|
Some false assumptions here:
1. There are indeed perfectly credible anti-virus solutions out there that run on Linux. ClamAV comes to mind first, and I know there are others out there
2. People with limited experience working with non-Windows and non-desktop operating systems seem to assume that anti-virus software is an essential, required security measure. In fact it is the LAST line of defence that should be relied upon and computer viruses as the general public have known them are a problem virtually exclusive to the Microsoft platform.
EVERYTHING ELSE is more important than anti-virus, from keeping systems patched to perimeter security (properly configured routers, firewalls, etc), encryption (using robust VPNs for remote access, encrypted HTTP, SMTP, IMAP and POP by default, etc) and use of strong passwords and SSL keys. Anti-virus technology in general should be LEAST relied upon of all security practices regardless of the solution used.
Linux is VERY RARELY compromised by a traditional computer virus--the vast majority of time it is a more sophisticated exploit of a kind that anti-virus would never stop, and the vast majority of time the exploit takes advantage of servers listening on ports in public addresses rather than running the wrong executable or opening the wrong attachment or visiting the wrong website. It doesn't NEED anti-virus to be secure, but like ALL networked computers of any kind all the other security measures are essential to remain secure.
Windows (and MacOS too actually) have "desktop origins"--their ancestry lies in isolated, single-user PERSONAL computer use in a time when part-time dial-up modems and exchanging floppy disks were the only practical means of sharing data (and thus spreading malware). Both Windows and MacOS are completely different beasts nowadays having both swapped rickety old kernels for much more robust NT kernel (inspired by VMS) and a Mach microkernel (used in robust UNIX systems), however everything above the kernel has been some degree of evolution and struggling to shed the old standalone PC paradigms and deal with compatability with legacy crap users just won't let go of. MacOS has a very solid UNIX foundation but Apple's userland environment is all about "just works" and "beautiful", and as such it has a less perfect security record than it could have.
Linux is unique from the other two in that it has "server origins" (as do the *BSD operating systems). There are very good Linux based desktop OSes out there but as others have pointed out there isn't a single dominant one out there (a GOOD thing from a security standpoint--just as in nature there is strength in diversity and weakness in monocultures such as Windows and MacOS). Right from the beginning multi-user use and internet connectivity were central features to Linux OSes (when the Windows NT came out it didn't even have a TCP/IP stack installed by default!). The user base was tech enthusiasts and were very often contributing developers to the software they were using. Focus was on making things work right first--looks and ease of use were secondary. This limited its potential in the desktop market but made it more secure by nature.
Saying Linux is at a disadvantage security-wise because it doesn't have good anti-virus programs for it is like worrying about not having an air conditioner in your new house in Alaska because you might have a hard time staying cool there compared to that place you had in Florida with the central air. Security and anti-virus are not really related.
Also to make note of is that I'm talking about traditional GNU/Linux operating systems here. There are other Linux based OSes that have challenges of their own. Android in particular, which is a Linux OS but does not use the normal GNU userland, has a monoculture problem to some degree (so many closed apps provided only by Google) and was focused on a much less capable, single user environment (1st gen smartphones), so it has some (but not all) the weaknesses of Windows from malware.
|
|
|
|
|
Albert Holguin wrote: Use Linux then...
Are you implying that Linux is bug/virus free?
|
|
|
|
|
Way closer to that than Windows... that's for sure.
|
|
|
|
|
You should do stand-up.
|
|
|
|
|
You're amusing. Go write some code.
|
|
|
|
|
Albert Holguin wrote: Go write some code
Maybe I should write some that will stop hackers from pwning Linux servers on regular basis.
The only reason why desktop Linux is not targeted by 'commercial' virus creators in such rate is because it has so little market share fragmented in so many distros and mostly used by tech savvy people so it's not worth the effort. Suggesting that is the reason why Linux is more secure the Windows is what's called security through obscurity.
On the other hand if you're target of government surveillance, well look for yourself how secure you are by using Linux[^]. Also things like heartbleed.
Critical OpenSSL bug allows attackers to impersonate any trusted server[^]. Will you look at that! Just while I was typing this message to you, perfect time to illustrate my point.
modified 9-Jul-15 14:49pm.
|
|
|
|
|
While I agree that today's Windows (v7 and later) is on par with Linux from a security POV, I'd ask who you believe is responsible for fixing the critical OpenSSL bug you referenced?
