OS, not just M$ or GNU/Linux. Loads of servers utilize a GNU/Linux in the world. Reasons are stability, security and open source.

There are means to secure the GNU/Linux box from attacks. This topic is widely covered so just google or LQ search, no sense in reinventing. Look at rootkits to begin with or even 'Chkrootkit' to get some information.

If wanting to setup filtering or checking for a M$ based system then just do some research. Loads have been introduced. Look at clamAV for one.
 
Old 03-18-2009, 11:20 AM   #6
akuthia
Member
 
Registered: Oct 2007
Location: triad, nc, usa
Distribution: Ubuntu
Posts: 232

Rep: Reputation: 29
just to add something about the open source model. Generally speaking, it is true that anyone can WRITE code for a project they are interested in, but in most cases, there are only a few admins of the project that can actually inject the new code into the rest of the program. So while someone could try to write something for an existing program in the repos, it would have to get past the maintainers or admins of the project before it could get into the repo in general.
 
Old 03-18-2009, 12:16 PM   #7
SlowCoder
Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Fedora (Desktop), CentOS (Server), Knoppix (Diags)
Posts: 934

Rep: Reputation: 38
I agree with what everyone here has said so far. Linux is, at its core, much more secure than Windows. But if you go to a Windows forum they'll probably tell you something like "if you secure it properly ..." The thing about that is, Windows is by default very insecure compared to Linux. So a non-techie would be better off securitywise with Linux.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ATI Mobility 3450. Request for Opinions? GazL Linux - Hardware 6 05-05-2009 07:02 AM
Security question, strange packet in apache request INFINYT9 Linux - Security 5 04-02-2004 11:43 AM
Request For Comments: E-mail security site chort Linux - Security 2 02-28-2004 05:43 PM
request for VL specific security info aus9 VectorLinux 1 12-11-2003 06:43 PM
Opinions on LINUX. lgabrees Linux - General 7 03-15-2003 01:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration