LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-13-2018, 03:03 PM   #16
zeebra
Member
 
Registered: Dec 2011
Distribution: Mageia, Slackware
Posts: 820
Blog Entries: 7

Rep: Reputation: 201Reputation: 201Reputation: 201

Quote:
Originally Posted by YesItsMe View Post
It is not.
What is not what?
 
Old 11-13-2018, 03:55 PM   #17
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 & 7
Posts: 3,209

Rep: Reputation: 871Reputation: 871Reputation: 871Reputation: 871Reputation: 871Reputation: 871Reputation: 871
Quote:
Originally Posted by zeebra View Post
Well, most people don't simply use a Kernel. Your claim however is questionable. Just like my claim to say GNU userland is more secure than Windows userland.

According to this list, the Linux kernel was #2 on the list after Android for 2017. This isn't surprising since Windows had a major push to eliminate vulnerabilities and has fallen behind on innovation while the Linux kernel is adding a huge amount of new code every year.

https://www.cvedetails.com/top-50-pr....php?year=2017
 
1 members found this post helpful.
Old 11-13-2018, 06:01 PM   #18
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Gentoo
Posts: 560

Rep: Reputation: 210Reputation: 210Reputation: 210
The GNU userland is not more secure than the Windows userland.
 
Old 11-13-2018, 08:05 PM   #19
zeebra
Member
 
Registered: Dec 2011
Distribution: Mageia, Slackware
Posts: 820
Blog Entries: 7

Rep: Reputation: 201Reputation: 201Reputation: 201
Quote:
Originally Posted by YesItsMe View Post
The GNU userland is not more secure than the Windows userland.
So, you have any reasoning behind this claim or the other claim? Other than just saying it's like that?
 
Old 11-14-2018, 06:08 AM   #20
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,043

Rep: Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332
Let me strike well past everyone's opinion (including my own) to address the real point.

If you search for instances of ransomware, many only involve Windows machines. The ones that involve Linux machines involved SAMBA mounted storage (shares). There are no instances that I have been able to find that involve only Linux servers and clients. Not one.

It may be that my search was not broad enough and I missed some cases, or flawed in other ways. It may be that the shops with impact that ran Linux, as do many who run Windows, kept the impact secret. Or, it may be that Linux has not been targeted by this kind of attack. Yet. But it is more than a bit suggestive.
 
2 members found this post helpful.
Old 11-14-2018, 07:29 AM   #21
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Gentoo
Posts: 560

Rep: Reputation: 210Reputation: 210Reputation: 210
Quote:
Originally Posted by zeebra View Post
So, you have any reasoning behind this claim or the other claim?
The number of security holes in GNU tools fixed every time there is an update.
 
Old 11-14-2018, 07:33 AM   #22
zeebra
Member
 
Registered: Dec 2011
Distribution: Mageia, Slackware
Posts: 820
Blog Entries: 7

Rep: Reputation: 201Reputation: 201Reputation: 201
Well, GNU/Linux is definitely not impenetrable, but unlike Windows it was actually build to be an OS and purpose built for that. Windows is (or at least was) a patchwork of random code, heaped together into a single OS.

Then there is ofcourse the factor that the Linux Kernel is open source and the Windows Kernel is not. What "yesitsme" surely refer to is "known vulnerabilities", which is ofcourse much easier to find when you can actually inspect the code. The Windows Kernel for sure has alot more vulnerabilities than those that are known, but far fewer people ever inspect that code.

So even if the numbers on that website is correct, the logic behind it is somewhat flawed when drawing conclusions like "yesitsme" did.
 
2 members found this post helpful.
Old 11-14-2018, 07:36 AM   #23
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Gentoo
Posts: 560

Rep: Reputation: 210Reputation: 210Reputation: 210
Quote:
Originally Posted by zeebra View Post
Windows is (or at least was) a patchwork of random code, heaped together into a single OS.
Made by the same people, while Linux distributions usually just smash together a huge heap of "somewhat maintained" applications and let the users figure out how they are supposed to work together. I mean, even within the GNU project, they just can't make everything work as if it was "a single OS". Still waiting for Guile Emacs ("GNU Guile is the preferred extension system for the GNU Project").