The Linux distro? A 3rd party? Or nobody - let the end-user suffer?
Contrary to popular belief, nobody owes you anything.
|
|
|
|
|
Mike Mullikin wrote: The Linux distro? A 3rd party? Or nobody - let the end-user suffer?
Don't know, but that was not my point anyway. My point is that "use Linux" as a single solution to all security problems with modern operating systems is silly and dangerous.
|
|
|
|
|
Nobody said it was a fix all. It's ultimately up to the user to be safe.
|
|
|
|
|
So your answer to road safety would be drive a truck?
|
|
|
|
|
Mladen Janković wrote: mostly used by tech savvy people so it's not worth the effort.
Imagine that...
|
|
|
|
|
Albert Holguin wrote: Imagine that...
Imagine what? That something complicated will be used mostly by professionals?
|
|
|
|
|
Marc Clifton wrote: Why do viruses exist? Because of bugs in the operating systems and applications that we do pay for
Sometimes.
Years ago I got ahold of the source code for a virus called the I Love You Virus[^]
Aside from the silly email stuff, it essentially was 3 pages of VB code that deleted whatever it could from the Windows folder and all subfolders under it.
No 'bug' allowed that. Some deviant came up with this and wrote it.
If it's not broken, fix it until it is
|
|
|
|
|
Kevin Marois wrote: it essentially was 3 pages of VB code that deleted whatever it could from the Windows folder and all subfolders under it.
Kevin Marois wrote: No 'bug' allowed that. You don't think an OS should protect against uninitiated code execution and file deletion?
Contrary to popular belief, nobody owes you anything.
|
|
|
|
|
Sure. It's just that it's not possible.
There's always someone smarter. And any attempt to protect can always be overcome.
If it's not broken, fix it until it is
|
|
|
|
|
Kevin Marois wrote: There's always someone smarter. And any attempt to protect can always be overcome. But the same applies to the anti-virus products.
From the end-user POV the OS should be secure and its the OS supplier who should bear the burden of making it so. The current 3rd party arrangement seems very flawed.
Contrary to popular belief, nobody owes you anything.
|
|
|
|
|
Do you make your software virus proof?
If it's not broken, fix it until it is
|
|
|
|
|
To the best of my ability - but most of the responsibility lies with the OS and browser since they're doing the low level stuff.
Contrary to popular belief, nobody owes you anything.
|
|
|
|
|
And someone better will defeat it... But that's your fault, right?
By your logic, YOU should have put more time and expense into defeating all viruses that might attach your software.
If we as developers tried that, the cost of our apps would skyrocket and the app side would be exponentially huge, and it would never be done.
If it's not broken, fix it until it is
|
|
|
|
|
Kevin Marois wrote: If we as developers tried that, the cost of our apps would skyrocket and the app side would be exponentially huge, and it would never be done. Which is why we rely on the OS and its API's to be secure.
Contrary to popular belief, nobody owes you anything.
|
|
|
|
|
"If we as developers" includes OS providers. They do have some level of protection in there, but they cant stop everything and if they tried the already over-priced Windows would never be purchased.
If it's not broken, fix it until it is
|
|
|
|
|
Kevin Marois wrote: If we as developers" includes OS providers. They do have some level of protection in there, but they cant stop everything Of course but you seem to be suggesting that only a rudimentary level of security is OK and we should rely on 3rd party anti-virus developers to do the hard stuff.
If the AV folks can do it - why not the OS developers?
Contrary to popular belief, nobody owes you anything.
|
|
|
|
|
Kevin Marois wrote: By your logic, YOU should have put more time and expense into defeating all viruses that might attach your software
The answer to that is obviously no, but as a developer, I don't think it's unreasonable to be expected to at least try to mitigate potential issues when you design your apps. That's why, after all, threat modeling tools exist. They're not just for OS designers.
It starts with not requiring the user to run as an admin, not saving passwords in plaintext--those sorts of things. You're not entirely absolved from any responsibility just because there's an anti-virus running that's trying to protect the user from himself.
|
|
|
|
|
So then where do you draw the line separating "uninitiated code execution and file deletion" from "legitimate code execution and file deletion?"
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
That's the $64,000 question. Today Linux distros, OS X and Windows all have slightly different answers but all of them provide pretty good security. All are more secure today than they were 10 years ago or even last year.
Contrary to popular belief, nobody owes you anything.
|
|
|
|