this post was submitted on 19 Jul 2024

1127 points (96.8% liked)

linuxmemes

21009 readers

397 users here now

Hint: :q!

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules (click to expand)

1. Follow the site-wide rules

Instance-wide TOS: https://legal.lemmy.world/tos/
Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html

2. Be civil

Understand the difference between a joke and an insult.

Do not harrass or attack members of the community for any reason.

Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.

Bigotry will not be tolerated.

These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.

3. Post Linux-related content

Including Unix and BSD.

Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.

No porn. Even if you watch it on a Linux machine.

4. No recent reposts

Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

[email protected]

1127

IT Department's Plan (i.imgur.com)

submitted 3 months ago by [email protected] to c/[email protected]

114 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] [email protected] 6 points 2 months ago* (last edited 2 months ago)

If only our vendors made Linux versions of their systems and regulators would approve them or the OS but no, my regulators only allow windows and approved software that they verify the hashes of every few months for changes

[–] [email protected] 11 points 2 months ago (10 children)

I'm actually curious to know, how is Linux inherently more secure than windows?

[–] [email protected] 7 points 2 months ago

In addition to what others have said, there's the move towards containerized applications on Linux via flatpaks, immutable distributions, and snapshots/rollbacks. There are also distributions like Debian with a delayed package release schedule for added stability and security. Its my understanding that you could have an exceptionally secure, effectively trustless, Linux system beyond what is possible on Mac or Windows.

[–] [email protected] 12 points 2 months ago

Sort of an aside, but I am seeing Microsoft more as a hostile entity that I need to protect myself from.

[–] [email protected] 10 points 2 months ago

Its not and everyone who says it does is full of shit. The reason linux doesnt need av is that av is secretly overrated

[–] [email protected] 24 points 2 months ago* (last edited 2 months ago)

Few things, in rough order:

Smaller = less attack surface. You can strip a Linux OS down to only what is needed.
Open source, so it's can be peered review. There are Unix distros like OpenBSD, that share lot of user space component options, where auditing is a big thing. The whole sunlight and oxygen stops things festering as much. As abosed to things locked in a box in another box down in a cellar.
Open source transparency forces corporates to be better. We can see what they are and aren't doing.
Diversity. The is no "Linux", it's a ecosystem of Linux distros all built and configured differently, using different components. Think of Linux as just a type of base board in a sea of Unix Lego bits. There are plenty of big deployments on BSD bases that share a lot with some Linux deployments.
Unix security is simplier than Windows security, so easer to not mess up.

[+] [email protected] -7 points 2 months ago (3 children)

It's not, in fact out of the box Linux is SIGNIFICANTLY more insecure than windows.

The thing is, hackers and hack tool makers target the largest market segment to gain the most conversions.

Apple users used to gush about how virus proof they were until they hit decent market share, and then they got plenty of malware.

Same thing with Linux but the real difference is you need a few decades of linux experience to fix anything in a timely manner.

[–] [email protected] 7 points 2 months ago* (last edited 2 months ago) (1 children)

Linux is SIGNIFICANTLY more insecure than windows.

Absolutely not true. I assume you don't have a source for this? Besides your butt...?

UPDATE:: They did not have a source.

[+] [email protected] -11 points 2 months ago (2 children)

Does Linux come out of the box with A/V and firewalls?

On second thought, you're dismissive little aside just convinced me to excise you from my internet experience for all eternity.

Ta...

[–] [email protected] 5 points 2 months ago (2 children)

AV is a bandaid for the horrible way software is handled in Windows. Linux is far from perfect, but package repositories are such a step up when it comes to security.

[–] [email protected] 2 points 2 months ago

There is still the need to add repositories and download packages from the web every so often though. I don’t see why AV isn’t more common. It doesn’t stop the more clever and up to date attacks, but some protection from the simple things wouldn’t hurt.

[–] [email protected] -5 points 2 months ago (1 children)

I try not to argue with cultists. Have a day.

[–] [email protected] 4 points 2 months ago

Living up to their username...

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago)

What a dumb argument. You have to configure firewall rules for Windows and Linux. That is like the first thing any competent admin will do, no matter what OS they are working with...

[–] [email protected] 2 points 2 months ago

target the largest market segment to gain the most conversions.

Windows market share is bigger in desktop only. In fact, is kinda sad that still there are serious institutions using Windows for non-desktop stuff. I hope this incident changes it.

the real difference is you need a few decades of linux experience to fix anything in a timely manner.

[ citation needed ] Probably you are meaning desktop again. Although troubleshooting Windows is not easy task neither, there are way more desktop users familiar with it.

The real thing is

1. There is no single "linux" OS. There are lots of different OSes based on Linux kernel. And they are for servers, desktop, embedded systems, smartphones, etc.
1. More important. Security is a process, not a product from a vendor. The root cause of this incident is that some institutions are seeing that you just buy "security", install it, and call it a day. No important stuff should auto-update. And no institution should auto-update lots of important stuff at the same time.

So, Linux is not really more secure. But is built in a culture where security is taken more seriously.

[–] [email protected] 3 points 2 months ago (2 children)

Question, how is Linux more insecure out of the box?

[–] [email protected] 5 points 2 months ago

It isn't. Most distro's leave the firewall disabled on install but what services are exposed? None. Most are set to localhost only and ssh is normally not installed or enabled. Antivirus on windows especially defender just seems to keep me from doing my job. For instance every decent utility from nirsoft is detected by defender as being infected. I suspect microsoft hates those utilities that allow you to back up credentials and most critically license keys.

I do agree that the main thing that keeps linux from being as easily exploited is the more about the average linux user and less about inherent security. I've only had one Linux machine exploited in thirty years and it was a older version of Debian that a vendor disabled the automatic updates on when it was installed. I woke one morning to 10gb of upstream traffic on my traffic graphs. The attacker had gained access through a outdated version of apache. The fools who had compromised the system couldn't understand why he had to work through a rdp session to reinstall his product when I reloaded it with the latest version. The fool was pissed that I had updated debian. My boss pressed them until they agreed it was time to let debian 7 go since the latest at the time was debian 9.

But in the end the breach happened because of a foolish vendor with outdated ideas regarding updating a OS.

[+] [email protected] -8 points 2 months ago (1 children)

Does it come preinstalled with an antivirus and a firewall?

[–] [email protected] 2 points 2 months ago (1 children)

Does windows come preinstalled and preconfigured with more potentially vulnerable software on open ports?

I personally don't value an antivirus that much, since it can only protect you from known threats, and even then, it only matters when you're already getting compromised - but fair point for Windows, I suspect most distros come without antivirus preinstalled and preconfigured.

A firewall, on the other hand, only has value if you already have insecure services listening on your system - and I'm pretty sure on Windows those services aren't gonna be blocked by the default settings. All that said though... Most Linux distros come with a firewall, something like iptables or firewalld, though not sure which ones would have it preconfigured for blocking connections by default.

So while I would dispute both of those points as not being that notable, I feel like other arguments in favor of Linux still stand, like reduced surface area, simpler kernel code, open and auditable source.

One big issue with Linux security for consumers (which I have to assume is what you're talking about, since on the server side a sysadmin will want to configure any antivirus and firewall anyways) could be that different distributions will have different configurations - both for security and for preference-based things like desktop environments. This does unfortunately mean that users could find themselves installing less secure distros without realizing it, choosing them for their looks/usage patterns.

[–] [email protected] -3 points 2 months ago (2 children)

Answering a question with a question is an instant block you rude af windowlicker

[–] [email protected] 2 points 2 months ago (1 children)

Man, and here I put too much effort writing a reply to a troll 😔

[–] [email protected] 2 points 2 months ago

Same...

[–] [email protected] 5 points 2 months ago

If you follow the philosophy that it follows, that is, giving the least possible permission to any application, to make it work, it easily becomes much more secure than Windows.

On the other hand, if you log into your GUI desktop as root, Bill Gates save you.

[–] [email protected] 4 points 2 months ago

Because you can own your system and inspect and alter all of it in case it's needed.

[–] [email protected] -1 points 2 months ago

I think this is a misconception.

In the 90s it may have been true - windows was focused on user experience on the desktop. Pre- internet, security just wasn't relevant.

Even in that era though, Linux was running on servers in universities et cetera managing many users.

I guess this is where the reputation arose.

These days I don't think either is inherently more secure than another in a general sense.

For specific uses cases one might be more "reliable" than another just because it's used more and therefore has more people looking at it. For example, the vast majority of Web servers are in a Linux environment, but the vast majority of on premise email servers would be Windows.

What I'm saying is, in 2024 the general security of each platform is going to be comparable, and only a very small component in your chain of reliability. Like if you develop a threat model, and write policies, and maintain behaviours in practice, the underlying security provided by the environment isn't really that relevant.

[–] [email protected] 13 points 2 months ago (1 children)

In general it is. Opensource software has less bugs that proprietary. And even those bugs can be mitigated with hardening.

[–] [email protected] 5 points 2 months ago (1 children)

That's...a gross oversimplification. Super popular open source projects tend to have few bugs from the sheer number of contributors available to fix them, but active proprietary software has dedicated teams working fulltime every week to deal woth issues. Proprietary stuff is often way wider in scope than open source, so more surface for bugs to creep in. Scope and team size have a lot more to do with bug density than open vs closed source.

[–] [email protected] 1 points 2 months ago (1 children)

I don't know how much effort thoose proprietary software companies put into the actual software. Why is windows so shit? Why is whatsapp buggy? They try to get money with shit software with no optimisations at all.

[–] [email protected] 1 points 2 months ago (1 children)

How many open source projects have 50 million lines of code like Windows, or legal agreements related to backwards compatibility and version support guarantees?

A for-profit company is going to focus on whatever generates revenue, sure. But crappy software will lose customers in a non-monopoly scenario. They're not exactly incentivized to make broken things nobody wants.

[–] [email protected] 1 points 2 months ago

They are neither incentivised to make quality of life improvements to their software. Thats why i hate most of them

[–] [email protected] 3 points 2 months ago

It isn't.

However security software for Linux usually doesn't operate in kernel level usually. And it doesn't brick your bios.

That being said because of how Linux works it is much more possible to safe a bricked Linux machine than a Windows machine.

load more comments