The Free World: The Linux Security Discussion Continued.
There’s a pretty good discussion over on News Vine about the future of GNU/Linux security.
The original entry, here, takes the position that GNU/Linux is only more secure because it has a relatively low adoption rate a compared to Windows. The implied argument is that when GNU/Linux adoption hits critical mass, the bad guys will start writing malware for it and then it will suffer the same fate as Windows.
The author, clearly, doesn’t understand the GNU/Linux security model.
The reason GNU/Linux is more secure than Windows has nothing to do with adoption, it has to do with the the differences between an easy-to-compromise monolithic system where everything is intertwined, and a modular system where everything operates independently. It has to do with a vulnerable system where every file can be executed by default and a system where the exectuable bit on a each file has to be specifically set before it can be run. It has to do with an insecure user system that allows everyone access to the system files and a system where a normal user has no access to the system files.
I’ve been involved with this discussion many times on this blog, my forums, on the Linspire forums, and show #17 of the GNU/Linux User Show (MP3 | OGG).
I’m not going to rehash the whole thing as there are many places on the Internet doing just that. I just wanted to take the opportunity to post some links to some (hopefully) good information on exactly why GNU/Linux is, and will likely remain, more secure than Windows.
Related Stories
POSTED IN: The Free World.
9 opinions for The Free World: The Linux Security Discussion Continued.
Hogg
Feb 22, 2006 at 6:52 am
The point that I was trying to make, is that when Linux becomes more widely used and it becomes more worthwhile for malware writers to attack Linux, “when GNU/Linux adoption hits critical mass,” they will learn new ways, ways that you and I don’t understand yet, to attack Linux systems. The sofistication of software is advancing every day and with that the sofistication of malware is advancing also.
Jon
Feb 23, 2006 at 10:39 am
I actually read an article in this month’s Linux Magazine (the Eurpoean one, not the US one) about virii and GNU/Linux. I was very surprised to learn that there are somewhere around 400 identified virii for GNU/Linux, although they are almost never seen in the wild.
I feel confident in stating that the virus problem with GNU/Linux will never even come close to the virus proboem with Windows. The GNU/Linux kernel and OS are just more secure. Period.
I also don’t think that the sophistication of malware is advancing every day. In fact, I believe its proliferation is due to the fact that the Windows OS has become so vulnerable that script kiddies with very little skill can introduce very rudimentary scripts into a Windows environment and gain access to the box. One no longer has to be a developer to write a virus or deploy a piece of malware. There are kits galore in the Internet that allow a relatively unskilled and uneducated user to spread these things.
In any event, yes - I think numerics play a part, but there’s an awful lot more to GNU/Linux security than a low adoption rate.
Jeff
Feb 23, 2006 at 2:55 pm
It’s my understanding that the primary reason that Windows is more unsecure than Apple or Linux is because most Window users routinely operate in Administrator mode. This is because for one, it is the default user setting and two, it makes using the OS less difficult since all settings and actions run under administrator. Apple and Linux are designed for daily tasks to be performed in user mode. The user must sign in as root, or administrator, to change settings and load programs.
If a Windows operator changes their account to a user mode, many of the viruses and security issues that plague most Windows systems are eliminated. Programs carrying malware are difficult to execute because the user must sign in as Administrator for this function to be performed. This makes Windows more comparable to Apple OS or Linux.
Since most people, like mom or dad, aren’t aware of the Administrator vs User mode issue and continue to operate their Windows systems out of the box, Windows has become a vulnerable OS. And, since Windows is by far the most prolific OS in use, viruses spread readily.
I do believe that Linux is, by design, more secure for the reasons above. But I’m also sure that, with increased use and greater numbers, any system becomes more likely to be compromised. It’s probably not so much a matter of numbers as it is easiness. Why poke around for hours trying to find a hole in Linux to exploit when there are so many in Windows? Take the path of least resistance. Still, I wouldn’t get too comfortable with my Linux system.
Jon
Feb 23, 2006 at 3:25 pm
Hey Jeff,
The administrator user thing is definitely a large part of it, however I think there is a little more to it than that.
First, a caveat: I’m not a developer so much of what I say is stuff I’m regurgitating from various people I’ve talked to over the year(s) about Linux security.
Windows is too tightly integrated with its applications. The script (VBScript? Asp? What are we calling it these days?) is hooked right into IE which is hooked right into the OS. The majority of these script kiddie malware scripts run via that method. They exploit some arbitrary problem with the VBScript engine which, because it is so tightly hooked into the OS, allows them entry into the machine proper. GNU/Linux doesn’t have an equivalent engine running in it that allows unfettered access to the entire machine and file system. That’s probably one of the biggest security features right there.
User-launched applications in GNU/Linux run in a very restricted space. A virus is an application and therefore when it runs, it is running in the same user-restrictive space. A GNU/Linux virus or malware application is unlikely to be able to access the system files because, as you point out, one of the cornerstones of using a *nix OS is to NOT operate as the root user. Granted if the root user runs a virus then all bets are off, but that’s the users fault in my opinion, not the OS’s fault.
I’ll certainly never argue that operating as a non-privileged user is fundamental to GNU/Linux security and provides the best measure of security regardless of any technical considerations.
On the other side of the fence, there are some pretty compelling arguments that running as root isn’t more secure than running as a non-priviledged user. I don’t agree with this argument because it hinges on the belief that the most important part of a system is the user’s data. If you (not you, personally, but ‘you’ the generic reader) believe that your data is the most important part of your system, then the argument goes something like: since a virus operating in your user space can destroy all of your data, then that virus is as destructive as if it had been run as the root user. The OS can be reinstalled in minutes and is therefore trivial.
Personally, I think the most important part of my computer it its network card. The fact that my computer is hooked up to millions of others throught the Internet is one of the reasons that I feel compelled to keep it clean, not because I’m myopically worried only about my data. Operating a network-connected box with a higher-than-required-account may not put my box at a higher risk, but it puts every other computer on the network at a higher risk.
The mentality that ‘my data is the only thing that matters’ is precisely why Windows machines form almost 100% of the zombie/virus/malware problem in the Internet today. At the risk of sounding like an idiot - I feel like a better citizen when I take care of my machine.
Sigh…now someone who knows way more than me is going to come along and poke all sorts of holes my comment…
Jeff
Feb 23, 2006 at 8:11 pm
Jon,
I’ve often heard people ask why they can’t just delete IE from their system and use Firefox as the browser. This can’t be done since Internet Explorer is the same program as Explorer, or the file management system.
In this regard, isn’t IE comparable to Konquoror, since both are interchangable as browsers and file management tools and are closely tied to the operating system?
Jon
Feb 23, 2006 at 8:18 pm
Hey Jeff,
The problem isn’t solely that IE is hooked into the OS. The problem is that the uber-vulnerable scripting language is part and parcel with Internet Explorer AND Internet Explorer is hooked into the OS. The presence of the scripting language provides the means for exploits to execute, and IE’s too-close relationship with the OS provides the transport right into the heart of the system.
GNU/Linux nor Konqueror has any equivalent to Window’s scripting engine. What the hell is the proper name for that thing, anyhow? VBScript? Shrug…
And while I haven’t tried it, I’m 100% positive I can uninstall Konqueror without issue. There are many (all except KDE actually) desktop environments that run without Konqueror present.
Jeff
Feb 24, 2006 at 5:55 pm
It’s me again, Martha…
I just heard this today on the Security Now podcast by Steve Gibson. It happened to coincide with what we had been discussing, so I thought to mention it.
On his latest podcast, Steve briefly mentioned a study done by the US CERT organization for 2005 which found that in the past year, 800 or so security issues were discovered for the Windows operating system. In that same period, about 2400 security issues existed for Linux.
Steve did say this is a bit like comparing apples and oranges. He mentioned that Linux went from 2 million lines of code to 6 million in that period. He also pointed out that because Linux is open source, many more eyes are looking it over. But I think it does show that Linux is far from bomb proof and that there is the potential of a threat in the future.
In case anyone is interested, the address for the US CERT security alerts is here.
http://www.us-cert.gov/cas/bulletins/SB2005.html
Jon
Feb 24, 2006 at 6:50 pm
Mark Rais talked about that on show #17 of my GNU/Linux User Show (I think…I know we talked about it but perhaps it wasn’t on the air).
He spoke to that study and pointed out that a very small percentage of those issues were critical (or ‘high’) in GNU/Linux. The percentage of those issues that were critical in Windows was much higher. I’m not about to count at 3,000 of them, though :)
But hey, nobody is saying that GNU/Linux is bomb proof. As long as there are users at the helm, anything can happen :)
New Linux User » The Free World: Linux Insecurities and Virii
Feb 27, 2006 at 6:35 am
[…] We’ve just put up JaK Attack! show #5 (with Webcast!). In it, Kelly and I briefly discuss the January edition of Linux Magazine. For the record, this is the European Linux Magazine at http://www.linux-magazine.com and not the San Francisco-based Linux Magazine. One of the interesting things about Linux Magazine is that it has a regular column titled Insecurity News. In light of my recent conversation in the comments of this thread, I thought that it was prudent to talk about this. […]
Have an opinion? Leave a comment: