Something I've been hearing around recently about Linux that it is "less prone to viruses than Windows", while that many be true, it has been becoming less and less true by the day. So some back-story about Windows and Linux security issues. Many initial designs of Windows have caused the security issues we see today. Windows was not designed to be multi-user friendly, and that said their file-permission system is very limited unlike Linux (see: Explanation of Linux File Permissions). This is usually the strongest point when it comes to comparing security issues with Windows and Linux.
How prone a computer is to be "hacked" is very dependent on the user's intelligence and the safety precautions the operating system takes to ensure the user knows what they are doing. Linux does a good job with this however nowadays, with more "noobs" who will download any RPM or add any PPA mentioned on forums or a tutorial, viruses for Linux systems will start popping up and more and more users will be effected by them.
If we take a look at Apache Bigtop, it first downloads puppet3, then it runs sudo puppet, downloading whatever NSA back-doors it decides to download, and after all that you just need to hope the gradle build doesn't throw a useless 300 line back-trace. The Scala package is a joke, it downloads the package file for your operating system without checking for any signatures nor SSL certificates and for what it's worth it doesn't even install correctly, it just extracts it to your root directory.
Nowadays, users are downloading unsigned packages which they have no idea what they actually do and are at the mercy of the distributor to not add a backdoor or any other malicious code in the package. Even if you wanted to compile the project, it may be the most annoying thing you'll ever had to deal with. Most projects don't compile with the traditional make command and each one has it's tool of the day making it an unbelievable pain to work with; making users neglect compiling the project themselves and download these unsigned binaries which I've been ranting about. This is not how free software was meant to be, and I think we should consider the current state we are in and start doing something about it.
Whilst I totally agree with your post, the title is simply not true. Linux (the technical backend) is just as good as it was 5/10/20 years ago (well, actually a lot better, but you know what I mean). Linux is neither a problem nor the reason for this sad state.
The problem is simply that (as you mentioned) there are more people who disrespect (i.e. don't give a fuck) about security precautions. You mentioned a few packages, but my favorite example is still the Raspberry Pi community (or let's say the quiet part of it). So many Ports 22 with Password 'raspberry' Tons of config files which were simply copy and pasted from the Internet, without even reading them.
As always with computers: the problem is sitting about half a meter in front of the screen.
If your main concern is that you want people to understand that they gotta take better care of where they get their programs and apps from, then you worried over something very small.
My main concern is for people to get it through their heads that clicking on random political adds and going to random porn sites is a bad idea.
I understand your point, and I will agree that more should be done on linux and it's security. But if you compare those security problems to the ones windows has,.............well it is not even a fair fight.
My title was slightly misleading - while it may not be Linux itself which is the problem (or is in the sad state which I mention), it is the community and software created for Linux.
Linux is linux, it's much more than a commercial software console like MS-Windows, there is no comparison possible.
If Linux is used in lieu of MS-Windows for users prone to user error, don't give them admin/root rights, and they will never ever have an infection of malware on their computer that can actually do any harm, it's as simple as that. It's a feature of linux that users can be much better protected against themselves. Any PC with Windows preinstalled, or any MS-Windows install in the consumer level, offers absolutely no protection to users that are too uninformed to know what the popup "run as admininistrator" in Windows means, and then there is the fact that this feature in Windows is pretty much a joke, because just about any malware can elevate privileges, as there is no solid MAC or RBAC at all. Most modern GNU/Linux distros, and even most modern non-GNU/Linux distros, have elaborate MAC's, even Andoid.
Yep good old PIC issue. Look at servers how often does a server get a virus....virtually never unless a user does something incorrectly.
So many computer problems are with maybe not dumb people but ill informed or miss guided people. Sure you can pin point issues with anything take cars for example... how many crashes would there be if the car would not start if there was a phone signal active in the car? I bet at lease 50% of crashes would cease to happen. yet a riot would ensue because people cant use their phone in the car.
same thing with a computer dumb users will always do dumb things. like the big crack that happened not to long ago, dumb users opening emails gave the crackers access to the machines.
You can make a system super secure but then it is unusable. Or you can make it mostly secure and hope the user is competent enough to not click that link from some random ass email.
If you think that people out there couldn't possibly be that ignorant about something go to reddit and to to the tales from teck support and just read even 5 of them and you will quickly realize how utterly hopeless some people are with computers and their utter lack of knowledge to not think about what will happen with this "you've won" link.
I'm not comparing program installation on Windows and Linux nor their security precautions in place. I strongly agree with your point however it's irrelevant to the topic for the most part.
I agree with your take. It makes sense that the more the user base increases the more issues will appear because there will be more motivation to infect Linux systems.
That being said Linux because of its nature is more secure, security issues are identified and patch quicker and is all around a more reliable system, protecting itself even from user mistakes. Additionally because of the openness and customization of the platforms the users themselves become more competent with time, thus better able to protect themselves than they would on a closed environment.
So things will became a bit more difficult and dangerous as the user base increases but this is a completely natural process and things will always be more secure and reliable than they will ever be on other closed environments.
Nope, it is the core of the socalled "issue" you're mentioning. MS-Windows should never have been so unsafe to use in the first place, it was always wrong, always flawed. GNU/Linux had rights management from day one, back in 1992.
Thr problems you say you expect for GNU/Linux, will never come, because GNU/Linux was just never as radically flawed and inherently unsafe as the MS-Windows software console.
Every OS sucks! They are all in different stages of development. If 95% of consumers and home users ran on linux, everyone on these forums would be talking about Windows like it's the greatest most secure thing ever. People write viruses and malware to attack or steal information from other people. They don't care what OS you are running. The virus writer says...." hey, I could write a virus to infect 95% of all the computers out there, or.... I could write one to infect 1.5% of all the computers out there.... Which one should I choose?"
The fact is not whether one OS is more secure than the other, it's the motivation to attack one OS vs another. Most people have the perception of Linux as being the ultimate most secure OS there is. This is not the case in every circumstance. Security flaws need to be discovered. The more people that use linux increased the odds of security flaws being found. Remember, Macs don't get viruses!
Linux is an awesome piece of software, and works extremely well for the amount of people who have their hands in it. I feel that people hold linux up on a pedestal and expect it to be some amazing hero that will save the world. Linux is just a kid with lots of potential. It may be the chosen one but come on. Linux is not sad, it's a kid growing up. You cant expect it to save the world. It is beyond extremely difficult to develop bullet-proof software with no security flaws.
@Zoltan as far as MS-Windows being so unsafe... Most people run their machines as Administrators. If you don't run as an administrator, it's not unsafe. (I am not talking about User Access Control.) I have run networks with over 400 users running windows, everyone with internet access, and the appropriate permissions and user rights assigned. Never had a virus or malware problem in years. I sleep like a baby at night. Everyone screams if you run as root in linux. In windows everyone runs as administrator and screams when you knock them down to a standard or restricted user.
I agree with your post insofar running any OS as admin is the reason why there are problems in many use case scenarios.
I also partly agree with your observation about linux, but I wouldn't call something that has been proven since 1991 a "kid growing up". Linux is always a work in progress, and part of the strength is that it is always a work in progress, because that means that it allows progress in the first place. There are multiple branches of almost all distros just for that, to adapt to the use case scenario, which is also one of the strong points of linux in terms of security.
I don't agree with the observation about the virus coder though, because it's not about the consumer user base, it's about the value. Almost 100% of all high value computing targets, run linux or unix, and that's why the world still functions basically, because those are inherently pretty safe. If those high value targets were running something like MS-Windows, we'd all be writing snail mail by now and there wouldn't be any credit cards any more...
UNIX (1971 Father), LINUX (1991, Child) That was my thought process. All software (including windows) is a work in progress, not just Linux. Otherwise we would stop at v1.0 for everything.
I'm not sure about this one. You may be right here, but 10 million American Express numbers are pretty darn valuable. If you are talking about things like government secrets and that type of thing, I would say you're right on. However I don't think the average virus writer / so called hacker is targeting governments. I think that's more govt. vs govt.
MS's biggest security flaw is the end user. If a network is setup properly (most aren't) and all security patches are installed, Windows is pretty darn secure. However there are some areas where linux is much better suited. Credit card machines! I think your 100% correct on that one. ATM machines.... They should run linux but most run windows. Root DNS servers. I wouldn't sleep at night if those ran windows.
I think this is a misunderstanding between what actually happens and the public perception so I think the truth is somewhere in between what you both say. In the valuable targets any real attack is rarely seen by the public. And there Linux that is mostly used proves how secure it can be, operated by competent users of course.
The general public though perceives security according to the everyday and generally amateurish infections for the Desktop. There are not many of these targeted on Linux desktops and there is more motivation to target Windows. So I do think that infection danger will begin to increase as the user based for desktop Linux increases but because of the nature of the GNU/Linux in terms of development and the fact that it allows the user to get more competent using their tools it will still prove much more secure and safe that the current alternatives, even with all the patches and correct use.