Is Linux Really as Secure as You Think It Is?
Pinterest Stumbleupon Whatsapp
Advertisement

Security is an important topic on everyone’s minds in today’s highly-technological world. With all of the security news that pops up on almost a daily basis, trying to be aware of the choices you make can make a big difference. Linux is often touted as the most secure operating system you can get your hands onto, but is this reputation deserved?

Let’s take a look at different aspects of Linux security.

Security Practices of Distribution Maintainers

For a short period of time in February 2016, some links on Linux Mint’s download page redirected to an altered installation image that contained a backdoor. Since then, Linux Mint’s maintainers have gone under attack for bad security practices both on their own servers as well as in the Linux ecosystem (for example, not releasing their own security advisories). Not all distributions are the same, and that applies to security as well.

While this is an extremely rare occurrence, it does show that attackers are targeting Linux and that such exploits are possible. Keeping track of the latest security news is very important, whatever platform you’re using.

Malware

One of the biggest concerns on many people’s minds is malware. This includes things such as viruses, spyware, worms, and so on. All of this malware has one thing in common: it needs to run code in order to work. Thankfully, there is barely any malware in existence for Linux compared to Windows and even Mac OS X. On Wikipedia, a partial list of the most common malware for Linux is only about 54 items long.

However, the fact that the list is longer than zero items proves that Linux isn’t impenetrable. The fact that the list is relatively short is thanks to a few different factors, including:

  • There are relatively few Linux desktop users, and Linux server administrators usually know how to secure their server.
  • Windows viruses cannot run on Linux (unless they have the help of WINE).
  • There’s a fantastic permissions system in place to minimize damage done by malware.

clamtk_main
Now, although the risk of Linux viruses wreaking havoc is low, there are antivirus clients (such as Clam Antivirus Control Virus Scans From The Command Line With Clam Antivirus [Linux] Control Virus Scans From The Command Line With Clam Antivirus [Linux] There are a few ways in which you can access Clam Antivirus for numerous purposes. First, there's a front end to Clam Antivirus which you can use to perform tasks graphically. It is called Clamtk... Read More ) you can get for Linux. The twist is that these are mainly used to scan for Windows viruses. The idea is that as data passes through your Linux system, it can be scanned for viruses so that it does not infect other Windows users who might be receiving that data at some point. Consider it a public service.

Permissions Save the Day

Wait, what’s this permissions system mentioned earlier? Files are owned by users and groups, and there are three levels of permissions: permissions for the owner user, permissions for the owner group, and permissions for everyone else. The possible options for each level are read, write, and execute permissions or any combination thereof. So for example, the owner user could have full permissions, the group can have read permissions, and everyone else can have no permissions at all.

linux_file_permissions
If malware does ever run, it’ll most likely run with your user’s permissions, so the damage will be localized but it won’t take down your whole system. Why? The system-related files are owned by the “root” user. This is the reason why it’s recommended to use the root account What Is SU & Why Is It Important to Using Linux Effectively? What Is SU & Why Is It Important to Using Linux Effectively? The Linux SU or root user account is a powerful tool that can be helpful when used correctly or devastating if used recklessly. Let's look at why you should be responsible when using SU. Read More (or sudo) as little as possible to avoid the risk of running malware as root. Because if that happens, it’ll definitely wipe out your whole system (if the malware was written to do so).

Firewall

gufw_preferences
Having a firewall is still extremely important, however. Linux is no different than the other operating systems when it comes to networking — without software to control the ports, anything from the outside world can connect to your computer and start causing mayhem. As a desktop user, the quickest and easiest tool to make sure that you have a firewall enabled is Gufw, a graphical tool for the UFW firewall. It’s a very simple thing you can do to protect yourself from attacks.

Phishing

muo-security-phishingemails-paypal
Next, phishing. I’m of the opinion that this is actually a bigger threat than malware because it can happen to anyone and is much more difficult to prevent. And there’s still nothing that your choice of operating system can do to protect you from phishing attacks. The only way to truly protect yourself from phishing attacks (besides from being proactive in identifying them How to Spot a Phishing Email How to Spot a Phishing Email Catching a phishing email is tough! Scammers pose as PayPal or Amazon, trying to steal your password and credit card information, are their deception is almost perfect. We show you how to spot the fraud. Read More ) is to disconnect from the Internet completely. But we know that the Internet is just too good for us to want to do that.

Installing Software

There’s also a related risk — being tricked into installing malware. If you’re new to Linux and look up how to install a certain program, you may be given links to download packages that end up containing modified or entirely different software than what you wanted. Once you install it, you’re pretty much screwed.

Remember to check what you’re looking up and always try to install software from the official repositories whenever possible. And if you’re installing software from a PPA What Is An Ubuntu PPA & Why Would I Want To Use One? [Technology Explained] What Is An Ubuntu PPA & Why Would I Want To Use One? [Technology Explained] Read More , make sure that it’s officially from the developers and trusted.

Not A Magic Pill

So after all that, is Linux actually safer? Yes, and quite objectively so. However, it’s still not bulletproof and cannot protect you from everything. So if security is on the top of your mind, definitely give Linux a shot. Just remember to continue keeping an open mind about security threats as they do still exist.

What all do you do to secure your Linux system? Let us know in the comments!

Image Credits:penguin carrying a rifle by 3Dalia via Shutterstock

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Eddie G.
    April 29, 2017 at 2:06 am

    @WebWolf:

    Ok so a few things:

    First off, Linux IS more secure than Windows! And its NOT because of the user-base, but because of how Windows is designed. All you need do to infect a Windows machine? Is double-click on an '.exe" file and watch it wreak havoc on your system. Linux is more complicated, as stated in the article, unless you're (foolish?) enough to run the OS as the "root" account?...nothing will happen, because Linux cannot process ".exe" files. Granted someone COULD insert some form of corrupt script into the ",exe" file, that might cause it to run, but unlike Windows?...the user will be notified immediately by tools such as sigABRT...which will tell you that a script is trying to perform read/write actions on such-and-such a file or directory. When you add in the SELinux configurations that exist on the kernel?...then it becomes harder to actually infect a Linux machine......and finally the fact that the kernel is "ever evolving"?...means that the script you write today?...will be ineffective by the next kernel update, which unlike Windows' stagnant months long process is considerably quicker (I've seen Linux machines that receive two or more kernel updates within a two day period. So no...Linux is NOT as "weak" as Windows....it IS a stronger platform. Mind you...it is NOT invulnerable and CAN be infected but its really hard to do, and as you've stated, since Windows has the bigger bullseye on it's chest it just makes sense that the script kiddies write programs that attack the easier target.

    Regarding Linux users being more advanced than Windows users? Also not true, the proof in this statement would be my 70+ year old mother who was running Windows XP and had her computer die, (BSOD for the FIFTH time!) so instead of just re-installing it again? I introduced her to Linux Mint, (with the MATE desktop!) AND SHE HAS BEEN USING THAT SAME LAPTOP SINCE 2012!!!! I think when it comes to security, it all boils down to the user and how much they "care" about their privacy, security, and their data. If someone who's used to running Windows XP / 7 / 8 is inclined to just installing McAfee / Symantec anti-virus and relax....thinking that this sole program will protect them against all the bad stuff, then whatever happens to them can only be considered their fault, as the people at McAfee and Symantec...while trying to keep their users safe, can only do so much. I DO agree with you that most Linux users ARE more advanced than their Windows using counterparts, but this is not something they just woke up having. Take me for instance, when I lost all my data on the XP machine back in those days? I was working in a mailroom, with no IT experience, after doing some reading.....(well not "some" reading......a LOT of reading!!) I educated myself to the point where I'm now a Technical Support Associate for an online company. So yeah...maybe the ones who use Linux are more inclined to read more of the technical journals and white papers out there, to give them that advantage.

    And finally, the biggest advantage Linux has over Windows (and Mac OS as well) is the fact that the source code for the kernel is open. Open to the public, open to governments open to any and everyone who's willing to look. Its this "Million Eyes" philosophy that makes Linux more secure. While there are no doubt script writing bad guys out there who might discover a way to break Linux, the very fact that someone in Spain can see the code, and (possibly) spot the malicious script/config file....and then pass it on to someone in Japan...or Germany...or Texas....then on to Finland...and Australia....causes the dangerous script to be less effective. For while there might be people out there who want to harm others computers, there are millions more who do not. It is THAT group of people that keeps the Linux kernel from becoming a virus-infested, malware bearing set of code.

    Just thought I'd share my thoughts with you on that.
    Listen, I'm not debating whether or not Linux is impervious to attack, recent news articles like the one you posted, and others such as Heartbleed and OpenSSL attacks confirm that. But sometimes you have to look a little deeper. Notice that some of these vulnerabilities existed in the Linux-sphere for OVER TEN YEARS without going noticed? Do you think the script kiddies ignored it?...or that they didn't even KNOW it was there? Quite possibly its when the people at places like CERN and other security related companies discover the exploit that it comes to the public's eye that a script kiddie will know the vulnerability. And you'll notice a lot of articles start off with the actual explanation of the exploit followed by "..If a hacker can gain access to this-or-that open port / application / service / program they COULD..."...and that's it isn't it?...it's always they COULD do something bad, but you hardly ever hear of ACTUAL events taking place! I wonder why that isn't the case with Windows? why is it always that the exploits reported are usually at the detriment of some company or other?...(Target....Wells Fargo..etc) I guess it all comes down to how you perceive it

  2. webwolf
    April 20, 2017 at 8:30 am

    Stop touting that Linux is safer; it's simply not true. The fact is simply this; most people that use Linux are more advanced users and thus are less likely to fall victim to a basic attack or malware infection. Whilst this may make Linux more objectively secure, it's technically not! it still has vulnerabilities which an attacker can and will utilise to hack into the system.

    Linux malware in the wild - just one example:
    https://www.bleepingcomputer.com/news/security/new-fairware-ransomware-targeting-linux-computers/

    There is more malware in the wild for windows than any other OS; this is true, however not all malware will run on all windows devices. A virus which was built to run on XP may not run on 10... malware developers have to keep up with the ever changing platforms as much as anyone else.

    Furthermore; computer savvy windows users don't get infected the same as tech savvy Linux users don't get infected. The day the world believes Linux is so much more secure than Windows is the day all the malware developers start developing malware for Linux 'instead of Windows. Malware developers targeting widespread infections will always aim for the largest target; windows has a larger user base so it makes sense to develop more malware for that Operating system but that doesn't make it less secure, simply 'more of a target.

    The point is simply this; if you want to be secure; you need to educate yourself about the risks and threats of the internet, don't fall for click bait and phishing scams and don't run around installing whatever software looks fun; google it, get reviews on it, see if it's widely used and then install it in a sandbox to see if it even does what it's supposed to... if all this seems like a pain in the ass; it is, but computers aren't toys, they're tools. If you don't respect your tools they'll jump up and take a chunk out of you!

  3. Anne
    February 16, 2017 at 4:01 pm

    Its not just security that is making me interested in Linux, it is more the privacy side of things. I am not pc savvy and even the so-called beginners guides to Linus melt my brain! Ive been putting it off for years because it is just to complicated and daunting for a newbie.
    I wanted to keep you tube, do emails, and watch 'showbox' on my tablet; but I can't figure out if I'll be able to do that. I soooo wish I could find answers somehow.
    For example, I cannot get showbox to run on my pc so I use my tablet. You tube and showbox are my only entertainment as Im disabled and housebound. If I can't get past this Im seriously considering quitting altogether. I will check back in case of replies; didnt give my real email as sick of viruses.

    • webwolf
      April 20, 2017 at 8:14 am

      You should try running a live distribution or a virtual machine; these are really simple to achieve and will let you try different Linux distributions without wrecking your primary Windows computer to do it.

      In terms of distributions; try 'Ubuntu' first as it's currently the most popular, user friendly and in theory contains most of the applications you'll want to use already. For most software you're used to using on Windows, you'll need to google "Linux alternative to..."; there usually is a linux alternative, and it's nearly always a free alternative to a paid Windows application.

      The Ubuntu forums are a very good place to ask questions although not always fast to respond. G+ (Google Plus) groups are also a very good place for Q/A and tips on various topics once you join an appropriate group.

  4. Anonymous
    June 1, 2016 at 11:58 pm

    "Installing Software"
    If you're new to Linux, install software only from the OFFICIAL distro repositories. Do not use PPAs, AURs, Snaps and/or community repositories until you are more familiar with Linux and how to avoid/remove Linux malware. Treat any package repository other than the official one as of questionable quality.

  5. Anonymous
    May 5, 2016 at 11:46 pm

    Re; malware installing itself with the help of WINE.

    It's a bit of a 'wobbly' statement, this.....for one main reason. WINE is extremely prone to regressions. Yes, I know the developers of WINE do do their very best to improve it from one release to the next; but very often, something that worked flawlessly in one version of WINE will refuse to run properly in the next. I've had it happen to me several times.

    It's a marvellous piece of software, don't get me wrong.....I have Adobe's Photoshop CS2 running under version 1.7.51. You should always bear in mind, though, that it's NOT infallible. Malware MAY be able to run under it; it may NOT.

  6. Anonymous
    March 23, 2016 at 2:34 pm

    <quote>
    Linux is often touted as the most secure operating system you can get your hands onto
    </quote>

    Uh, no, that would be OpenBSD

  7. Noam Preil
    February 25, 2016 at 3:15 am

    You mentioned that Windows malware cannot run on Linux except when it has help from WINE - I disagree. Even run by WINE, the effect should still be minimal (it shouldn't affect your system - backups are still important, as your files are destructible). WINE, after all, can be run by a non-root user. If a non-root user runs malware in WINE, would it not only affect the "container"? If it deletes everything on the C: drive, you're fine - your files are not ON the C: drive, as the C: drive is actually a folder (usually located at ~/.wine/drives/c IIRC). As such, while any programs installed into the C: drive in WINE would be wiped, the system would be otherwise unaffected.

    Counter-argument I just realized while typing this - the C: drive in WINE contains symbolic links to your home folder.

    Additionally, someone could theoretically create malware targeting Linux through WINE.

  8. Darr
    February 23, 2016 at 9:33 pm

    On top of what your article suggests, I also use a VPN and encrypt my DNS with opendns. DD-WRT runs my both of my routers.