PDA

View Full Version : Will expanding popularity lead to decreased security?



Pandemic187
January 13th, 2008, 08:27 PM
One of the greatest features of Linux that I along with many other users enjoy is security. As Linux veterans know, anti-virus is not necessary because there are very few, if any viruses out there that will infect the Linux OS. But my question is this: As popularity continues to grow, with many retailers now including Linux as a preloaded OS option, will security be threatened?

I know that despite retailers pairing Linux with new systems, Linux still had less than one percent of the market share in operating systems, with Windows still retaining over ninety percent the last time I checked. But with more and more people converting to Linux, I think those numbers will really begin to change. I can't see Linux being the dominant OS, but I can see it being popular enough for someone to be motivated to launch an attack on it. I did read bodhi.zazen's post on Linux security, which says that Linux is programmed to be more immune to viruses than is Windows, but I would think that if Linux becomes popular enough, someone will still feel motivated to find holes in its programming.

Does anyone else see this as a possible danger?

lyceum
January 13th, 2008, 08:50 PM
Yes and no. The bad thing is that more users can equal bad people doing bad things. The good thing is that any vulnerabilities found can be fixed by anyone, the common user does not have to wait for someone's boss to give permission to fix it. Also, with a community, anytime I have heard of something that could be potentially bad, like Automatix (which I loved), there are lots of town criers letting people know there may be issues. MS is not a community, so most users don't know about problems, unless they are so bad they make the news (and they watch the news). I personally think that if FOSS is truly popular or used correctly, the users will join communities. I could be wrong.

:)

samb0057
January 13th, 2008, 10:19 PM
It will, but not to the point that Windows has gotten. More users will equal more viruses, but Linux is by nature more secure, and the open source model will allow vulnerabilities to be fixed much more quickly than with closed source software.

Ultra Magnus
January 13th, 2008, 10:56 PM
People seem to forget that Linux runs on a large proportion of webservers - I'd imagine that if it was easy to write a virus for linux then it would be done. But I think with increasing users there will be more attacks but I suspect they'll all be aimed at tricking the user rather than circumventing the security.

HermanAB
January 13th, 2008, 11:29 PM
There is no correlation between the number of users and security. If that was true, then Apache must be the worst web server and Cisco routers must be swarming with viruses.

Pandemic187
January 13th, 2008, 11:34 PM
Of course, one positive thing to note is that most likely, the majority of Linux users right now are more knowledgeable about computers, or at least are more enthusiastic in their use of them than are those who use Windows, and will probably be more active in their protecting of their computers.

Ocxic
January 14th, 2008, 12:00 AM
Of course, one positive thing to note is that most likely, the majority of Linux users right now are more knowledgeable about computers, or at least are more enthusiastic in their use of them than are those who use Windows, and will probably be more active in their protecting of their computers.

this I believe to be true, also Linux is inherently more secure then i windows system,

jrusso2
January 14th, 2008, 12:28 AM
Last time I looked Mac OS X was about 6% of the desktops and its had very little problems with virus.

Microsoft in their wisdom or lack of it made compromises to security that lead to their current problems.

Unless Linux starts making changes to make it less secure I don't think we have to worry.

But it is already possible for someone to trick a user into running something that could be an exploit so use caution when installing things from outside the repository.

Linuxratty
January 14th, 2008, 04:07 AM
Microsoft in their wisdom or lack of it made compromises to security that lead to their current problems.

Unless Linux starts making changes to make it less secure I don't think we have to worry.

But it is already possible for someone to trick a user into running something that could be an exploit so use caution when installing things from outside the repository.

So very true...
I see the potentual of Linux every being the easy target Windows is as being very small indeed.

swoll1980
January 14th, 2008, 04:15 AM
There is no correlation between the number of users and security. If that was true, then Apache must be the worst web server and Cisco routers must be swarming with viruses.

there is a correlation. right now Ubuntu is hiding in the background as popularity increases so does visibility. and if your in the front like MS you have a big bullseye
painted on your chest

mivo
January 14th, 2008, 04:20 AM
Well, most people don't run Linux as root. Most Windows users do run their box as administrator, which is part of why it is so very attractive and friendly to viruses and other malicious stuff. Windows offers more "hooks" for viruses, too, and the audience is prone to downloading software from obscure sites (this also touches piracy). Linux and other distros with good repositories don't really have that trouble. (And a ten times larger user base wouldn't really change that.)

hhhhhx
January 14th, 2008, 04:42 AM
i like to think that linux is like mac. since mac is unix, that makes it a lot like linux and is less prone to vulnerabilities. Also linux is comunity based so if there is a problem it is fixed immediatly. Just my personal view.

Pandemic187
January 15th, 2008, 01:16 AM
there is a correlation. right now Ubuntu is hiding in the background as popularity increases so does visibility. and if your in the front like MS you have a big bullseye
painted on your chest
I agree with bloor. If a given operating system is proportionally used by very few people, what's the sense in attacking it? Wouldn't your evil intentions be much more far-reaching and affect many more people if you attack Windows, which has hundreds of millions, perhaps billions of users worldwide? Seems like a reasonable logic to me.

bufsabre666
January 15th, 2008, 01:19 AM
well it is straight up more secure than windows but there are holes and the more popular it is the more those will be exploited

p_quarles
January 15th, 2008, 02:16 AM
There is no correlation between the number of users and security. If that was true, then Apache must be the worst web server and Cisco routers must be swarming with viruses.
Just wanted to bump HermanAB's earlier statement, because I think this point is being overlooked. The reputation that Windows has as an insecure system is largely the result of problems with its design. It was originally designed as a single-user operating system, and then emerged without substantial alteration into the internet era.

Windows can be a perfectly secure OS if the correct hardening measures are taken. The difference between Windows and GNU/Linux is that the latter ships with much safer default settings. Privilege separation and an overall more secure design make it nearly immune to some of the most severe problems that Windows has faced (esp. viruses).

Yes, there will always be security exploits in any operating system, and on top of that it is always the case that social engineering can trick less knowledgeable users into compromising their system. But there is absolutely not a 1-to-1 correlation between the security of an OS and the extent of its userbase.

blastus
January 15th, 2008, 02:29 AM
It has taken Microsoft years to fix the mess they were largely responsible for creating. That was due to poor design (compromising security in favor of features and perceived ease of use) and lack of quality control. If Linux and open source can learn from the blunders Microsoft has made and take security more seriously than they currently do, we shouldn't have to learn the hard way like they did.

blastus
January 15th, 2008, 02:35 AM
But there is absolutely not a 1-to-1 correlation between the security of an OS and the extent of its userbase.

Actually there is a correlation in terms of exposure and risk. For example, given the same equipment and environment, I would rather walk through a field that had 5 land mines in it than one that had 500 land mines in it. All things being equal, you are just less likely to get blown up in the first field than in the second.

p_quarles
January 15th, 2008, 02:40 AM
Actually there is a correlation in terms of exposure and risk. For example, given the same equipment and environment, I would rather walk through a field that had 5 land mines in it than one that had 500 land mines in it. All things being equal, you are just less likely to get blown up in the first field than in the second.
Yeah, there's definitely a correlation -- my point was just that it's not 1-to-1. I.e., I'd rather go through either the low-density or high-density minefield in an armored humvee than I would in my swimming trunks. ;)

bufsabre666
January 15th, 2008, 02:46 AM
Yeah, there's definitely a correlation -- my point was just that it's not 1-to-1. I.e., I'd rather go through either the low-density or high-density minefield in an armored humvee than I would in my swimming trunks. ;)

*looks down* nope no swimming trunks ;-)

p_quarles
January 15th, 2008, 02:48 AM
*looks down* nope no swimming trunks ;-)
So you're saying that Windows just got pantsed? :D

blastus
January 15th, 2008, 02:49 AM
*looks down* nope no swimming trunks ;-)

No speedos :)

bufsabre666
January 15th, 2008, 02:56 AM
No speedos :)

who said anything about speedos? :oops:

paintba||er
January 15th, 2008, 03:24 AM
I believe that the number of exploits would increase quite a bit with the popularity, but it would never get close to what Windows has, and they would never really be a problem because they would be immediately patched upon discovery.

Popularity surely contributes to the amount of attacks, but the security of the OS is a much larger factor.

aysiu
January 15th, 2008, 04:05 AM
Don't forget about social engineering.

The latest Mac trojan attack wasn't a problem because of Mac's security model--it was a problem with the users being tricked into installing something and giving away their passwords.

The same could happen on Linux, too. Users who have no regard for what is trustworthy and what is not trustworthy make structural security moot.

paintba||er
January 15th, 2008, 04:49 AM
Don't forget about social engineering.

The latest Mac trojan attack wasn't a problem because of Mac's security model--it was a problem with the users being tricked into installing something and giving away their passwords.

The same could happen on Linux, too. Users who have no regard for what is trustworthy and what is not trustworthy make structural security moot.

But that would only be an issue for the very ignorant users, so I don't think many people on a Linux forum would be concerned about that.

aysiu
January 15th, 2008, 06:34 AM
But that would only be an issue for the very ignorant users, so I don't think many people on a Linux forum would be concerned about that.
But the original question is Will expanding popularity lead to decreased security?

If Linux expands its popularity, it will attract a lot of ignorant users as well... users who are vulnerable to social engineering attacks.

Pandemic187
January 15th, 2008, 08:24 AM
But the original question is Will expanding popularity lead to decreased security?

If Linux expands its popularity, it will attract a lot of ignorant users as well... users who are vulnerable to social engineering attacks.
True, but how user-friendly has Linux really become? I haven't used distros such as Mandriva, which I hear is very user-friendly. However, I use Ubuntu and I can say for sure that the average Windows user, at least in today's society, will not care enough about Linux to learn any sort of command line. After all, most of them have been conditioned by Windows to think everything should be merely point-and-click.

Maybe Linux should entirely maintain its learning curve, thus deterring the ignorant. Maybe it should stay more communal than generally accepted. I do to some extent share this mindset of wanting others to share the wonders of Linux with me, but perhaps Linux becoming as user-friendly as Windows could also be rather dangerous.

I don't mean to come off as greedy or selfish, but I wouldn't want Linux to turn into Windows. :lolflag:

inversekinetix
January 16th, 2008, 04:40 AM
I'm just curious as a layperson but would it be possible to write some kind of rm script and mask it behind some seemingly innocuous front in an attempt to get users to allow it?

aysiu
January 16th, 2008, 04:46 AM
I'm just curious as a layperson but would it be possible to write some kind of rm script and mask it behind some seemingly innocuous front in an attempt to get users to allow it? Sure. I'm a layperson, too, so I don't know all the details, but I would imagine you'd create a "cool to download" .deb file, which an unsuspecting user would double-click and install with gDebi.

That .deb could be a script that would delete your entire installation or install a malicious program in your system files.

p_quarles
January 16th, 2008, 04:46 AM
I'm just curious as a layperson but would it be possible to write some kind of rm script and mask it behind some seemingly innocuous front in an attempt to get users to allow it?
That's already happened, as indicated in my signature. Social engineering exploits are possible on any operating system, no matter how secure its design.

lyceum
January 16th, 2008, 03:46 PM
The nice thing about Linux/FOSS is the different communities that come with them. When I used Windows my "community" included my dad and a few friends that had PCs before I did. Later, through experience, I became the "community" for others. In the open source world, there are many people willing ,and some really going out of their way, to help. So yes, more ignorant users can be tricked, but they can also be educated if they choose to join a community. I have to admit that I have been spoiled by the Ubuntu community, I have never really signed up to any others, but have heard horror stories (like Gentoo), so the communities are only as good as the people. However, they are there. They educate and inform. That is a real form of security.

:popcorn: