Are Linux and it's variants "Malware Proof"?

Thank you very much clambermatic.

Unfortunately I'm not looking for a layman's general description of why Linux is more secure than Windows. Anyone with a fair command of the English language and some popular knowledge of the FUD and mumbo-jumbo out there could write an entirely "convincing" article on why one is safer than the other. What I'm after is how and why.

That, and how many claims in the Wikipedia articles you linked had "citation needed" tags on them is cause for concern, I think.

Linux does sound like a very interesting OS; our computer labs at uni can dual-boot into Red Hat and XP, so I've had limited experience with it. But from what I can see, and from the article GlobalForce provided earlier, it's not the OS for me, nor is it necessarily "safer" than Windows.

 

Couldnt one say that regardless if you run Linux or Windows on LUA, you will get infected if you allow (with the root/admin password) the virus to install?
So if the malware market were targetting Linux and they tricked someone to install this cool new app, the user does his sudo thing.
When you install something in sudo, doesnt that mean that you have opened the OS to the product you install? In the same way as you do in Windows LUA?

So my question is: After you let something install with sudo, how is Linux safer than Windows LUA?

 

While GNU/Linux has many security advantages over Windows by default, it would be unwise to describe it (or any other Unix variant) as "malware proof". Instead, Linux/Unix systems are targetted in different ways and for different reasons - most notably for use as command-and-control centres for botnets or malware hosts/relays. This is most likely due to the need for 24/7 access that such roles require - a Linux box is more likely to be constantly available than a Windows system.

An example can be found at the Pharmacy Alert Security Team website which details tirqd (a web traffic / content proxy) and uirqd (a custom DNS server) - both used for a widespread and long-lasting spam website. Both are Linux/Unix specific and installed by attackers successfully running dictionary attacks against weak root (the Linux/Unix administrator user) passwords.

 

If this, if that, yada, yada, yada.

I'll just take, say the 75-90% of the users of personal computers.

This 75-90% do nothing or next to nothing to learn how to safely use their OS.

And for this vast majority of computer users. Linux's out of the box experience is at least 10x safer than anything M$ has to offer.

So pontificate away. Yada, yada, yada.

 

So?

If you haven't noticed, we're discussing operating systems. What users choose to (not) do in terms of computer security is offtopic.

Yada, yada, yada.

 

Hello,

Definitely. The difference is - the chances of stumbling onto some obscure program is much lower. 99% of all Linux installs are done using repositories. You hardly ever need to search for programs by yourself.

But still, if Rambo decided to shoot himself in the head, it would not really matter if he were 100 or 1,000 times better than the Ruskies he pwned.

It comes down to the man behind the joystick.

BUT ... passively, Linux is several magnitudes of order more secure, as in drive-by this, scripts, etc ... these will have a very hard time surviving and persisting on a Linux machine. However, nothing can beat a determined self-defeat.

Mrk

 

Yes I agree Linux is more secure by itself.

 

Same old propaganda talk, no evidence as usual. But don't worry, I guess everyone's more or less used to it already.

I pity the poor fools misled by all this hype though. Just look at this thread title, for instance.

 

Could this has something to do with lack of knowledge? Could this lack of knowledge has something to do with the fact that the purpose with using a computer should be regarded as a tool where you put your effort and time using specific programs in the first place, and not devote your effort in learning how to secure a computer against malware.

Well nothing new about that statement that the *nix systems are more secure compared to Windows by default, or that the vast majority of the malware is targeting Windows systems since it´s counterproductive to waste effort in writing malware to target only 5-10% of the user base where you can´t access admin mode by default. But since this thread has evolved to a more interesting comparison regarding: "Are *nix more secure than Windows using LUA and SRP?", I would say they are equally "secure".

/C.

 

Without commenting on SRP (since its limited to XP Pro), LUA is a part of Windows itself. Microsoft and many security professionals have been advocating its use for as far as I can remember, but for some reason Microsoft and Windows have been held accountable and are at fault for the failure of end users to do so.

Personally, I don't see the logic in this at all.

 

solcroft, does windows xp media center edition count as a version of windows xp pro (like incorporating features of xp pro)? because both my laptop and desktop running windows xp media center edition have the option to set up SRP (i've set it up on both it's freaking awesome ).

 

Microsoft should indeed be blamed for this since they designed Windows XP to be installed in Admin mode by default, where it´s a small task for knowledgeable users to change this, but nearly impossible if you don´t have the knowledge or even aren´t aware of the problem. Vista is M$ answer to correct this security error.

/C.

 

... My mistake, I thought Cerxes was referring to the group policy functions of XP.

Which is another excellent security function in Windows. HIPS-style system control, built right into the OS. Combine it with NTFS access permissions, and you have a very solid setup capable of resisting just about any malware attack, all without installing any third-party security software.

 

Possibly to do with some Microsoft-branded software refusing to run under Limited User accounts? (Sidewinder Strategic Commander software and Rise of Nations being two examples I've come across).

 

WIndows Vs. Linux

Install win,
Config UA,
Config IE,
Config Services,
Disable Netbios,
Install Virus scanner,
install multi spyware scanners,
Win Update critical and security,
Update Virii db,
UD SW scanners,
Don't use IE, too vulnerable, FFX,
Make sure you have a good firewall,
Use a router,
config router,
Use Returnil or other DV,
man this list is getting long,
all this to surf the web...

Vs.

Linux 128MB ram os / LFFX,
loaded from usb or cd,
OS is in ram only, if it gets infected, on reboot gone.

What do you think?

 

Nice try, but you might want to take a hint or two from the more experienced MS-bashers.

 

Windows users following the best practices advice given to Linux users should achieve similar results, no?

• keep updated
• run as a restricted user
• install software only from known reliable sources
• use a firewall, etc.

 

Hello,

I'm a diehard Linuxer, but you are being unfair...

Router has nothing to do with any particular OS.
Imaging is not restricted to any particular OS.
Good firewall, updates are not restricted to any particular OS.

Windows install would go like this:
Install
Install updates
Install your programs << this takes most of the time!

Linux install would go like this:
Install - you're ready to go << here you save gallizions of seconds!
Install updates.

In either case:
You don't need AS / AV etc
You don't need to waste time updating software you won't use - like IE.

For me, Windows install is a simple thing - from nothing to full productivity with just firewall and Firefox - about 1 hour. Add another 2-3 hours for updates. Another 1-2 days for all software.

Linux install is even simpler - from nothing to full productivity - about 1 hour. Add another 2-3 hours for configurations and tweaks. You save 2 days on installation of software - and any time you update the system. Here's your major gain.

Plus of course stability, flexibility, modularity, speed, full control, beauty. Throw in Compiz Fusion and you're all set.

Security is a state of mind mostly and you won't suffer in any OS. The major Windows problems are in your face attitude, price, treating loyal customers as thieves, pushing new crap all the time (e.g. useless Vista). All in all, XP, if we take away Balmerism from the equation is a fairly fair OS.

Regarding LUA in Windows, possible but problematic. Most tweak guides fall into this category, possible but problematic.

Most LUA / tweak guides refer to single machine, single user, mainly web, email.

Things become complicated when you combine:

Virtualization, scripting, compiling, all of these across network, gaming online and on the lan, sharing of resources, files, folders, printers etc, multiple OS environment ... LUA fails here miserably.

I would like to see someone run PunkBuster on limited account ... just a simple example.

Mrk

 

Hardly easier when using *nix systems...

Sorry Mrk, Even Balance have shattered your argument: http://www.evenbalance.com/index.php?page=pbsvcfaq.php

/C.

 

You have your figures. I'll offer mine.

A full reinstall from scratch takes 2hrs for me - this includes the reformat, OS install, drivers, programs (IE7, WMP11, WLM, OOo, Opera, Warcraft + miscellaneous games + gaming tools, video codecs, VM, Returnil, ThreatFire) and system settings). I don't apply Windows Updates; unless I need them to run a specific program, they're a waste of time. Not to mention that this 2hr process happens... once every six months, at best.

You mentioned: install Linux and you're ready to go. What about other programs? Where do they come from? Do they come pre-installed with the OS? What happens if you decide you don't like those programs, and want to use your own? Windows comes with its own programs and utilities pre-installed as well; strictly speaking, you don't need much else. But unfortunately it seems that you apply this argument only for Linux.

I'm not convinced. Saying A is better than B without any further elaboration doesn't make it so. At the very least, show me some Linux desktops that look as good as Vista does.

And Linux pretends its "customers" don't exist. Product dissatisfaction? Feel free to demand a refund.

Perhaps you've been unlucky. Maybe you've been slighted by a Microsoft tech support personnel, or something. But making opinionated blanket statements doesn't really do much, if at all.

It's no more problematic than having to elevate user permissions all the time in Linux.

Perhaps it's because that's what LUA is designed to do.

And so you don't use LUA for that purpose. Windows offers group access policies that can be enforced across entire networks. This is what happens at my computer lab at uni, and it works very well; if you disagree, you're welcome to try to introduce a malware outbreak onto my uni network. Perhaps your experience with Windows is so limited that you believe these things cannot be done well, but that doesn't mean they really can't.

I'd like to see someone run the games PunkBuster supports on Linux, just as an equally simple example.

 

Hello,

I'm not in a mood for a big argument, so:

Handsome desktop - see the movies.
http://www.dedoimedo.com/computers/gutsy_gibbon_overview.html

I'll take screenshot of my SUSE 10.2 when I get home.

Games that ran on Linux with PB: America's Army up to version 2.5 until the developer decided to quit.

Experience with MS:
Never been slighted, no reason to talk to them.

Experience with Windows:
Not limited at all (no pun ...).

Customers:
Linux customers exists. Large corporations mostly - Google, Pixar, NASA, Intel, to name a few. Home usage is a bit behind, but quickly gaining.

Now, as usual, before this becomes a ping-pong, you win ...

Cerxes:
Easier? Well, approx. equal when you setup standard Linux acc versus standard Windows acc - this becomes 10 times more complicated with Windows limited acc.

Mrk

 

Thanks, but I'll pass... none of the stylish futuristic look I prefer, no widgets, not much of anything.

Okay.

In other words, a grand total of zero.

Valid arguments of poor Microsoft attitude then, instead of baseless one-liners that just about any idiot can throw down.

Yet all the incorrect statements re network management difficulties, not to mention mistaking LUA's intended purpose. If you say so, I guess.

I'm not a large corporation, nor will I likely be in the future. Take your arguments to them and tell them to switch to Linux, because your arguments are worthless when addressing me and most people here.

As usual, you make a whole load of baseless statements, then back away under the pretense of civility when your load of bullshit gets called for what they are. If you have valid arguments, then make them, and I'll spend more time on legitimate discussion and wasting less on pointing out your baseless claims.

 

Hello,
Since we're down to "bullshit" ... I guess you'll be the first person on my ignore list.
Mrk

 

Sorry, I didn't know I hurt your ego that badly.

But if the above was your best shot at reasoned and evidenced arguments, I guess it's better for you that I be in your ignore list.

It's one thing to be a Linux supporter. It's another to just throw down empty claims why Linux is better than Windows, evidence and reasoning be darned.

Have a nice day.