Are we Linux users arrogant about security?

[TPreston]

Please show me where I have flipped the finger at the core principles - if you mean where I say I have been very unlucky lately that has nothing to do with computers

I was referring to Simon Lang 9047 not you sorry for the confusion

[simonlang]

I was referring to Simon Lang 9047 not you sorry for the confusion

this has nothing to do with the middle finger. it's just a fact that many people new to linux don't know.

[Art_X]

Ah, okay

 

Hmm, could have sworn I quoted a post there

[TPreston]

 

this has nothing to do with the middle finger. it's just a fact that many people new to linux don't know.

A "fact" which combined with popularity would give us windows xp 2.0, Learn from history look what android has become.

[adrynalyne]

the statement to call linux users arrogant is arrogant by itself. 

How do you figure?

[simonlang]

A "fact" which combined with popularity would give us windows xp 2.0

unsure about this. looking for AV for linux you find basically nothing anyway and even if most articles mention that AV is not needed on linux + explaining the security structure. all is fine.

[TPreston]

 

unsure about this. looking for AV for linux you find basically nothing.

http://www.eset.com/us/products/endpoint-antivirus-linux/

And virtually all the major vendors.

 anyway and even if most articles mention that AV is not needed on linux + explaining the security structure. all is fine

People said the same about android firefox etc etc etc.

[Art_X]

 

and in comes the windows brigade with the usual - if linux had 90+% usershare - things would be different.

why is this thread even in linux forum? should be moved away to windows forum.

Its in the Linux section because I am using Linux and the fact that I was labeled as arrogant for using Linux - So no it shouldn't be moved to the Windows forum as it has nothing to do with Windows.

Although I do regret making it now as it seems they all go this way when you try to have a discussion about such things

[TPreston]

 

and in comes the windows brigade with the usual - if linux had 90+% usershare - things would be different.

why is this thread even in linux forum? should be moved away to windows forum.

Where it does have a substantial marketshare things are different

http://bits.blogs.nytimes.com/2014/08/22/android-phones-hit-by-ransomware/

[Veiva]

Stating Windows and Mac OS X (both are an operating system, from kernel to userspace) being less secure than Linux (just a kernel) isn't honest and its usefulness as a metric is dubious. Anyone can spin Windows being more secure than Linux and vice versa all they want simply by altering the definitions and using existing data to fit:

When Windows/OS X/Linux is used as a platform, does this mean the the kernel and/or userspace? Does this mean third-party drivers and applications as long as they are present, and if so, what third-party software is included in this metric? Is a hardened installation the basis, or the default installation? What is the purpose of the installation--a Web server or a general desktop? What is the general competency of the administrator (in the case of IT or some such) or user (all other cases)?

Depending on how you answer these questions, you will find existing data to fit any assumption you want ahead of time. By data, I mean exploits, severity or potential of said exploits, how long it took until the exploits were patched, general competency of users affect, what kind of installation or usage pattern was affected... And that data on it's own is useless without answering the above questions.

All things considered, a device can only be as secure as its user (weakest link kind of thing). Linux users tend to be more technically savvy, so of course they'd encounter less malware or so on--but that would be regardless of their operating system of choice (assuming they are as savvy with Linux in general, or some distribution of Linux in particular, as with Windows).

Like I posted earlier, various encounters with Linux enthusiasts has left a sour taste in my mouth over many years. I'm also opposed to the viral nature of Linux software licensing. If, or when, I switch from Windows, it will most probably be to FreeBSD, not any Linux distribution.

[Kelxin]

Really? Some rootkits I've seen on Windows are all but impossible to remove without completely wiping and reinstalling.

http://www.gmer.net/  There's a tool for that which quickly and easily handles rootkits.

[Unobscured Vision]

simplezz had the right breakdown and comments for you, OP. I will add that I've also had to deal with friends' and relatives' virus-laden (Windows) PC's and Laptops, so I know where your feelings of frustration rise from. And certainly whomever made that statement to you about Linux users being "arrogant" was obviously ignorant themselves. If that individual could be bothered to do any kind of digging into the Linux, UNIX, BSD and FLOSS Community they'd quickly discover that we're quite the opposite of arrogant.

Do we know what we're talking about when we speak up? Absolutely. BUT ... if we don't know the answer(s), we know how to find them usually. Assured and confident is not the same as arrogant.

