Why Linux is better than Windows or macOS for security

Linux really doesn't need to convince anyone to use it. It's not a commercial proprietary OS like Windows or MacOS. It's found its place and it's a good one. Windows is commercial in the same way that a car is, it's the product of a corporation that has market share as a priority and competes for business with other corporations. Linux is not a commercial OS in that way, those that need it will use it but it's not being pushed for market share by a profit seeking entity.

One thing that Linux is much better than Windows at is scalability. It can be a bare minimum installation with no GUI that runs a server or media box or a full on desktop OS with all kinds software installed. It also is much easier to make a portable OS with Linux or use it in mass deployments. Activation and licensing suck if you want to migrate your OS to new hardware. Security is only one aspect of Linux. It's generally better in Linux for a variety of reasons. The OS being more transparent with a clearly defined and well established ways of defining privilege is one. But I'd say that the typical Linux user will be an experienced computer user in general who will know how to keep things secure in any system.

 

So when was the last day to day normal, noncommercial Windows user hacked? lol

 

OK cool, that does indeed sound quite safe. But the cool thing about Windows is that there are plenty of third party security tools that can add security. For example Sandboxie can also restrict the browser even more.

I suppose with repositories you mean some kind of app store? In Windows you can also download many apps from the MS Store, but in practice most people will indeed download apps directly from software vendors. For example when I bought my laptop 1,5 years ago, I downloaded about 50 of my favorite apps from the internet, without any problems at all.

Yes I agree, at the moment you probably don't need a third party AV on both Windows and macOS. However, from a technical point of view, I don't believe that macOS is any safer than Windows. With the right tools and safe computing practices it's just as easy to stay safe on Windows as it is on Linux and macOS.

 

BTW, I forgot to reply. But yes, in these kind of hacking contests they simply try to get remote code execution without actually running malware. So they consider it a succesful hack when they can make calc.exe pop up automatically. While in real life they would still have to bypass anti-malware tools. But like I said, if hackers can find more exploitable holes in Windows, than obviously it's less secure than macOS and Linux. But so far, it's not clear to me if this is indeed the case.

 

App stores are somewhat similar to Linux repositories. There are however major differences.
Gnu/Linux distribution's packages repository contains mainly FOSS thus are in general non commercial. In general you don't need any kind of account to access that. Most importantly the system itself is inside these repositories. Install images/medias use these packages to install your OS. Packages are created by OS devs*. Security and stability updates are distributed by these system repositories. Major distribution version upgrades are installed by newer version of OS packages. Packages in these repositories are compiled for a particular set of library and compiler version meaning it is prepared for distribution.

*there are 3rd party repositories created by people not associated with distributions as well. I talk about built-in repositories.

 

It doesn't matter about subjective ontology.

Maybe, maybe not.

 

This is probably the root of this entire discussion...

 

I see what you did there.

 

So, I've been thinking. Shouldn't you change the thread title from: "Why Linux is better than Windows or macOS for security" to "Why Linux isn't better than Windows or macOS for security".

 

I would contend: "not so fast", because Linux hasn't been challenged against threats in nearly the same way Windows has. Not even close.

 

I agree.

A better title for this thread would be:

Why am I posting a thread entitled why Linux is better than Windows or macOS for security in the first place if I've already come to the bizarre and unfounded conclusion that Windows is just as safe as Linux even though there is no actual evidence for it?

 

You don't read Microsoft security bulletin/Security Update Guide every patch tuesday, do you?

 

...clever

I would say, however, that Windows has evolved a great deal over the years to become a a whole lot safer to use than days of yore, specifically Windows XP. It's just that Linux for home use hasn't been "battle tested" nearly the same way Windows has over the years, because of <2% adoption rate, thus no real interest from hackers to develop exploits against it, so it's impossible to compare its security effectiveness against Windows. Just my non scientific humble opinion.

I just wanted to add that you would probably admit one of the reasons you use Linux is because you feel no need to run antivirus on it? It's one of the reasons I run it. One other reason for me is the blazing fast speed and efficiency it installs updates, almost never requiring a reboot to finalize them

EDIT

sorry one more thing thing, as I'm on a roll...by golly am I ever sold on Apparmor, security built into the kernel, no 3rd-party program required, and highly effective at bolstering programs it enforces against exploits.

 

I think Windows has improved security-wise. I think Unix is safer by design anyway, although having a minority user base doesn't hinder its security. Not having an AV is freedom. Plus Linux is faster, lighter, and I prefer it. I run two Linux (Ubuntu) computers, I'd never return to Windows even if it was bulletproof.

 

How can I give you +1000 rep, applause and like at the same time?
I am a user for about a week now of linux mint and I’m really impressed of how light (even though my laptop is quite good for 2022), how huge the app repositories are with all the apps beeing free, how customizable the distro is, how stable the distro is etc. I guess I was afraid of linux because I thought that linux is only for advanced users who know their ways through the terminal. Well it’s not. Linux nowadays is like windows. This is my opinion as a novice user of this OS after 1 week. Right now I’m dual booting win 11 pro and linux mint but in this 1 week of use I never booted win 11. So I guess linux is very good for the novice.
This is just some feedback, sorry if it’s offtopic!

 

The point here is you chose a novice friendly distro. Unfortunately a lot of 'first timers' coming from Windows choose one of the harder but more heavily promoted distros such as Manjaro or EndeavourOS and soon end up back with Windows. I'd probably still be with Mint myself if they hadn't ditched KDE.

 

I used Ubuntu occasionally many years ago before I started using it full time around seven years ago. It's fairly straightforward to use and I'd used Open Office/Libre Office for years anyway. Admittedly I've had to learn to use the terminal occasionally, but it's basically a copy/paste of various commands. Windows has a command line equivalent anyway. Linux doesn't have to be difficult and esoteric. Most apps can just be downloaded fairly easily. Snap packages are controversial in Ubuntu as many haven't been properly developed or maintained. Some work perfectly well though and are better sandboxed so more secure as a whole. I believe Canonical want snaps to be as easy to download as apps on the Apple Store or Android eventually. It might take some time to achieve this. There are still repo and PPA versions of the apps.

 

Why should I? I didn't write this article, it's obviously an opinion, that you can either agree with or not. A lot of experts believe that if Linux or macOS had 90% of the home user market, it would have the exact same problems as Windows. It's obvious that there is a lot more malware available for Windows, but from a technical point of view that doesn't make it less secure by design.

Like I said, most of this stuff won't affect the majority of the home user PC's. I have actually done an experiment, I didn't patch Win XP for 10 years and I didn't patch Win 8.1 for 8 years, and you already guessed it, I didn't have a single problem when it came to so called remote code execution exploits. Same goes for manually installing software, I have downloaded hundreds of apps and never got infected. I do use third party security tools in case Windows Defender might fail, AV's aren't fool proof.

 

Exactly my point, same goes for macOS.

The funny thing is, that in all of these hacking attacks, macOS and even Ubuntu got hacked just as many times as Windows. Which means that if hackers had to perform a targeted attack, with the goal to run malware with high privileges, it would have worked on Windows, Ubuntu and macOS, so there's your proof.

In fact, in 2021 macOS had even more code execution bugs than Win 10. I don't know the details about these bugs, but I wouldn't be surprised if this stuff is exploitable from remote. That hackers don't actually bother to write exploits for this stuff, is a different matter.

So that's why I take it with a grain of salt when people claim that Linux, macOS, iOS and Android are way more safe. Just look at those zero day attacks on iOS with the Pegasus spyware, such an attack is most likely easily blocked with third party anti-exploit tools on Windows.

 

Then you're the luckiest person I've ever come across during all my years in IT.

 

You could argue the Trabant was the most reliable off-road vehicle ever built. This is because Trabant owners knew if they drove it anywhere else except on a smooth road it would fall apart. Still, that makes it’s off-road record 100%. In other words it’s rarely the machine but mostly the owner.

 

So, just how many 'experts' are a lot? Two, three, more than three? Who are they exactly? From a technical point of view Unix is more secure than Windows.

 

Keep in mind there's a difference between home users and companies. With companies you shouldn't take any risks. But with the right (third party) tools you can easily block malware from either running at all, or at least block them from doing any damage. Security issues on Windows are overblown in my view. That doesn't mean you shouldn't take it seriously.

I could ask you the same thing about these so called experts. As said before, there are plenty of experts who will agree and disagree with the topic title. And it also depends on how you measure OS security, let's keep it at that.

 

Ask me what thing about experts? You're the one who keeps mentioning experts. I was just curious as to who they actually are. You can measure security however you want. At the end of the day Linux was and is more secure by design. I know it's important for you to want to believe otherwise. I can't help you with that.

 

Currently around 30% of all web traffic is generated by porn sites. ‘Malsmoke’ targets the high traffic sites with others like Raccoon Stealer and the RIG exploit mostly targeting others. Considering this volume of traffic and the percentage of users running Windows this makes Windows far more vulnerable to this type of attack than Linux. Some malware such as the ELF_ROOTKIT, KERBERDS Trojan and others do target Linux but users will need to abandon every recognized Linux security practice in order to get it onto their machine such as granting unrestricted physical access to third parties. The thing to remember is most malware is not written by the people transmitting it. It is either bought outright or rented on a per period basis. While Linux servers are fair game for obvious reasons it just isn’t profitable to target Linux desktop users and if the market share remains the same it never will be.