Why Linux is better than Windows or macOS for security

Regarding counting CVEs: This has been discussed earlier and doesn't make much sense for various reasons (e.g. because it's comparing apples with oranges to a large extent). And I've always said that another reason is that all Linux vulnerabilities are published - but you cannot be sure if Microsoft does the same (and nobody can really control that for closed-sourced software). The latest example that this is not an unfounded suspicion can be found here. Use a translation service if you can't read it.

 

I think you are missing the point. Me not using Unix systems hasn't got anything to do with it. I think it's always interesting to read different point of views, that's why I posted this thread.

But what I'm saying is that my opinion is not based on me being some Windows fanboy, but it's based on what I've read about stuff like malware, exploits, apps and operating systems.

I came to the conclusion that Unix based systems aren't as safe as thought and that security issues on Windows are mostly overblown. With that I mean, with the right tools and knowledge you could easily tackle or avoid them.

OK I see. I thought about dumping Windows for macOS, but I decided not to because it would mean that I wouldn't be able to use some of my favorite apps and all of my videogames. I also prefer the Windows GUI (Start Menu, Task Bar, Tray) plus as said before, staying secure on Windows is quite easy.

So you didn't actually encounter any malware? And yes false positives are annoying, but you can't blame Windows for some crappy third party AV getting on your nerves.

 

Not this stuff again.

But perhaps this is all a misunderstanding. I can see why people would claim that Unix is more secure by design if you look at it purely from an OS developer's point of view. But I look at it from a hacker's point of view, and they will laugh at such an article.

Here is a a slice of enlightenment for you, it's about Linux servers getting hacked and succesfully infested with malware all over the world. I guess they are able to do this in the exact same way they would hack Windows, namely via exploits, social engineering and I'm sure some of them are insider attacks.

https://www.trendmicro.com/vinfo/us...ok-at-linux-threats-risks-and-recommendations
https://www.trendmicro.com/vinfo/us...in-the-cloud-and-security-recommendations#C04

https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/
https://www.govinfosecurity.com/alert-russian-hackers-deploying-linux-malware-a-14829

 

I miss a lot of points. I don't miss Windows and its security issues though.

Don't believe everything you read.

It all depends on what is meant by 'safe as thought'. If you are coming from the strawman that Unix is invulnerable it can mean one thing, in the world of actual reality it can mean another. Unix is not invulnerable but in the real world it is much safer than Windows. If you keep repeating to yourself that Windows is just as secure it might just come true. OK, it won't. But you are giving it a good go.

I get it, you can't play Grand Theft Zombie Killers on UNIX so you stick with Windows. I'm not a gamer. OK, I play chess with the computer sometimes.

I started off with Mac, never saw any malware on macOS. Then ran Windows for years. The worst I got was a trojan, swiftly removed by SUPERAntiSpyware. Plus I had a few PUP's. The trojan was my own fault in a way as I should have seen it coming. False positives aren't just annoying they can totally brick machines. AV's are a nuisance in many other ways and I was glad to wave goodbye to them. You'll need to define 'crappy third party AV' as AFAIK most AV distributions have had f/p's. MBAM regularly tried to eviscerate perfectly innocent drivers on my Windows machines. At the end of the day I just prefer macOS and Ubuntu. I feel and am safer. I prefer the way the OS works. Windows was always slumming it compared to UNIX. De gustibus non est disputandum.

 

Most of us in the industry are fully aware about server exploits but the whole point of your misguided post was "Windows, the ever-more-complex platform that’s easily the most popular desktop system".

None of this is relevant to Linux desktop users except for the permanently suicidal.

 

This.

 

Very predictable reply. Of course it's not relevant to desktop users, but it's very relevant in the broader discussion about Windows vs Unix when it comes to OS design. Linux and macOS have got a very small percentage of the home user desktop market, so that's why there is no reason to target them.

But the fact remains that hackers have got no problems hacking Linux. In fact, hackers have got no problems hacking the macOS either, just yesterday Apple patched a zero day in WebKit that was actively exploited in the wild on probably both iOS and macOS, sounds a lot like Windows to me LOL.

 

I don't, that's why I came to the conclusion that Unix isn't as safe as thought. And trust me, those attacks on Linux servers and macOS users are very real, whether you believe it or not.

Depends on what you mean with much safer. Is it much safer because of the lack of malware for Unix based systems like Ubuntu and macOS, then I agree. Is it much safer because of its design, then I disagree for the reasons that I have already mentioned.

Yes, I agree that most third party AV's sucked, same goes for Windows Update. So I didn't even use an AV for 10 years. Yet I did download hundreds of apps in the last 20 years or so, most of them were listed on sites like Softpedia. Of course I did scan them with VirusTotal and monitored app behavior via HIPS.

I don't think I ever actually encountered malware. I also never had a problem with any drive by attacks. Perhaps some of them were silently blocked, who knows. Chromium with its built-in sandbox was of course a game changer. But anyway, the point is that Windows can be just as secure, with the right protection tools and user education.

 

There have been attacks on Mac and on Linux servers for ever. They're not new. I've tried to explain why (FUD) they are being reported more often now. I can't keep repeating myself.

Well, you'd be wrong. But if you keep claiming it long enough and keep saying it to yourself it might just come true. Probably not.

F/p's are just in the nature of AV's. Them 'sucking' or not is irrelevant.

See reply #2 above.

 

Whether these attacks are being reported more often or not, isn't relevant to this discussion. Fact is, these attacks take place, so people should take notice and perhaps take security on Linux more serious. These hacks are no joke and can hurt corporations quite a lot. Calling this stuff FUD isn't productive.

Well, I'm telling you, that you are wrong. Let's agree to disagree.

That's not the only reason why I believe they suck. But so far I haven't had any serious false positives from Win Defender, that's the good news.

 

Yes, it is relevant. Due to MS improving its bundled antivirus third party AV distributors are now desperate for new clients. Your argument is not cogent. No one running Linux takes security for granted. That's all part of the FUD narrative that you are unable to distinguish from reality.

I know it's really important for you to believe Windows is as secure as Linux. Like I keep saying; this is your own subjective ontological narrative.

I thought you claimed that you never used an AV on Windows.

 

What I meant is, whether they are trying to sell more products isn't relevant to this discussion. Fact is Linux and macOS have plenty of holes that can be abused by hackers, so security tools and procedures should also evolve since hackers are focusing more and more on Linux and macOS. Also, when Windows gets attacked with zero days it's because Windows is inherently less secure, right? When Linux and macOS get hacked, it's FUD. Makes sense to me.

See:

https://www.wilderssecurity.com/thr...macos-for-security.443553/page-5#post-3067049

Since I bought my Win 10 laptop I started using Win Defender, it doesn't bother me it just sits in the background and doesn't slow down the system, same goes for my other realtime security tools.

 

Linux tops Google's Project Zero charts for fastest bug fixes

https://www.theregister.com/2022/02/14/in_brief_security/

More details on https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html

 

Well this sounds quite good, those Linux developers are clearly on top of things.

 

I never trust articles that try and simplify complex and diverse topics into one sweeping statement or articles that try and draw broad conclusions based on a limited set of examples. Specific to security I I have noted they tend to ignore the whole picture, such as the layers of security available and any common mitigations.
Use cases and specific situations make a huge difference to security risks and the competence of the system admin is massively important, they can make or break the security of a system, more so than the differences between any current widely used operating system and I say that from experience of having to work with external pen testers (about 4 separate nationally used systems over the years) to secure both Windows and Linux systems that I have been involved in developing and support.
Going beyond the technical aspects, we also need to consider the attitude and processes in place for security, such as what development practices are in place to prevent/reduce security issues, how well (ease, time frames) are they identified in the wild, how quickly are they resolved. The differences here will show over time, so some historic evaluation is needed, but its also hard to do a proper apples to apples comparison due to MS reporting security issues differently to the Linux world.
So its pretty futile to try and draw any complete and fair conclusion, but as always discussion and debate is always worthwhile for developing knowledge and understanding.

 

I see what you're saying, interesting post.