Quote:
Originally Posted by zeebra View Post
The Windows Kernel for sure has alot more vulnerabilities than those that are known
So does the Linux kernel.
 
Old 11-14-2018, 09:12 AM   #24
zeebra
Member
 
Registered: Dec 2011
Distribution: Mageia, Slackware
Posts: 820
Blog Entries: 7

Rep: Reputation: 201Reputation: 201Reputation: 201
What can I say? You live in Seattle or something?

Windows is not really an OS, it is a desktop environment built upon a framework that you have no access to. So in that regard I have do disagree with you and say that in MY experience GNU/Linux works excellent as a single customizable OS (distribution) and each of the parts in it usually function as you expect. Things make sense and are logical as well, which makes me think the whole construction is just built in a way which is more secure than Windows by their very nature.

I am by no means an expert, but these are my impression after decades of using DOS, Windows and GNU/Linux and trying other things as well (BSD, MAC OSX, OS9).

Anyways, Windows definetely does not provide an OS, it only provides a single desktop environment where you can do some of the same things that you can in an operating system. Imagine if your GNU/Linux experience was ONLY KDE and nothing else, no terminal, no tools, no functions etc, just KDE and some API's. That would be equally horrible and could not really be called an OS.. And I say that as a big fan of KDE.

Do I think GNU/Linux is perfect? No way! I often think of how a perfect OS should be built, and in most of these conceptual thoughts, major changes from how Linux and GNU currently needs would be needed, and the OS would be built in an entirely different way. That however does not prevent most my thoughts revolving around the concepts I know from Linux and GNU, simply because many of those concepts are excellent. I can't think of a single concept I'd want to bring into a "perfect OS" from Windows.

I don't even think GNU/Linux is the best OS available, I think that title has to go to one of the variants of (proper) BSD. However, BSD simply isn't as available on hardware you need as Linux is. From a user perspective, it is not really friendly to handle.. Yeah, I see the irony in that statement too.
 
1 members found this post helpful.
Old 11-14-2018, 09:40 AM   #25
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Gentoo
Posts: 560

Rep: Reputation: 210Reputation: 210Reputation: 210
Windows has always officially allowed to choose a different desktop environment than the one shipped with Windows. Please don't tell lies, people might believe you.

And don't misunderstand me on what I think about GNU. I think the GNU project is mostly a good thing, although its purpose (a free replacement for Unix) is anachronistic since 4.3BSD-Net/1 which was released in 1989. I occasionally use Emacs and I find the Hurd technically well planned. But "GNU/Linux" is not really a good example of a "single OS" because all of its parts are mostly incompatible with each other. Just because a software runs on Linux, it does not necessarily fit in. Have you ever used KDE applications on a GNOME system?

Sadly, macOS did that even better than Windows - except that it won't allow you to use a different desktop.

Last edited by YesItsMe; 11-14-2018 at 09:43 AM.
 
Old 11-14-2018, 09:40 AM   #26
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Gentoo
Posts: 560

Rep: Reputation: 210Reputation: 210Reputation: 210
edit: accidental double-post

Last edited by YesItsMe; 11-14-2018 at 09:43 AM.
 
Old 11-14-2018, 10:18 AM   #27
cynwulf
Senior Member
 
Registered: Apr 2005
Location: /dev/planet2
Distribution: OpenBSD
Posts: 2,335
Blog Entries: 6

Rep: Reputation: 1638Reputation: 1638Reputation: 1638Reputation: 1638Reputation: 1638Reputation: 1638Reputation: 1638Reputation: 1638Reputation: 1638Reputation: 1638Reputation: 1638
Windows 7 : 17 exploits since 2009

https://www.cvedetails.com/product/1...Windows-7.html

Linux : 29 exploits since 2009

https://www.cvedetails.com/product/4...ux-Kernel.html

Since 2009, 984 vulnerabilities found in Windows 7, 1651 in the Linux kernel.

And of course Windows is a complete OS, rather than just a kernel... so the "winner" here is very much open to debate.

Of course there are different issues here, which should not be conflated, but in terms of "security", it does seem that Windows has some advantages (some of which were detailed earlier in the Windows vs Linux thread).

