Why has there not been a massive shift from windows to a hardened version of linux. Installing malware should be much harder than it is. (Depending on how hackers were able to change SolarWinds source code, what follows would not address that particular cluster futz).

I had a computer many years ago where the hard disk had a jumper setting to make it read-only. It would be easy to physically alter a computer system to have hard disks connected to physical switches that made disks read-only.

In Linux/unix, everything in /usr is designed so it can operate normally as read-only. The reason there is a /usr is originally disks where not big enough to hold everything needed so /usr stored the less critical OS stuff. In today's environment, everything in directories /bin, /lib could be moved to /usr/bin, /usr/lib. The directory /etc was originally desinged to be for just configuration files but now is a mixture of things including somethings that a really just executables. The excutables could be moved to a /usr/etc.

For true config files, Linux could be easily modified so configuruation files that either are writable or are essentially "executable" shell scripts could automatically run SUID to some unpriviledged user (so if ever executed, they cannot alter "root" files).

That is the basic idea, all system files that execute could be on a read-only disk. What would remain could be in /var and be unexecutable as root. That goes a long way to prevent malware from being installed at a minimal cost. When updates or new software needs to be install, one must flip a switch on the computer to make the /usr hard drive writable. No big deal.

I would guess doing that kind of thing given the design of Windows would require a major rewrite. Making any needed modifications to Linux would be pretty straightforward, if it has not already been done. Given the cost of malware, why hasn't it? Why are not all these critical systems moving quickly from Windows to Linux?

Even if such a groundswell movement towards using "hardened" Linux did occur, the main limitation is the proprietary Windows-only applications that industry and commerce currently rely on. This won't stop malicious actors undermining/infiltrating servers and public networks though.

The broad, simplistic answer? Corruption.
Follow the money.
Almost three decades ago I knew one of the IT people at a major communications company. They, the senior managment, had decided to switch from Unix to windows. The people who were actually doing the work, did their research and presented management with a detailed report of how much more it was going to cost, how much more maintainance would be involved and, therefore, increased cost, lower reliability, etc. Management made the switch anyway. Someone, somewhere, had to be moving money into a offshore "college fund" for some executive's kids.

Especially when the malicious actors infiltrate and undermine the government adminstration at many levels. M$ admits to only around $10 million in lobbying, there is even more informally. Between resellers embedded and posing as "IT" within the government and congress members throwing $2.4 billion in handouts and Bill himself having personal access to the current president and president elect, it is very difficult to call out these malicious actors.

If it were a technical matter, it would have been over and done with 20 years ago.

However, if there is a regime change coming up, that would be the time to press the matter again.

Chicken or egg? Why do people write apps for windows, because most system are windows. Why are most systems windows, because the apps are written for windows. As usage switches to Linux, so will the apps.

One does not really inffiltrate a network, they inflitrate a system on a network (server or otherwise). And how does one inflitrate a system, by brwaking ts security. Which brings us back to the original issue. (Use of linux in servers and other network devices is much higher than in other areas. I do not know of any router that is Windows based as opposed to linux based.)

There's the answer. And why does government and public institutions pay for an operating system that OTHERS maintain, when they can have a perfectly good free operating system, and learn to maintain it ourselves, which also is educational. Public institutions could make whatever software they wanted with the money they saved, and it could be shared between public institutions.. It would be cheaper, more educational, people would have more knowledge, and much more software would be available for way less cost of the taxpayers.

The correct answer is above.

And now they want to move you into the fog, woops, sorry, "cloud" I mean, to supposedly make things better. (better means less work for them, and more profits for them).

Anyways, a bit more on topic. Even if they switched, it would not secure the systems, it would just make them more secure. There is no such thing as a fully secure system. "There is always a way in" is the slogan, which is true. But making it as difficult as possible should obviously be a goal, and considering the mass of deployment and how best to manage that, migrating away from Windows is quite obvious.

The idea of a system run and controlled by the people and their institutions, where education is a natural part of that system is something I think makes both Microsoft and the government shite their pants about.

1 members found this post helpful.

In a simplistic, ideal world perhaps. However, as others have said follow the money. Big business works with big business. There is huge inertia with using Windows in the corporate world. Enterprise Linux distros do have a significant role in server space of course. I think you’re looking for a simple answer to a seemingly simple question. There are lots of factors at play here.

It was a generalised answer, but I can assure you as a Network Engineer working for a comms company that there are many attack vectors possible with many different methods (exploits) used by bad actors for a range of malicious intentions.

The OS is just one layer if you are talking about web apps. In the case of web apps, it’s all about the web server software configuration and the software itself. I hack web apps for a living and rarely am able to get a web shell that gives me OS access. Not because of ability, but because of good configurations. Sometimes it’s possible but for me the easy hacks are with the web application itself.

Not saying hardening an OS is bad, hardening the OS is just one part of the security layer.

I do think that there is a sociological and historical factor.

When desktop computing began to replace thin client computing in the Enterprise, Linux was in its infancy (date of birth: 1993) and Apple and Microsoft were home computing. Apple has never been particularly interested in the enterprise, but Microsoft was; that's what led to Windows NT.

Many of the persons now senior in government and industry grew up in homes using Windows PCs. They would have been conditioned to look towards Windows first because it was what they knew. Now, of course, Windows software and enterprise providers are big business, but they weren't in the late 1980s and 1990s when this transformation took place. That generation moved their companies to Windows because it was what they knew and now they are sticking with Windows because it's what they know.

Never underestimate the power of inertia as a force in organizational behavior.

1 members found this post helpful.

Fifty years ago IBM had a computer monopoly and big business had a huge inertial bias toward buying IBM equipment and software. Gradually a host of small start up companies produced a continuous stream of cheaper, faster, and smaller computers. IBM still charged their customers the old monopoly prices depending on the high cost of software conversion and IBM's participation in their customer's internal bureaucratic politics to hold their customer's loyalty, This went on until you could buy non-IBM hardware for about 10% of the cost of IBM hardware. The synthesis that came out of this situation was that companies wrote new applications for modern cheap hardware and the old expensive IBM hardware was no longer expanded and sometimes junked when an old application became obsolete. Today the remaining IBM hardware is a small percentage of the computer industry.

So I predict that the same process will happen to Microsoft. Any innovations to Microsoft products are designed to block competing products, force periodic upgrades, and increase Microsoft's monopoly price. The fact that customers might want the products that Microsoft is blocking will not enter into Microsoft's thinking. So the customers will start using new applications on non-Windows machines until Microsoft loses control of the market and collapses as the IBM monopoly collapsed in 1993-1994. The remnants of IBM are still shrinking.

Oliver Wendell Holmes was an American Supreme Court Justice. He wrote a poem describing the collapse of the Puritan religion. I think that this poem is an excellent analogy for what happened to IBM and foretells the future of Microsoft.

"The Wonderful One-Hoss Shay"
by Oliver Wendell Holmes, Sr

https://www.gutenberg.org/files/4528...-h/45280-h.htm

----------------------------
Steve Stites

I largely agree with this.

Very true.

A few things.

Agreed, which was y original premise. We can just make it more difficult and close SOME doors.

I would hope most of the "critical" systems are not running indiscriminate web apps. But all that stuff is running above the OS layer and a properly designed OS should control unauthorized access to all files for everything running above it. Now if the system is designed to allow web apps to read or write acces to critical data, then the overal security design has major flaws.

Yes but versions of unix were available way before that. While the code for Linux differs, if really is just a variant of Unix, which was available for PC use with the advent of the IBM AT (1984).

YES! But I have been saying that for years. I remain amazed it has not happened yet. Also look at what happened to Sears. They dominated the buy from home market. Their catalog was the shopping Bible. As the internet was born, they did not understand it and abandoned their remote shopping business instead of morphing the delivery mechanism from being catalog based to being internet based. Sears collapsed, giving rise to Amazon. They collapsed because of the "inertia" in their thinking that has been mentioned earlier. Which get back to my initial question. I would think the frequency and severity of hacking attacks would "rattle" that "inertia" and wake up some execs. HEY EXECS. WAKE UP!

There might be inherent insecurities in some software, but ultimately every OS/network is only as secure as the people using it/setting it up.

I'm sure this has already been said in this thread, one way or another, but it can't hurt to say it again.

Also, I think "hardened" Linux is being used quite a lot already, globally (not sure what "our country" is supposed to mean?).

Had the same thought...assumption is the US, but the OP should have specified the country. I’d certainly like to see more/better security from some French providers.
Another thought I had was that “hardening” an OS is a constant battle...