Consider the Big Picture When Betting on Linux Security
Recently, I came across an article that made me laugh. It’s rare to find something in technology that makes you smile these days, so I savored this rare experience.
The article by Jack Wallen, published on ZDNet, positioned Linux as an alternative to the desktop OS security traps of its competitors. This is a viewpoint I’ve had for some time. The article impressed me because the author tried to sell Linux to a readership that was largely made up of non-Linux users.
The author’s argument for a Linux desktop was easy to understand by a neophyte. Beautiful. It’s beautiful. But there is one thing that could be improved. The article was at times a little too short on details for a theme which, in the best case scenario, guides users to the serious undertaking that involves wiping the factory OS of their machine in order to install a free new one.
I hope a sequel is on the way for those who need a little direction after the initial article. In the meantime, and until a sequel is released, I’d like to open a dialogue by presenting a few ideas.
It is good to be aware of the risks. It is even better to lay them all out.
The author begins by noting the dangers associated with Windows, based on the frequency of attacks. Let me cite some statistics to prove my point.
A quick web search reveals that Windows is the most commonly infected operating system, but it’s also the number one target for ransomware.
Windows’ popularity among hackers is not surprising. Windows is the most popular operating system for enterprise workstations. Money is the primary motivation for today’s hackers. What do you think would be the most valuable data to find? Do you think it would be more useful to see the data on an employee’s Windows desktop or a random computer?
Windows is also my favorite verbal punching bag. As I did with Windows, and because I am a believer in fairness, I evaluate Linux based on the facts.
Linux desktop security statistics are hard to find. This is not surprising, given the ecosystem of hundreds and thousands of distributions. To assess Linux’s safety, we need to dig into the statistics.
Linux is a very popular operating system, but there is enough malware to make it a distant second place to Windows.
Despite this, we can’t tell the full story without context. Linux is more popular than any other OS, even if Android is separated into its categories, as shown in the dataset above. Each type of Linux installation has a different level of vulnerability.
Consider IoT Vulnerabilities
I suspect that a lot of Linux malware is in this category, given the number of conference talks, whitepapers, and vulnerability disclosures from industry experts pointing out the security weaknesses of Internet of Things devices.
IoT devices don’t require users to log in, so they won’t notice suspicious behavior that could indicate the presence of malware. Oh, but the login still exists, and most users never change the default password. IoT devices are also rarely updated, if at all. When they do get an update, the device may need to be flashed with the latest firmware.
Do you recall the last time that you flashed the firmware on your router? Exactly. If that’s not enough, IoT Linux is also in the crosshairs because these devices are always on and connected. What could be more useful for inclusion in botnets or for bouncing traffic from and to hacker command-and-control servers?
Linux Servers, Not Desktops, Are Prime Targets
My educated guess would be that most attacks on Linux are directed at the Linux server. Even if we assume server, IoT, and desktop Linux devices all get targeted at the same rate (percentage attacked of all possible targets), there are still more Linux servers outnumbering Linux desktops.
Even though many Linux servers are now in the cloud and receive automatic management to strengthen their defenses (e.g., auto-updates), they still attract criticism because they’re lucrative targets. Linux servers can run a wide range of software.
There is more chance of finding a hackable Linux server if we assume that all software is equally vulnerable. This is because Linux servers have a greater number of different programs than desktops. There are many kinds of servers: web servers (DNS servers), VPN servers, file servers, etc., all with multiple software vendors. There’s plenty of space for attackers.
All these factors indicate that desktop Linux is the least attractive target for hackers looking to make easy money (or to take steps towards that goal). Desktop Linux is the least popular desktop operating system. It’s actually the smallest of all desktop, mobile, and Linux installation types.
The attackers value their time just like everyone else. They tend to target the biggest pool of victims when writing exploits. Desktop Linux is not even close to that, and unless the desktop computing environment is fundamentally changed, it is unlikely to be. This is an advantage from a security standpoint.
Penguins are a great way to get zoological.
I want to examine some of the praise for Linux security that was given in the ZDNet article. Although I find most of the credit to be fair, it’s a good idea to verify the claims.
The author of the article said that Linux permissions were “sane.” However, I am not certain that this is accurate. I don’t know what he means by “sane.” I would agree if he were talking about the fact that root is segmented from other users more than Administrator in Windows.
In Windows, it is very easy to run an application as an Administrator by right-clicking on the app. MacOS and Linux make it more difficult to increase the level of execution privileges. Instead, you must open a terminal window and use sudo to run the program.
This only proves that Unix-style permissions can be logical. This is correct, but macOS also has these permissions. It’s time to compare how macOS desktops and Linux desktops handle default file and directory access. This varies by Linux distribution, so comparisons are difficult.
Our penguin-loving pal also praises Linux’s use of reports as opposed to Windows, which allows software installation by any “.exe.” Most Linux desktop distributions direct you to their repository. MacOS, to be honest, is more restricted in terms of software than Linux.