Regarding the original question -- Linux and UNIX is in many ways more secure than Windows out of the box, it's true. But Windows can be made secure too -- in fact, hardcore secure in the right hands. The majority of the security issues on Windows arise from the use of Flash, Internet Explorer, out-of-date software and bad habits.

No OS is completely secure. Linux has Security Advisories all the time -- that's normally the reason for receiving updates, to address them -- and is susceptible to the habits of the user too.

Windows is targeted more often. That's the truth of it.

 

[Anibal P]

The only arrogant Linux users are the clueless ones, one troll here, and anyone in the LinuxMasterRace subreddit 

[Nick H. Supervisor]

Someone that turns around and says, "I use Linux because I'm secure" is just as bad as anyone else. They haven't provided their reasons for their point, they've just decided to make it a fact.

Someone that says, "I use Linux because it is a community OS and problems have the opportunity of getting patched quicker, and that makes me feel safer" are at least more reasonable people.

[Noir Angel]

I don't know many Linux users, but if anything what I hear them go on about most is not security, but how much more liberating Linux is because it's open source. I don't get the impression that they take a cavalier attitude towards security.

[xxxxxx.xxxxxx]

Before this topic inevitably gets closed I will add my two cents.

As a Linux user for many many years and having used Linux as a primary OS for 10+ years I can say that the majority of Linux users i know do not assume that linux is secure and free from harm but understand why some believe it to be. I myself understand that there are many exploits and forms of malware/viruses available that target *nix and BSD based systems. Antivirus solutions are available from many proprietary and free outlets; ClamAV, comodo and ESET being but a few.

The argument regarding "if Linux had the larger marketshare we would see a different outcome" is somewhat ridiculous. Linux based systems have the larger share in terms of network connected servers. Servers are generally attacked much more thoroughly and frequently and as the Linux system is generally speaking the same for Desktop and Server applications the system needs to be as secure as it possibly can be out-of-the-box.

Your system, whether it be Windows, Mac OS, Linux or Solaris is only as secure as you make it.

Public Servers on the internet
Open Source ClamAV
Dont believe these four myths about Linux security
NVD Search for "Linux" vulns
"Linux has more vulnerabilities than WIndows" 2014

[simplezz]

Where it does have a substantial marketshare things are different

http://bits.blogs.nytimes.com/2014/08/22/android-phones-hit-by-ransomware/

First of all, Android isn't GNU/Linux (an important distinction). Secondly, the low incidence of malware on Google's Playstore, as well as other curated stores, disproves the marketshare-malware equivalence theory. The reason for Window's endemic malware problem isn't solely down to its marketshare, but includes other factors such as software acquisition behaviour, OS security model, and a malware ecosystem that's been bubbling away for decades.

[simplezz]

Someone that turns around and says, "I use Linux because I'm secure" is just as bad as anyone else. They haven't provided their reasons for their point, they've just decided to make it a fact.

Someone that says, "I use Linux because it is a community OS and problems have the opportunity of getting patched quicker, and that makes me feel safer" are at least more reasonable people.

The truth is, they are more secure (in terms of protection against malware and other nasties). There's very little chance of getting infected with malware on GNU/Linux. That can't be disputed. The reasoning behind it isn't so simple to explain. Often times it's just easier to state the facts.

However, when talking about general resilience to attack, I would said that GNU/Linux is securer because its built-in package manager updates all out-of-date repository software. Out-of-date third party software is one of the most common attack vectors. OS' without that facility to update everything are at greater risk.

[TPreston]

The argument regarding "if Linux had the larger marketshare we would see a different outcome" is somewhat ridiculous. Linux based systems have the larger share in terms of network connected servers. Servers are generally attacked much more thoroughly and frequently and as the Linux system is generally speaking the same for Desktop and Server applications the system needs to be as secure as it possibly can be out-of-the-box.

Servers are not administrated by granny and grandpa and little bobby. This is slight of hand, You are saying hey lets compare Linux server to windows desktop... Whadya know Linux comes out on top cause grandma gave remote access to a Nigerian scammer.

Of course servers are locked down more than client machines!

First of all, Android isn't GNU/Linux (an important distinction).

But it does inherit many of the security features you mentioned before.

The truth is, they are more secure (in terms of protection against malware and other nasties). There's very little chance of getting infected with malware on GNU/Linux. That can't be disputed. The reasoning behind it isn't so simple to explain. Often times it's just easier to state the facts.

