Why Linux is the Safest OS 🙃

dada_dave

Elite Member
Posts
2,491
Reaction score
2,506
1692728105507.png


Does this count as security through obscurity?
 

dada_dave

Elite Member
Posts
2,491
Reaction score
2,506
Irony is, I can run some Windows software (some select games) in linux that won't run properly on Windows 10 any more.
Oh for sure, that was true even on the Mac with Wine for a bunch older games. But that was because Wine was doing much of the heavy lifting.
 

fischersd

Meh
Posts
1,326
Reaction score
940
Location
Coquitlam, BC, Canada
Ok, this is the old closed source vs open source debate. The problem with Linux is that hackers can write more elegant attacks (and either release them to get recognition, or keep them for their own personal use). Exploits can remain unknown to authorities or the public for years.

Vs closed source *nix (MacOS, derived from FreeBSD) - not that a lot of the code isn't out there....and exploits are still found and could be hidden, but with private companies updating their code on the regular, it's more difficult to find exploits that can be used indefinitely.
 

rdrr

Elite Member
Posts
1,304
Reaction score
2,206
Ok, this is the old closed source vs open source debate. The problem with Linux is that hackers can write more elegant attacks (and either release them to get recognition, or keep them for their own personal use). Exploits can remain unknown to authorities or the public for years.

Vs closed source *nix (MacOS, derived from FreeBSD) - not that a lot of the code isn't out there....and exploits are still found and could be hidden, but with private companies updating their code on the regular, it's more difficult to find exploits that can be used indefinitely.
Maybe if you are running a non enterprise Linux. Not all linux distros are the same. For instance Red Hat keeps a close eye on what goes into that distro (in the past haven't been keeping up to date on them since IBM took over). Unless you are downloading source code from an untrusted source and compiling it to run on a Red Hat supported version, it should be considered just as trusted as a closed source Unix distribution.
 

fischersd

Meh
Posts
1,326
Reaction score
940
Location
Coquitlam, BC, Canada
Maybe if you are running a non enterprise Linux. Not all linux distros are the same. For instance Red Hat keeps a close eye on what goes into that distro (in the past haven't been keeping up to date on them since IBM took over). Unless you are downloading source code from an untrusted source and compiling it to run on a Red Hat supported version, it should be considered just as trusted as a closed source Unix distribution.
You really missed the point. I'm not talking about them injecting code into the tree. I'm talking about them finding exploits in existing code - and keeping it to themselves for their own nefarious purposes, or releasing attack tools for the black hat community.

It's exponentially more difficult to find such elegant attack vectors when you don't have the source code to peruse.
 

rdrr

Elite Member
Posts
1,304
Reaction score
2,206
You really missed the point. I'm not talking about them injecting code into the tree. I'm talking about them finding exploits in existing code - and keeping it to themselves for their own nefarious purposes, or releasing attack tools for the black hat community.

It's exponentially more difficult to find such elegant attack vectors when you don't have the source code to peruse.
If you think there wasn’t bad security holes in the closed source Unix, then you haven’t been around long enough to know a few of them. There were plenty that I have spend many of a night patching on production financial systems.

Sure Linux can be attacked, but like any other OS it is only as secure as you make it. My point is that I don’t think it is any less secure as the older closed Unix grandfather OSes. In fact it could be argued that some of the more enterprises worthy Linux distros have stronger security features.

Like most security attack vectors, they key factor is how good your security posture is and how lazy you sysadmins are. I don’t know how many jobs I started and found their default build had packages and services running that they didn’t need. Do they allow people to just su - (to root), or are you forced to use sudo with a least privledge model? Do they rotated system level passwords and their own on a routine bases, with restrictions on how often the passwords can be used? Are they friends with their local security group to run security scans on a periodic bases? Most importantly are they patching regularly? I remember as a young sysadmin back in the day bragging about how long our Solaris ftp gateway uptime was. If I remember correctly it was over 2.5 years. That was completely foolhardy, and just asking for it to be compromised and used as an entry into a very large and leading Financial sector company.
 
Last edited:

fischersd

Meh
Posts
1,326
Reaction score
940
Location
Coquitlam, BC, Canada
If you think there wasn’t bad security holes in the closed source Unix, then you haven’t been around long enough to know a few of them. There were plenty that I have spend many of a night patching on production financial systems.

Sure Linux can be attacked, but like any other OS it is only as secure as you make it. My point is that I don’t think it is any less secure as the older closed Unix grandfather OSes. In fact it could be argued that some of the more enterprises worthy Linux distros have stronger security features.

Like most security attack vectors, they key factor is how good your security posture is and how lazy you sysadmins are. I don’t know how many jobs I started and found their default build had packages and services running that they didn’t need. Do they allow people to just su - (to root), or are you forced to use sudo with a least privledge model? Do they rotated system level passwords and their own on a routine bases, with restrictions on how often the passwords can be used? Are they friends with their local security group to run security scans on a periodic bases? Most importantly are they patching regularly? I remember as a young sysadmin back in the day bragging about how long our Solaris ftp gateway uptime was. If I remember correctly it was over 2.5 years. That was completely foolhardy, and just asking for it to be compromised and used as an entry into a very large and leading Financial sector company.
Yes, all OS's have had vulnerabilities over the years. Windows being the darling of the virus authoring crowd. Microsoft has always been disliked for a number of reasons by many (most?) bitheads.

We had an AIX cluster that had a similar uptime in the early 90's :). That was many layers deep beyond the reach of any external traffic, but I've seen many shocking security postures over the years. Many in the financial institutions.

This is almost a religious debate - my own experience, I give the nod to closed source distributions such as AIX, HPUX or MacOS being more secure than the open source Linux distros. Linux dominates the marketplace, with large corporations opting for enterprise offerings for supportability and consistent patching cycles.
 

rdrr

Elite Member
Posts
1,304
Reaction score
2,206
Yep, religious war indeed.

If you have 10 guys looking at a piece of code it's hard to find potential vulnerabilities.
If you have 1000 guys, it's easier.
Given enough eyeballs, all bugs are shallow - Linus’s Law

I know Linus wasn’t the original to say it, but it is tied him, and it is what the open source community is about. 1000 of eyeballs vetting all the changes made. Not all changes make it back to the source.

Can someone make a piece of code to exploit the open source code available for all to download? Sure, but I bet you a whole bag of donuts that is the crap closed source applications that get installed on top of the OS(es) that are the very large majority of the attack vectors. That and the idiot users that hit the click throughs without reading them, and give the installer admin rights to “install” something.
 
Top Bottom
1 2