Are Linux and it's variants "Malware Proof"?

Am thinking of switching over to Linux

 

What do you mean as "malware proof"? Nothing is malware-proof, but there are code and philosophies which are more secure and robust than others.

 

tell me about it i just recently discovered this thread while searching for something totally different (talk about luck). post #6 by sukarof links to an incredible page that shows you how to set up a limited user account (i knew how to do that ) BUT it also shows you how to set up SRP (i didn't know this existed in my version of WINXP). apparently you can combine limited user account with software restriction policy and the results are incredible. it took me (who has never touched SRP) all of 45 seconds to set up the LUA with SRP. this is almost like having windows in linux mode!

 

I know Linux and its structure pretty well and it is very secure in that structure....but I tend to view it as Windows (XP in particular) being a real big target and Linux as a real small target. Coders are a very talented lot and should they ever turn their attention toward Linux I can't help but feel we'll be a lot less secure.

Later...

 

hmm... the way i see it (frm a user's point of view) with regards to the main topic, were these-

Linux (any variants), DOES NOT allow the notion that any 'modifications, add/delete/install' that touches the core (even its fringes) system should be allow FULL access without informing the operator real-time. Nonetheless, a verification via 'pwd'. That's one major substantiative difference in comparison with Windows prior to its Vista. And since Linux+variants were borned out of users' communities. This particular 'security-conciousness' evidentially EXIST throughout every Linux distros (whether running on terminal or GUI modes).

Linux Communities help build its current distro varieties with further major concern for plain-jane users... make it EZ - via inclusions of every possible drivers needed (including restricted OEMs), but users' got its options still. Hence a new-installer does NOT NEED to "worry (with possible exception of a few, & mostly advance rig designs) about having his/her drivers-CD available or not. That's why newbies were pleasantly surprised (again with exception of a minor few) when they just did their 1st time Linux-install.

Linux up till now, thus still was considered pretty 'exotic' (until being tried out), hence few 'pranks' were being targetted on it. As its user population grows to a considerable mass, there maybe a leap on 'critical-attacks' against Linux-based systems! But IMO... it shall never 'surpass' what Windows perenially had experienced. maybe a small fractions of Window's percentage! Why?? Coz the programming language it was base on, is not as simple as what a VBS or winScripts was... the learning curve on Linux (as a programming tool) was more steep than most "script-Kids" can handle.

"Linux = Malware Proofed" is very much a wrong notion. Nothing is 'malware-proofed' in the digital realm! Things that can be modified, re-engineered, reverse-engineered... can therefore be 'victimized'. Again IMO, Linux and its various variants were build on a hugh communties of users' contribution. And in this perspective, LINUX was several steps ahead in being "well-secured" than Windows, or even Mac. And that's the KEY in spreading the mantra that Linux is More Secure than its Redmond creation.

 

Btw, 'Infecting' Linux users by designing a malware and set it out in the wild? As a programmer of the 'old' school generations, i don't buy this logic at all, unless you got motive of 'hatred' with you.

Foremost among them was - We Linux users got this distro FREE of charge... 'Libre'. It seems to be handed to users on a 'silver platter' without the worry of buying other options for additional bolt-ons. Right?

Then why 'maim or kill' a Golden Goose when it was given (including updates & widgets) to you Libre? You benefitted from it, got joy from it and also helps advance your knowledge of the WWW, see?

In every cultures of the world, we are NEVER raised to treat someone who gave you somethiing (much less something that's free) as enemy.. or even thinking of 'whacking' them when they had their back turned. Right??

But we are always taught to be 'Gratefull', give something back to the communties which gave something to you Free. Ain't that the American Way? Ain't that what the Freedom mantra of USA always had in essence? And same does it goes with other cultures, be it Muslims, Buddhists, Zens & Hindus.

Therefore IMO, there shall always be hubristic cowardly bozos and criminals who will try to sent 'mischief' against the Linux world users. But never as serious as Redmond got on its hand ever since.

 

clambermatic,

I've never used Linux. Would you be so helpful as to give a brief rundown on the differences between Linux and Windows XP LUA?

Thanks.

 

This page should do nicely Solcroft - http://linux.oneandoneis2.org/LNW.htm

GF

 

... It didn't, unfortunately. Thanks anyway though.

 

Yes, my mistake having overlooked certain criteria when forwarding that link.
Those of you running as winlu, be aware - http://www.pluralsight.com/wiki/default.aspx/Keith/HallOfShame.html

GF

 

My personal experiences and those of the people I've setup a LUA for have been positive so far, and to be honest that's all that matters as far as I'm concerned.

Not to mention there's always a "Run as" option. And if Linux is really that restrictive towards malware activities as its proponents claim, then I have no problems imagining it faces the same problems as Windows' LUA as well.

Once you've tried LUA, the claims of MS-bashers that Windows is insecure just seem childish at best.

 

That´s not M$ fault, that´s bad design/coding from the application developer, a so called LUA bug, and therefore the developers should be blamed for this. But there´s a workaround for this where you can permit full user access for each problematic program file/folder and reg. keys by using Filemon and Regmon for tracing these.

/C.

 

I've got new's for you .... I'm not here to argue this bs, and could care less an individual's choice of os. It was posted as an fyi to bring awareness, nothing more. Work with what you're happy to work with and let the card's fall where they may.

GF

 

Hello,
Nothing can save you from intentional harm.
But by default, Linux is far far more secure. Besides, there is no reason whatsoever for you to encounter any malware - even if such were to be easily found.
Mrk

 

By default, yes, but as soon as you create an user account with restricted rights and also applies software restriction policies, then IMO I don´t see any differences regarding security.

/C.

 

Hello,

Don't forget:

Stability
Tweakability
Beauty
Price

Mrk

 

When it comes to those features that you mention, I totally agree. Especially regarding stability there´s no competition and therefore I´m using Solaris as a server OS.

/C.

 

Selfishly I say don't use Linux. You won't like it.

 

Linux's LUA is a bit more robust than Windows' LUA and also add the fact that operating in LUA is standard in the Unix world, but it took more than a decade for Microsoft to adopt LUA as the default mode of operation.
suDown tries to bring the Linux LUA experience to Windows systems.

 

Thanks for the post- Just finished implementing it!

 

I had problems installing suDown about a month ago- I think they solved the problems by removing some of the later versions and releasing the one that had a good track record.

How does it compare to a LUA?

 

I checked out your link and I will follow your advice of trying out different Linux flavors on VM's

 

Just a general comment, if you're looking for freedom from malware concerns, I don't think it really gets much better than running Linux... for all practical purposes, you can kiss that stuff goodbye... I suppose it's possible to set Win up in a secure manner too, but I'd have to rate Linux best in that regard, as malware is simply not a concern.

 

With respect to " solCroft's " previous request below and the benefits of everyone's discussion posted within and...

"LUA" (aka: Least User Access) - Let's make it plain jane and comprehensible under laymen's (or Linux nebies' ) term.

When talking about LUA, then it is specifically pointing to a unitary system's 'SECURITIES'. And in operating systems, that concerns the OS in which he/she was currently using at this moment. As the original poster of this topic we're on with had come to the basic discussions that delves into LUA, here is a plain jane (albeit not fully authoritative, but generally considered 'referencial' enough [sans OS bashings] ) posted references, for a start...

a)
http://en.wikipedia.org/wiki/Comparison_of_Windows_and_Linux#Security
(note: Pls scroll down to page's Content, highlight/click #10-Security which itself has 2 subheadings. Read it, and... )

b)
http://www.theregister.co.uk/2005/07/11/longhorn_security/
(note: microSoft's 'Longhorn' (aka: Vista), it's gravitation with concern on system security. Submitted in summer of 2005 by G. Clarke from MN-USA)


c)... then another (bit more technical, concerning 'command shells' ) reference;

http://en.wikipedia.org/wiki/Comparison_of_computer_shells
(note: Tabulated comparisons of 'shells' between winSys/Posix & some major prog-lingos)


d) And lastly, an independent extrapolations between 2 dominant OS in our computing realm

http://www.theregister.co.uk/security/security_report_windows_vs_linux/#myth1
(note: Penned by N. Petreley, dated 2004. Roughly a year after Ubuntu came into being)

So... happy reading, folks