Do You Think Linux is Secure?

by Susan Linton - Sep. 14, 2011Comments (16)

linuxLinux has taken a couple of blows recently in the security department raising the question is Linux really secure? Pundits weighed in and opinions were about as diverse as the individuals. Much was rehash written every time this issue arises ranging from Linux permissions makes Linux more secure to Linux is only as secure as its administrator. But what do regular users think? That's what TuxRadar is asking this week in its Open Ballot.

One of the more interesting observations came from Kim Andersen who said that the diversity of Linux distributions is one reason why Linux is safer than Windows. For example, a malicious .deb will only work on Debian, Ubuntu, Mint, Mepis, or other Debian system. RPM, YUM, Portage, Entropy, Pacman, slackpkg, etc. systems are immune. Tarballs are another subject.

However, another safeguard built into Linux is the large repositories of our most popular distributions. These resources help keep users safer because they won't need to use a search engine and download from untrusted sources, says Shimi.

Then there were several that echoed the sentiment that as Linux popularity grows, so will attacks and attempted attacks. This has been a reoccurring notion for quite a while now, but some think that's something Linux will probably never have to worry about. I'm starting to think Linux may never reach that level of market share either. If there was ever a chance it was with the release of Vista coinciding with the Ubuntu rise. Linux gained some ground, but most of that bump trickled back away with Windows 7 and all those handy gadgets.

Shimi later made another interesting point, even if a bit off-topic. But (s)he wondered, "Didn't Microsoft just got all of a sudden involved in the linux kernel? Interesting timing, Perhaps that way it wasn't suspicious that they were poking around" I don't Microsoft is all that worried about Linux anymore. I think we were even recently removed from its enemies list (see above).

Stunonymous Penguin asserts that Linux users are just more security conscious and have lots of intrusion and vulnerability testing software. But he goes on further to state that risk is increasing due to the growing popularity of personal package archives and one-click installers that allow users to install anything without any thought of security or damage to their systems.

And of course, no security discussion would be complete without the root, user, sudo arguments. There were opinions to represent all the angles, but for me, I do feel safer knowing most of my vital system files are protected by root permissions.

The old adage that says systems being only as secure as the users' ability to secure it probably sums my feelings of safety in Linux. While Linux is inherently more secure by design users need to be diligent in keeping their systems safe. Unfortunately, I also think if those Chinese and lulz hackers can get into NASA, Halliburton, and The Nuclear Regulatory Commission then me and my little ole Iptables script probably ain't gonna keep 'em out.

Coby Randquist uses OStatic to support Open Source, ask and answer questions and stay informed. What about you?


This is totally unprofessional.

While crackers need to manually hack into one specific Linux site, say, NASA, they only need to develop one malware to infect tens of thousands of Windows systems. When cracking Linux, crackers need to at least know the ip and ports, the system has. For sites, these info are static and easy to get, but for desktop users, ip can be dynamic. Then how can you scan the ports?

Moreover, are the breach really caused by flaws in the Linux OS. Maybe they just use brutal force and happen to get the password of admin. Will they ever think of taking this effort in hacking an unknow desktop user?

0 Votes

"Unfortunately, I also think if those Chinese and lulz hackers can get into NASA, Halliburton, and The Nuclear Regulatory Commission then me and my little ole Iptables script probably ain't gonna keep 'em out."

Whilst it might be true to say that one can never account for the occasional genius who sees weaknesses that others just cannot, it's also just as true to say that the Gary McKinnon case shows that large organisations often have appalling IT security and just because they have names like NASA or The Pentagon, it's not safe to assume that their IT is locked up tighter than a Clergyman's daughter.

The other issue is that "secure" is a vague term when applied to IT.

Do you mean "secure " as in immune to all forms of attack, or to casual drive-by infections, or to email infections or malicious software?

Linux is, as you rightly say, inherently more secure by design and drive by infections and email attacks are of little concern to Linux users. But that doesn't mean it's perfectly secure. So, perhaps, a little more accuracy ought to be demanded of both those who claim Linux is secure and those who claim it isn't.

0 Votes

What protection do Filesystems, ext 2/3/4, brtfs etc. give (with or without encryption)?

Does a different CPU help, ARM perhaps?

Are other OS's, OpenIndiana, Haiku, BSD better?

0 Votes

What about android?

0 Votes

I think hackers are more dedicated to attack Windows.

0 Votes

Of course hackers are more dedicated to attack Windows. If you have an easy target like Windows, then why bother with a difficult one like Linux - unless of course you need to get into NASA or the Nuclear Regulatory Commission.

0 Votes

Many attacks on Linux originate from compromised credentials. Very often a user of a compromised Windows box is the key. Note Google's decision to stop using Windows after their recent major Chinese hacking incident.

A standard user with no services running (Apache, BIND, SSH, FTP, etc.) really has little to worry about. There is no RPC, DCOM, PnP, or NetBios ports hanging out there to grab onto. There is no NSA backdoor to speak of. (Chatty programs such as CUPS(printer sharing), DropBox or Giver, can create those handles.) The browser does not have root access. This is why Linux fares well in blackhat competitions.

The attacks on fit a pattern of attempted code injection into the Linux kernel. Sometimes malicious patches are submitted too. Some packages have been similarly corrupted for many distributions, including Android. The RedHat attack may have had similar aims, but was quickly dispatched.

The user is the real weakness, such as in the HB Gary attack, because you simply can't patch stupid. Users are willing to trade security for convenience. They use their phone numbers and pet's names for passwords. They leave their machines on 24/7.

Linux users live with the fact that the executable bit is disabled for every download. They would rather chmod u+x all day than let their machines be compromised (myself included). They partition and encrypt their home directories. Heck, Linus even fought against the USB hot plug feature.

It is a mindset that makes you safe. The operating system is just an extension of the mindset. Hence the user base reflects the reality that most people abandon caution when using their computers (See Facebook). At this point, it doesn't look like things will be changing soon. Consider it job stability.

0 Votes

The only safe system is an off-line system, but if you have to be on-line then Linux is the safest one if you run no services. But if a thief finds the key to your house then nothing is going to keep him out of your house. No matter what security measures you have.

To be honest I am surprised it took this long, considering the high profile of the hacked Linux sites. But that is it, the sites where hacked. The Linux OS is not compromised, so I really don't understand why now Linux should be unsafe? Is someone trying to scare new users away from Linux? Are some people getting cold feet (considering that Linux and mobile tend to be in the same sentence lately)? I think it is very strange...

More reason to concern is the security breach of some Certification Authorities. But I don't think people grasp the severity of the threat. In my country not even the new-papers found it news worthy, and that is scary. It means people don't see the real danger, even if it bites them in the (you know) ...

0 Votes

i m using it since three years .......and i can it definetly secure problem at all ..

0 Votes

Same old bs. If Windows is compromised it is problem with the system. If Linux is compromised it is either because of the user or the services running or weak credentials and so on.

Have some reality check. They compromised main Linux sites and the OS was so bad that for days nobody knew it has happened. It started affecting multiple sites.That is definitely indicator that the OS is not secure at all.

0 Votes

I like Linux and I use Linux exclusively now that I am retired and can do what I like. While I was working for a living I HAD to use Windows. Windows can be set up every bit as secure as Linux. I used Windows regularly for all of my career and I never had a Virus. Never. Why? First I setup Windows to be secure. Windows is not that way when you get it in the shrink wrapped container or when it is pre-installed by some vendor (like Dell or HP etc.) Second, I was always very very careful. I didn't download stuff from "porn" sights or "game" sites. I didn't open email attachments that could be executables. If someone sent me something I always emailed them back (from my address book not a reply) and asked them what it was and why I should open it. I used more than just "common sense", I was very diligent and suspicious. My passwords were reasonably well though out and difficult to break (I tested them with software designed to break passwords.) I didn't respond to emails telling me I should follow the link to my bank and fill in my account number and pin.

I think that in general (at this point in time anyway) Linux users are much more aware and computer literate than Windows users. When a Linux distribution is installed it is initially much safer and also less open than a Windows system. Why? The answer is that Microsoft has failed to be responsible and has done almost nothing to help the home users secure their systems. They have not even cautioned home users so why should the average home user even think of security. Microsoft says "we make it easy, the other systems are hard. You want it easy so buy our stuff." And people buy their stuff. Good marketing, bad security.

Some of this may change as younger users learn more about computer systems and are trained in school to be more security conscious and careful. Maybe a new generation will be more willing to force vendors to produce better systems and documentation; and demand that vendors instructing users on how to be safe while using the computer. We can hope, but until then be careful, do your homework and set your system up to be secure.

0 Votes

I've never really investigated whether or not linux is, as an operating system, more secure, but I think it doesn't really matter.


1) Hackers are more likely to target the majority. Very rarely will a common hacker single out an individual to attack. Unless the hacker is going after specialty information, he is most likely to use a broad attack hoping to capture as many unprotected users as possible.

Virus writers focus on Windows because that is where the majority of the population is. This is what gave mac users a false sense of security. Just because nobody was writing viruses for macs, doesn't mean macs are virus-proof.

2) I've never met someone who has knowingly used Linux as their primary OS who was not at least 5x more computer savvy than your typical Windows user. Someone working in IT is significantly less likely to download a virus or get scammed online than a secretary who had to take classes in order to learn how to use Powerpoint or Excel.

0 Votes

Linux on the desktop has been easy enough" for ordinary "mere users" to install and use since about 2002-2004, depending on needs and attitude. Some of them have gone further and run small business networks (eg. at least a couple dozen users (almost half still addicted to WinXP), servers and firewall) on their own, without a tech-support employee.

The last Linux user I met at the local Starbucks was a sawmill worker -- who was currently running Ubuntu on his netbook, but had decided he was happier with Slackware.

The myth that Linux is "too hard" is an artifact of marketing, unfamiliarity, and even vested interest in the status quo, rather than reality.

Self-taught Linux newbies marvel at their ability to go fearlessly where their Windows AV/Security suites failed to protect them (and many of them were careful to stay away from predictably "risky" parts of the web). Of course, no operating system is "bullet proof" whether maintained by typical users or by experienced professionals. But in the end, it takes much more work (and blind trust) to secure Windows. The people I know who work in the IT industry acknowledge the Windows half of their infrastructure requires at least double the staff to maintain and secure -- and that doesn't include any staff supporting Outlook.

The myth that Linux is intrinsically as insecure as Windows, and protected merely by its low profile is similarly a matter of perception over reality, as many ignorant and self-taught newbies have demonstrated to their own practical satisfaction, and as many professionals maintaining mixed environments have found in extensive general practice.

0 Votes

Chinese hackers? So there are no Britons or Americans who break into systems? Or people from other regions of the world who do so> Or is this some kind of hangover of the American mentality that all terrorist _have_ to be Muslims?

0 Votes

".deb will only work on Debian"

Yeah, right! Ever heard of alien?

0 Votes

Windows most common? Look at what the primary OS is on internet servers! Linux holds the lion share there. Hackers attack power and only want your desktop for zombie networks.

0 Votes
Share Your Comments

If you are a member, to have your comment attributed to you. If you are not yet a member, Join OStatic and help the Open Source community by sharing your thoughts, answering user questions and providing reviews and alternatives for projects.

Promote Open Source Knowledge by sharing your thoughts, listing Alternatives and Answering Questions!