And create a perfect storm of a large amount ignorant users who think they are safe from threats. Like saying don't vaccinate your kids. One big massive target waiting to get smashed by the bad guys.

 Secondly, the low incidence of malware on Google's Playstore, as well as other curated stores, disproves the marketshare-malware equivalence theory.

Way to completely ignore the source I provided, these devices are targeted with the exact same type of ransomeware that plagues small business and home users and the Linux kernel did jack **** to stop it because its not a failure of the os but a failure of the user that's exacerbated by people like you giving users a false sense of security.

Computer Security should not be a marketing football between different teams.

Edited October 17, 2015 by TPreston

[adrynalyne]

Before this topic inevitably gets closed I will add my two cents.

As a Linux user for many many years and having used Linux as a primary OS for 10+ years I can say that the majority of Linux users i know do not assume that linux is secure and free from harm but understand why some believe it to be. I myself understand that there are many exploits and forms of malware/viruses available that target *nix and BSD based systems. Antivirus solutions are available from many proprietary and free outlets; ClamAV, comodo and ESET being but a few.

The argument regarding "if Linux had the larger marketshare we would see a different outcome" is somewhat ridiculous. Linux based systems have the larger share in terms of network connected servers. Servers are generally attacked much more thoroughly and frequently and as the Linux system is generally speaking the same for Desktop and Server applications the system needs to be as secure as it possibly can be out-of-the-box.

Your system, whether it be Windows, Mac OS, Linux or Solaris is only as secure as you make it.

Public Servers on the internet
Open Source ClamAV
Dont believe these four myths about Linux security
NVD Search for "Linux" vulns
"Linux has more vulnerabilities than WIndows" 2014

That ridiculous statement was made by one of your Linux cronies. Also, server attacks are not near the same as constant attacks from a consumer standpoint. Just like nix, Windows servers don't undergo the same scrutiny that consumer machines do. The user is mostly removed from the equation in the server world.

[seta-san]

probably. Linux users probably think they are secured by default because they have Linux. I'm guessing that several of the largest hacks in recent history, including Ashley Madison were likely Linux machines. sure a Linux desktop user might be a bit more secure because of desktop Linux relative obscurity but that's really no excuse for not taking positive steps to ensure that security beyond default settings.

[seta-san]

First of all, Android isn't GNU/Linux (an important distinction). Secondly, the low incidence of malware on Google's Playstore, as well as other curated stores, disproves the marketshare-malware equivalence theory. The reason for Window's endemic malware problem isn't solely down to its marketshare, but includes other factors such as software acquisition behaviour, OS security model, and a malware ecosystem that's been bubbling away for decades.

it really comes down to how open the OS is out of the box on default settings. android can be highly secure.. that security goes to ###### just as soon as you unlock the OS.

[simplezz]

And create a perfect storm of a large amount ignorant users who think they are safe from threats. Like saying don't vaccinate your kids. One big massive target waiting to get smashed by the bad guys.

lol. You do love your strawman analogies don't you? Just because GNU/Linux users know they are safer doesn't imply they are ignorant of potential threats or apathetic about security. It's a non-sequitur. In fact Linux encourages one to explore, experiment, and learn. I'm more aware about security and how my OS works than I ever was when I was running Windows. 

Way to completely ignore the source I provided, these devices are targeted with the exact same type of ransomeware that plagues small business and home users and the Linux kernel did jack **** to stop it because its not a failure of the os but a failure of the user that's exacerbated by people like you giving users a false sense of security.

I couldn't read your link as it was behind a wall. Not that it matters anyway. Malware simply isn't successful on the Playstore or Apple's iOS in the long run. Unlike Windows, where it's been infecting machines en masse for two decades. Recently a lot of scammers have moved on to greener pastures. Specifically, the Windows Mobile marketplace, where Microsoft allows them to flourish and rip off users ala Windows proper.

[simplezz]

it really comes down to how open the OS is out of the box on default settings. android can be highly secure.. that security goes to ###### just as soon as you unlock the OS.

Depends how you unlock it. If you update the su binary in conjunction with the installation of a Superuser-like permissions app, you have the ability to allow or deny root on a case by case basis. I use this one myself.

[adrynalyne]

Depends how you unlock it. If you update the su binary in conjunction with the installation of a Superuser-like permissions app, you have the ability to allow or deny root on a case by case basis. I use this one myself.

Or dont install an su binary period.