The element which adds to the confusion is malware. Of course there is a massive plethora of malware specifically for MS Windows, as it's by far the biggest (and best) target for this. But most malware "infections" are really down to the end user not following best practices - i.e. if the end user executes malicious code with root privileges the same bad things tend to happen on any OS.

There are big cultural differences, in terms of where software is sourced from and how it is installed.

In your typical Linux distribution it's almost always from that distribution's repositories. This generally means trusted sources, signed packages, etc. Which does not simply equate to "increased security" as you've immediately and very drastically reduced exposure.

With Windows if it's not a licenced MS application or similar from a reputable vendor, it's often some crap downloaded from far less reputable sources, or legitimate software being hosted at some less then reputable file upload site. There is also far more of said crap available for Windows than there is for Linux.

Last edited by cynwulf; 11-14-2018 at 10:52 AM.
 
2 members found this post helpful.
Old 11-14-2018, 11:11 AM   #28
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,385
Blog Entries: 9

Rep: Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893
For what it's worth, I think that there are also big differences in the psychology of Windows and Linux users, and these also tend to make Windows less secure. Cynwulf mentions the stupidity of going online as root. To Linux users, even newbies, the difference between being root and being an unprivileged user are usually obvious. It's drilled into you when you install your first distro. In Windows, on the other hand, everyone was root originally. I understand that's no longer the case and modern Windows releases have a separate administrative user. But I have heard that many long-time Windows users work as the administrative user all the time because they have become accustomed to having that degree of authority.

Also Windows users have much less knowledge about their system than Linux users. That's partly because a lot of the internals are commercial secrets, but it has also historically been encouraged because of the greater potential a permanently privileged user has to cause harm. I remember that when I used to use Windows, you were discouraged from exploring the system outside the licenced playpen of My Documents. There were big splash screens warning you off. I don't know if that is still the case, but I do know that an even greater degree of abstraction has come in with the so-called "libraries", a kind of pseudo filesystem that overlays the actual one so that you have no idea where any file actually is.

I think it's significant that the two best-known series of computer guides are called "*** for Dummies" and "Idiot's Guide to ***". They are often excellent books, and the authors don't treat their readers as dummies or idiots, but they are obviously addressed to people who have been systematically trained to think of themselves in that way. Now how can people with that kind of training be expected to behave sensibly when it comes to security?
 
1 members found this post helpful.
Old 11-14-2018, 11:18 AM   #29
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Gentoo
Posts: 560

Rep: Reputation: 210Reputation: 210Reputation: 210
I disagree with the assumption that Linux users automatically know more about their system. In fact, there is a reason why some distributions - like Ubuntu - are recommended to those who are afraid of the terminal.
 
Old 11-14-2018, 11:37 AM   #30
RickDeckard
Member
 
Registered: Jan 2014
Location: Acworth, Georgia, USA
Distribution: Arch Hardened, Ubuntu 18.04, Fedora 30
Posts: 160

Rep: Reputation: Disabled
It depends on what you mean by secure to some extent:

Do you mean "meets Trusted OS development guidelines"? Sure. So does Windows 10.

Do you mean "well hardened out-of-the-box"? Every distribution is configured differently on install so there really is no single goal post after which a Linux OS becomes "well hardened." That's a process the user is going to have to constantly be on top of with auditing (SUID,etc) and application of good guidelines (least privilege, least functionality,etc.)

Do you mean "protected from any possible attack now or ever"? No system is. In the words of someone who I believe is a great man: The only secure system is powered off, buried in an underground bunker crawling with armed guards and laser alarms, it's rigged to destroy the entire complex in an underground nuclear explosion when someone opens the case without authorization, and even then it's still not completely secure.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I Am Now the Product... Enough is Enough IntrepidExplorer Linux - Distributions 26 07-24-2017 08:42 PM
LXer: Enough is Enough. Higher Education...? Wake Up LXer Syndicated Linux News 0 01-17-2009 06:00 PM
New case causes concern (enough ventilation? grounded well enough?) wilsonsamm Linux - Hardware 1 06-11-2006 11:11 AM
enough is enough... >:( b0uncer Linux - Security 4 05-20-2004 01:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration