Open Ballot: Is Linux really so secure?

TuxRadar

As Linux users, we watch our poor Windows-suffering brethren battle with viruses, spyware, malware and other problems, safe in the knowledge that our operating system is designed to minimise such risks. But is Linux really as secure as we like to think? The recent hacking of kernel.org and impact on related sites has given us much food for thought.

You could argue that Linux is intrinsically very secure, but a high-profile site such as the home of kernel development is going to be a big target. Or maybe Linux isn't really that secure - it's just that the users are typically more tech-savvy and are less likely to run HOTBRITNEY.EXE attachments in their emails. What would happen if all Ubuntu users started installing random .deb packages in emails? Is it all down to the users?

Let us know your thoughts in the comments below, and we'll read out the best in our upcoming podcast. Gracias!

You should follow us on Identi.ca or Twitter


Your comments

The Less Secure When More Popular Fallacy

The usual nonsense that MS etc. spout is that once Linux becomes as popular as Windows it would be attacked ad broken jsut as much. This hardly can hold any water as a large percentage of all web servers are Linux and have been for a very long time, most web-servers are apache and if I was going to attack a system for profit I wouldn't be bothered attacking some no-name users PC I'd attack a bank, Amazon etc.

That's not saying people should ignore blindingly obvious updates like Sony did which they were running on what appears to be RedHat circa 7.x! I think a well patched system running AppArmor or SELinux is an excellently protected system and I think we should always be wary but we can afford *some* smugness ;-)

A system is only as secure as it's user

Linux system are just as susceptible to malware as windows users. Windows users get viruses by downloading and installing software they should not trust. The same thing can be done by installing a third-party .deb or .rpm that contains malware. When you install such a package it has full access to your computer(you install as root normally) and can theoretically do whatever it wants. The difference is that there is much more software supplied by distribution's repositories than there are by Microsoft so less linux users google for software to download. Even a malicious software not using a root-requiring format such as .deb or .rpm(say if you download a tarball) is potentially dangerous as by default it has access to your /home (you are running it) and theoretically can delete all of your data.

Secure enough for me

I don't think average Windows users are more stupid than average Linux users. The truth is that it's very hard to use a Windows machine and not getting a virus. The last time I used my Windows PC at home I got a virus (it was a couple of years ago...). I had the antivirus and the OS updated. But, a virus was able to contaminate my PC. You don't need to be stupid or careless to get a virus using Windows. You only need to be there.

Fortunately Linux is much safer. The best part is that (for me) is secure enough and you don't need to put much effort trying to avoid malware. No need to update antivirus or run software to remove malware constantly.

Echoing the post above

I agree with the commentator above, but I would like to stress that the diversity of Linux systems strengthen its security. Thus to make a .deb file will "only" attack the Debian clan, whereas Mandriva, Red Hat, Suse etc. would be left out of the attack. You also have to give special rights in order for anything to attack the Kernel. Hence the system is also more secure. Most MS users are superusers per default.

true and false

I hear that kernal.org's problem was down to human error and that all will be up and well and healed in no time. The problem wasn't down to any instability of the software, but down to someone letting their account get compromised. From that perspective, it's more secure.

...but then isn't that always the case? Most problems with computers aren't down to someone cracking into the system, but through using the access given to someone who can get into the nuts and bolts, because they've done something daft like install a dodgy toolbar etc?

Linux really is more secure

Linux really is more secure in practise at this moment in time. I don't know how this will change as linux gets more popular, but the fact that root and user permissions is a fundamental part of processes and files will always give it the upper hand over windows. The repository system is an extra layer of security, but, as with everything, it's the user that determines how safe the system will be (the most secure system is one that is off!).

The attack on kernel.org was a focused attack, but still we should be learning from it. I mean, seriously, what went wrong?

Madhacker

Linux is as secure as the person using it. Security begins with the human and ends with eyes wide open and taking care not to allow unfiltered junk through his or her machine.

Comments

I've read the posed question above and the reader's inputs. I must agree that some good points were raised, however it should be clear, eminently clear, to anyone who has read the news that the exploit is not due to failings in the OS but rather due to human error. A lesson to be learned from this is that due diligence needs be applied to security, from all angles. Security is a matter of eternal vigilance. It speaks highly of the strengths of Linux that the exploit was quickly discovered and dealt with. Can you imagine what would have happened if Linux was closed sourced? Yes, this incident is bad news, however it does no good to write a headline suggesting Linux is shoddy. That kind of fodder feeds the anti Linux crowd. Ask the question by all means, but don't infer inferior status or quality.

Checksums

One of the major advantages of package managers over bundles is that they provide automatic, cryptographic confirmation of whether or not you're actually downloading a file that your distribution has released and sanctioned, as opposed to one that some cracker has managed to place in to the system.

Sure, you could run md5 on a bundle and check it with a website, but it's not automatic and so it's much less likely to be used by lots of people. Repositories/app-stores, I think, have a definite advantage in this regard.

Re: Checksums

I should add, I guess, that not all distributions do this, but many do.

Biodiversity

I just want to add a +1 to the comments so far pointing out that the much maligned differences (By some...) are a part of the defence. Only a small part, mind because it's almost a 'security through obscurity' kind of thing which is utter nonsense.

Apart from that specific point, yes I'm still of the opinion that Linux is safer than Windows and probably OS X too! Users or admins doing something wrong, either by design or by accident is still the biggest hole in any OS as appears to have been shown by the whole kernel.org/linuxfoundation.org thing.

If you like conspiracy theories

Didn't Microsoft just got all of a sudden involved in the linux kernel? Interesting timing, Perhaps that way it wasn't suspicious that they were poking around kernel.org :P

Re: Package managers rule

Sorry Mike, I'm going to agree with Keine Ahnung, I think package managers DO make a difference. If Joe User is looking for a graphics package (as an example) on his Windows box, then chances are he'll Google search - which leaves the door open for some malware to be downloaded. On the other hand Jane Linuxer will probably check Synaptic/UbuntuSoftwareCentre/etc _first_ before trawling the internet, malware averted in most cases (simply because of the huge variety of Linux software available). Plus, because the package manager covers both OS _and_ apps, it's more likely that ALL the software on a particular system will be up to date at any one time. Compare with Windows where the OS has an updater, Adobe products have a separate one, Apple products another one, and so on - a veritable Tower of Babel! Linux WAS more inherently secure than Windows, but Windows 7 is narrowing the gap - unfortunately I think MS made a darned good job in this case.

Where we (Linux users) still score is that we tend to be more "savvy" - so we know not to just download an RPM/DEB from some dodgy site - especially if said RPM/DEB isn't offered in source code form.

Unfortunately it's still the case that biggest threat is "the nut behind the wheel"!

A bit...

...but not enough. Linux with it's strict separation between root and user helps a bit to avoid some of the common sources for viruses, and systems like SELinux are also very important.

However, with Windows security strongly improving since Windows 7, I believe that social engineering attacks become more and more common compared to viruses. It is much easier to try to brute force passwords or to send spear phishing mails than to try to find holes in a system.

Maybe it needs a bit more than a file called HOTBRITNEY.exe to get a Linux user to give root permission, but we already saw malicious .deb packages on gnome-looks.org some years ago. As Graham said in a very early episode: I happily change all files in /root to mode 777 if I want an application to work... And nearly all of us are guilty of using simple passwords, not changing them often enough etc.

Linux users are (traditionally) more security aware

Linux users (and their software) have a stronger tradition of security and trusted sources - how many of you leave confidential voicemail, or email Excel company data to half-remembered email addresses, or execute recovery software downloaded from a site you have never heard of, or have your USB / CD / email to auto-run executables?

There is also a wealth of cracking software available to Linux users that promotes risk-awareness, even amongst people who don't use it.

The worst change I see at the moment is the growing popularity of private package archives, without credible procedures to verify their security or trustworthiness - and the newly launched single-click PPA installation links that would permit any hoodlum to over-ride existing packages on your system.

Bad news travels fast...

Sadly bad news travels fast and wide. No matter whether the
hack was user derived or not, matters not to the opposition
as it gives them more ammunition to fire at the F(L)OSS
community.

In the end it is the lowest common denominator that
influences security and that is the goon sitting in front
of the display with fingers in top gear and brain in
neutral, and from my experience most goons are only too
willing to click on their Russian Credit Rating or Tracy's
Mega-Boobs pop-ups or... or...

So a Linux install is only as secure as the nut at its helm.

Bazza...

good old user vs root fallacy

I'd say it isn't more secure. One of the most often quoted advantages that as a user anything you run can't affect the whole system is completely misguided. As anything you run still has all the access to *your* files, it can still run a backdoor/trojan it can still send spam, it can still read your email, get your passwords, and if it contains an exploit compromise your whole system.

The way this should work is that you as the physically present user are like a god to the system, it's most of the applications that are separated and don't have access to *your* files, firefox could for example only have access to it's ~/.mozilla/ directory, and whenever you want to download a file it just ask the system "i wanna save this file" and the whole dialog box would be part of the system, that way you can still do what you always did but if firefox/flash is compromised the damage is limited to it (unless there's another exploit for the kernel in there;p). I think SELinux kinda does something similar (i don't know much about it to tell the truth), in that it's far more granular, but that's still far from what i mentioned.

Considering flash and web browsers are the most common attack path against home users you can't really say linux is any more secure, as adobe has trouble getting flash to work at all, i doubt security is something they even worry about.

Yes it is.

Linux has proved time and time again that it is less likely to get a virus because of one simple mechanic: the root user. Unless users run something as root (assuming they have the appropriate permissions) it can't ravage their filesystem like it can on Windows. Also, because of the clear filesystem style, viruses are a lot easier to discover because they've got to keep their files somewhere. I also understand that Linux (and BSD) users are less likely to run HOTBRITNEY.EXE, but that shouldn't take away from the Security of Linux. Also, with much of the software for Linux being Free, you can read the source code, so downloading anything malicious is unlikely unless you get something proprietary or download it binary only. When I used Windows, my computer was infected with all sorts of stuff even though I'm responsible with security. I now run Slackware, and I've never gotten something that caused an issue (well, maybe Emacs, but that's another issue entirely.)

Yes

Yes, absolutely.

I will say this however: If you get a virus on ANY computer, you simply deserve it for being careless.

Except on a Mac.

If you get a virus on a Mac, you deserve it because you bought a Mac...

Put down the mouse, and step away from the keyboard...

sort of

I agree with the user above who notes that an malicious piece of software doesn't need root to see all your files, steal your passwords, monitor your activity etc.. There's a server/desktop distinction here. Linux has a good security track record on servers, of course, but the desktop is a whole other kettle of cats.

The main reason we don't have to worry about malware on Linux desktops is because Linux is, to be polite, still niche. I'm sure if it had 80% of the desktop share it'd be targeted far more, sometimes successfully. But I'm also sure that those nimble and agile FOSS coders would respond quickly and effectively. All without, I think, the emergence of those antivirus etc. providers, with obvious conflicts of interest (their business relies on providing an imperfect solution), we see on Windows.

The massive advantages it brings though, as people have mentioned, include the package manager, not because it provides security updates or whatever but because getting malware via it is pretty unlikely. That's not an exclusive feature of a package manager of course, just the fact that a trustworthy body has approved this or that binary, it could be done in other ways as Mike has pointed out.

A bigger advantage in my eyes is that, in the proprietary world, there's a vested interest in concealing security flaws, which is not present in the free software world where they are inherently public from the start.

Mostly

The GNU/Linux system has 2 things working for it:

1. It is not Windows:

In large extent viruses are a feature of the DOS/Windows design.

To be fair, the Microsoft engineers are working hard to fix this, but their legacy installation and user base make this a really hard problem to solve. They need to implement a security model on top of a system that was not designed with security in mind, while not breaking the current applications and not upsetting the user base.

2. It is transparent:

The common wisdom is that there is no security through obscurity. Making your security transparent prevent the bad people to gain an advantage over the good folks. In essence it is a bit like the Wikipedia model: If it is as easy to build as it is to destroy, the result will be positive, simply because people are basically good.

...

That said, security is not a state, it is a process. And balancing security and usability is never easy.

I have no idea..

But I have to agree with Spangwiches. There is a distinction to be made between attacks on Servers and attacks on desktop users.
I dont know if the two are mutually exclusive or not for most people, but for me there almost the same thing. I always have a LAMP stack running.

When it comes to root access to my machine I'm fairly confident that every things ok. But when it comes to things running on localhost and broadcasting over the internet I'm a bit more paranoid.
You just seem to leave your self open to all kinds of messing about. But I'm don't have an always on internet connection.

... What was the question again?

Is Linux really so secure?

I'll let you know when I know.

I have had no bad experiences so far.

Nope

Nothing is as secure as we think it is. Bruce Schneier laid it out perfectly in Applied Cryptography. I am paraphrasing here, but the basic idea is that I can create a system that is as secure as I can make it. That system will remain secure only until somebody smarter than myself tries to break it. After kernel.org got owned there was a message on the front page saying they don't think the attackers got very far and the risk was minimal, but we now know this isn't true because other sites are now reporting breaches as a result of the kernel.org breach. Even now kernel devs are saying that the kernel source is secure because of the crypto GIT uses. This is true, unless the people doing the hacking are smarter than Linus. In which case I'm going to need another cup of coffee and a fluffier chair, because it's going to be a long winter.

Secure?

So, Sony was running something other than Linux?
FBI affiliates use Windows server 2003 for all their serving needs?

There is no such thing as truly secure secure software. Except the software that I write. [Insert shameless plug here].

Sony may have been a wee bit careless with their servers, but there are countless other ready examples of high-profile Linux servers that been pwned over the years. Especially in these recent years of lulzsec and anonymous.

Depends on the "vendor"

I think it definitely helps that Linux programs tend not to have hooks into the OS the way IE and Windows are. But it relaly depends on the vendor. I know I've never messed with my Linux firewalls unless I had issues with stuff getting in/out. So it's up to the "vendors"/packagers to make sure they have secure settings.

Also, the more things you have running ,the more vulnerabilities. That's why that BSD (openBSD?) has no vulnerabilities in X years "out of the box". Once you start added programs you're adding vulnerabilities.

Of course!

This is the easiest open ballot ever, Yes Linux is secure!

Yes it is, but...

Linux is a very secure system. The way privileges are given to users, and the make up of the filesystem contribute a lot to that.

But(!) any great hack is (almost) always a chain of hacks. A weaker system is hacked, and within is information about the next system.

For example, your computer is really secure, but your friend/coworker's email password isn't. As it just so happend you emailed him a password for some service.

And now you get hacked, because of a weaker system with information about yours.

The downside is, that once you do get hacked and someone has privileges on your box. They can do pretty much anything, and cover up their tracks for a long time.

Apples and Oranges

Another week and another badly coded web app falls to an SQLi. Does that mean that the Linux distro running on the server was at fault? Of course not.

After the fact, you're web app was compromised, the question remains: How resilient is your storage? Did you hash/encrypt all that hackers might consider worthy booty?

When kernel.org was compromised my first question was: How resilient is git?

I'll start worrying about Linux, when the first servers fall to a remote exploit of a vuln in the OS itself that wasn't brought on by a sloppy admin leaving his/her credentials about or allowing unfiltered user input to go straight through to the backend.

Do we need to embrace variety?

What protection do Filesystems, ext 2/3/4, brtfs etc. give (with or without encryption)?

Does a different CPU help, ARM perhaps?

Are other OS's, OpenIndiana, Haiku, BSD better?

It's more secure for me

All I have to say is that I've been using Linux for 4 years now and have NEVER had a problem in terms of security...(graphics drivers on the other hand - lol).

When I had a Windows box I got my annual subscirption to Norton for $50-$60 and would still have issues with malicious software installing itslef to my hard drive. Several times the performance got so bad or the machine just simply wouldn't boot, that I had to re-install the whole OS and start fresh.

Whether this is due to popularity, being inheritly more secure, or what have you, I can't rightly say. But I do know for a fact that I'm more secure with Linux running the show.

Maybe, but that's not the point

The Linux kernel may be more secure, but who cares if the kernel and 'the system' are more protected than Windows when a piece of malware (even a simple script that can be written in a few minutes) can completely trash my home folder? This is where the number of people running Linux on the desktop becomes relevant as it's appeal as a target increases proportionate to it's uptake. The fact that the vast number of servers running Linux may be more secure is great but because there's no-one making keynote speeches about it unfortunately means Linux still doesn't get the recognition it deserves.

It is the setup that counts

MS Windows can be setup to be very secure. The OS has many security options some of which are more powerful than many Linux distributions. The problem is that Microsoft has failed (or ignored) the home user. Out of the shrink wrapped package Windows installs as an open very unsecured system. Microsoft is to blame and should be taken to task for their lack of corporate responsibility. When a enterprise IT department sets up a Window machine they have been trained, usually by Microsoft, to enable security features. Windows can be a very robust secure system when installed and setup by a trained professional. Microsoft works with enterprises to help them setup and maintain secure systems. Microsoft has done less than nothing to help the home user protect their systems. Shame on Microsoft.

sort of, again

In reply to Barton,

I'm sure what you say is valid, I can't really comment as I have little experience of windows servers.

I'm sure a desktop windows installation could be secured up to a reasonable level. And MS have certainly at least made gestures, at least, in this direction with, for example, UAC. But the trouble with something like UAC is that it is intensely irritating as a user. The result being that I care less about security than before, I just get into the habit of clicking 'allow' to everything that pops up which is far from ideal.

I always end up turning UAC off and running windows as an admin. If I don't, things don't work. To get many old programs working I have to set them to run with admin rights, too.

Of course all this is my fault, I choose these things. But the fact is that for my sort of usage the MS security options I am aware of just make my PC unusable.

Contrast that with how Linux does it on recent distros I have used:

If I want to download something executable I have to explicitly mark it as executable before I run it. That's, in very broad terms, quite similar to UAC but the difference is that in windows every single piece of software I install or use for the first time requires this. Whereas in Linux the majority of my software comes via the package manager. So I'm only faced with this when when I want to do something a bit out of the ordinary and I'm gently reminded that what I'm doing is somewhat risky, it's saying: if it's a bash script then have a quick look at the code, if it's a binary double check that you trust the source. This makes me think in terms of security rather than on windows it getting in my way and pissing me off every 5 minutes and making me resent anything secure.

And I've never had to run a normal program with admin rights to get it to work in Linux. It's just built differently, security is, in this sense, inherent to a large degree. When I need to sudo/su I know I'm doing something beyond normal use, and that's the only time I need it.

Short version: Linux seems to be affect security by making sure I know what I'm doing when I do something potentially risky. Windows asks me about *everything*, which causes me to stop caring about security, and also forces me to act in inherently risky ways to make basic things work.

I Think Different(tm), when I'm using Linux.

Security is a relative term

How "secure" is 'xyz'? To decide that, we need to go into what makes the system "insecure". The only determining factor in insecurity is "can it be compromised"? The general answer is "yes".

However, "security" is determined by how easily a system can be compromised and certain things (like gpg keys and file checksums on recognised repos) make it harder to compromise a Linux system. Someone will always try new and sophisticated methods until they manage to find the weak spot in some weak software (or hardware) and then we're back on the trail of tracking down the fix.

The process of Security is a mix of both management of access, patch management, minimization of the target size presented externally, as well as user education (most Linux users tend to be fairly well educated about their choice of OS as a collective).

Creating a "secure" environment is not about one single mechanism, or one single device, or one single system, or one single authentication mechanism, it's about the collective whole.

Agree with most comments + my .02

I agree with a lot of comments here but I'll add my .02 cents worth. I do believe Linux and *nix is more secure than the Windows environment. I feel that the security of these distro's also rely heavily upon the systems administrator to know what he/she and his/her team are doing with these servers at all times.

I'm in no way saying my boxes are hack proof because we all know that would be the most ignorrant statement of the decade or could be compared to the Al Gore inventing the Internet statement. I do remember when we used to support MS IIS boxes that they were incredibly hard to keep people out which is why we no longer supported websites that required the MS platform. But in MS defense we never did pay that much attention to those boxes anyway because we only had a select few that required MS (old front page days. and the thought of supporting front page extensions on the *nix boxes was out of the question too).

I'm going to go out on a limb here to say that ALL operating systems have
their places and I think the Internet has become highly unstable
because of piss poor admins and the wrong OS's chosen for the task at hand. MS does wonders when not connected to a public network. I'm not hating on MS but lets face it, what is the majority of the OS's out there thats being used for ddos attacks, the spreading of malware, trojans, worms etc?

*nix or MS with the right admin/team == winning combination imo.

Before plugging ANY operating system into the public network I just wish these people had a good understanding of what they are doing to keep things more secure.

Security is not because of obscurity

Any OS that is in existence: past, present, or future is only as secure as the user that is using it. That's what I've read here and I find it is the Only real truth about OS Security regardless of platform, so there's really no debate other than from fanboys that insist on flame wars.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

CAPTCHA
We can't accept links (unless you obfuscate them). You also need to negotiate the following CAPTCHA...

Username:   Password:
Create Account | About TuxRadar