You are viewing a single thread.
View all comments
15 points

Linux anyone ?

permalink
report
reply
14 points

Linux anyone ?

I don’t want to sound dismissive, this is a genuine question and not an attack on Linux.

Other than security by obscurity, how is it possible that an operating system whose entire source code is available to hackers to peruse at will could be more secure than a closed source one?

permalink
report
parent
reply
32 points

Security by obscurity doesn’t work. Microsoft software has always been closed source and it has never prevented hackers making exploits.

Open source software allows hundreds of thousands of people to comb over the code and find/fix vulnerabilities much easier.

It’s also true that because of the way Linux is developed, security flaws in Linux are patched much faster than in other projects, with Linux patching issues in an average of 25 days compared to Microsoft’s 83 days. And the gap is widening, recently Linux has got that down to 15 days.

There’s a reason companies go with Linux for servers that handle sensitive information or are business-critical. And there’s a reason why the best encryption algorithms are all open source.

permalink
report
parent
reply
21 points

Code being in the open allows the whole world to participate and fix the problems quicker than closed source binary.

permalink
report
parent
reply
17 points

Because if a vuln gets found or exploited, it gets immediately patched, often with some big backing by OEMs that run on Linux.

Open source also reduces the likelihood of exploitable bugs going unnoticed because everyone can see and play with the source code by themselves.

There is a risk of malicious merge requests, but so far that hasn’t been a problem besides a university getting banned for pointing out the issue with a live test without telling the devs.

Much of linux is also designed to be hardened by default because it’s used on so much infara. SELinux by itself is a great example because it was essentially created by RedHat and now is a major standard for MAC.

Windows on the other hand needs Microsoft alone to solve the problem. No one can patch it themselves, and there’s no guarantee the patches will work, which has happened several times. I believe print spooler basically had to be disabled because there was no good solution due to implementation.

The amount of Windows OS specific exploits vs Linux specific exploits kind of shows the results of closed source vs open source.

The worst vuln I can think of for Linux is dirty cow which is a local priv esc on basically Linux kernels 2.x-4.x which was a big deal when it was discovered because of the range of versions

Meanwhile windows had eternal blue, a whole remote code execution that existed on every version of windows since win95 that the NSA kept for probably a decade before it was leaked.

permalink
report
parent
reply
7 points

Imagine for a moment that the business world transitioned to Linux, and now there’s enormous incentive for all adversaries from state sponsored to financially motivated criminals to spend all their time hunting through linux source code.

  • Do you think the ideas above stand up? (I’m not saying they dont)

  • Would linux vulnerabilities be found at a higher rate? I wonder if they aren’t now because there aren’t as many eyes on them. Sure there’s corporate side project efforts and volunteers, just curious how that stacks up against the amount of research happening to break Windows systems.

  • NSA would definitely want to keep some linux exploits around if their adversaries were using linux instead of windows. I think the result would be the same regarding eternal blue.

permalink
report
parent
reply
14 points

Closed source doesn’t prevent people from reverse engineering it to find exploits, it just makes it harder for others to contribute to fixing it

permalink
report
parent
reply
9 points

Because many eyes are there watching it. While not everyone is an active kernel hacker, many parties have an active interest in certain aspects of the kernel, and watch source code and patches closely.

permalink
report
parent
reply
1 point

Yup. E.g. years ago Huawei tried to merge something in the kernel that had a glaring security hole, many speculated that it was a deliberate attempt to add an exploit to the kernel.

It was immediately spotted before it even got close to being merged, and of course it got rejected.

The likes of Google, Microsoft, RedHat/IBM, Intel, AMD, Chronos group, etc are always investigating what other companies are trying to implement into the kernel. They obviously won’t stand for any dodgy stuff from another company being injected into the kernel.

Everything is highly scrutinised, not just by the kernel maintainers, but also by the contributors.

permalink
report
parent
reply
2 points

ReactOS FTW.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 17K

    Monthly active users

  • 12K

    Posts

  • 543K

    Comments