Is Linux more secure than Windows?



  • To give at least some credit where it's due - Windows has gotten a lot more secure over time. The main problem 15-20 years or so ago was that Windows was never made to be placed directly onto the internet (even if Bill & co said otherwise to sell more units). It was meant for workgroups on local networks, and this showed in the horrible security of stuff like NetBIOS, RPC and other default services at the time.

    In the days of dial-up connections, with the infamous Blaster worm, even just connecting an unpatched Windows system to the internet would make it infected within a couple of seconds. That was a fun time to be the "IT guy" to family and friends 🙂

    These days most Windows PCs (at least in the "first world") are fortunately being kept in (relative) safety by something as simple as being behind a router, since NAT complicates things for these kinds of direct port attacks. But now shi**y vulnerable routers are another vector for attack instead...

    A drawback is that modern OSes, and probably including mainstream desktop Linux distros, are running a whole bunch on "convenience" services listening on inbound traffic, or doing broadcasts to discover other devices on the network. And all of these can potentially be vulnerable to attack.

    For example, these are the ports my Win10 machine is currently listening:
    https://pastebin.com/2bEJbt8M

    I'll leave it as an exercise for anyone willing to figure out what all those ports are 🙂

    Of special interest for us are these:

      UDP    0.0.0.0:5353           *:*                    
      UDP    0.0.0.0:5353           *:*                    
    

    That's Vivaldi and the Chromecast MediaRouter extension... and AFAIK it can't be disabled, I've tried 🙄

    Anyone running a Linux distro "brave" enough to do the same? A quick netstat -an | egrep "LISTEN|UDP" would do the trick 😉



  • @dbouley That's what I was writing about in my post. I guess you were running Windows with account which had admin rights, because standard user can't screw up the system, only own profile. Same as in Linux.



  • @enc0re: Maybe so, but Linux is a lot less work.



  • @Catweazle There are plenty of AV products, sandboxes and so on in Linux, if the user looks for them. Though the majority of AV programs are looking either for Windows viruses or to protect servers (if you host a website, for example). But most users don't seem to look for them ...



  • Here's the reality... If I was going to spend my time creating malware, would I target it at 77% of the computers or 2% of the computers? Like most strategic decisions, the largest target is the best target.



  • Well at least one of the Linux LTS kernel versions can be brought down with a simple thing as a "Ping of Death", and if I look into the CVE Databases I see a lot of open "weak encryption key" and several open "elevation of privileges" even from remote for the different Linux kernels which are still unpatched.


  • Ambassador

    @x-15a2 , I believe that the main risk on the web are deceptive pages, phishing, redirects to evil pages, dangers that are independent of the OS used.
    They can hack an account or steal the same credit card number on Linux or Windows. Even in Windows, passwords are better protected than in Linux, once they have entered the account, the passwords are in sight, while in Windows they are protected with a second ring that requires access with a password, to be able to see them.This of one is safer than another is relative and depends on the front line of us.



  • @Catweazle The name is changing again this time to Microsoft Defender. I alpha tested it on Windows XP when it was know as Windows Antispyware.


  • Ambassador

    @Chas4 , Exactly, a few years ago, the Windows Defender evidently only offered a fairly rudimentary and deficient defense, which necessitated the use of a third-party AV. By then I had very good experiences with the Panda, which I still consider among the best. But currently Windows Defender, according to AV test, offers the same or better protection than other AVs in the market (100% detection rate), making unnecessary to use a third-party AV, with the added advantage of being integrated into the system.



  • we, developers, especially data engineers, go true your personal data like true the dirty laundry. And the sadest part is - most of it is very much the same, useless really but it sells good anyways. meanwhile google pumps the cash out ecosystem like a warm selling every single word or move you whisper. As far as I am concerned , I am sick and tired of this bullshit. The internet was not created like that. Once it was a gateway to a human evolution , but lately it turned into a total shithow



  • Last several days I spent analyzing what looked like a innocent trading software windows/electron based desktop client. Only 1 Antivirus raised red flags and not a single security warning from the OS it self. Upon closer inspection under the microscope of IDA I have discovered big chunk of source code coming directly from #google , injecting such fun things as silent permission elevations, silent background installs, door wide open access to kernel and every single peripheral on the machine including Bluetooth and Printers and most importantly multiple backdoor tcp/IP connections pumping data without even running an app . most of it turned out to be googles code
    (u can never be too paranoid on keeping an eye to what your machine is connecting to - how about netstat feature in vivaldi? )



  • I consider windows to be more user friendly - which implies a higher probability for errors, because it is trying to guess, what the user wants.
    Unix has it roots in the server and we never let a stupid user near the server! That allows things to be more complicated, need more attention and thus be more secure.
    I love my computer to use a bash in cygwin on windwos and deploy my applications on a unix-based webserver. But then, I don't have to do any service on the clients.
    In general I think windows server are similar secure as unix server, windows clients a lot less - because a lot more dangerous programs are running (Word, Excel, ...)


  • Ambassador

    @Wolfgang , no doubt, Windows is an excellent OS and very user friendly, but this does not mean that it also requires minimal knowledge to avoid the privacy traps that it includes.
    As @ingamx already said, to have a secure and fairly private OS, in Windows we cannot rely on many applications that spy on us in a very "user friendly" way, especially in Windows 10.
    Although on the other hand it must also be said that Windows contains all the options and tools to make it truly private, but this is naturally poorly documented by MS.
    Apart there are many excellent OSS alternatives to Windows applications, recommended to use instead of these (Libre Office)



  • @pathduck: ... or behind it, if they're Dutch...



  • 77% of computers today run on Windows compared to less than 2% for Linux which would suggest that Windows is relatively secure.

    I stopped reading the article after I read that ignorant statement. Popularity has nothing to do with security. What other silly, baseless assumptions does the rest of the article contain?


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.