if 90% of the market share was linux? If it was 50%? The reason linux is so "secure" in theory is due to it's lack of viruses, but if more people used it, there would be more of a focus on it's OS structure with malicious intent. Granted, it's good not to have a machine running admin/root rights/privs. by default, but for the home user isn't it's exclusivity its primary weapon?

No, it wouldn't.

While it is true that a big part of the reason why Linux is so secure is because it is obscure, what's even more important is that it's Open Source, and due to this, security holes are found and closed incredibly fast.

Isn't everything in excess by its nature bad?

Linux has something like between 1% and 4% of the desktop market, depending on whose stats you're looking at.

This greatly underestimates the impact of Linux on the tech industry as a whole. It has a majority share of web servers, and a very strong hold on the IT and corporate intra-net server market.

Most importantly, it's embedded all over the place. It's in your router. BSD might be in your TV. It's in your Tivo. It's in Android and some Nokia phones. It's under the skin of every limo wielding tech consultant in the business.

We don't need to win, but we like our Linux desktops... and we can't be satisfied with the status quo. At least that's what I think... usually.

When I'm being nice.

Sure, Linux would be more of a target for malicious attacks. I second that its open source nature would allow these vulnerabilities to be fixed very quickly. In addition, as the market share grows, there should be more eyes on the code to fix vulnerabilities, and even more interested in fixing them or even working proactively to find problems before they are exploited.

I want there to be more Linux viruses. I'm sick of everyone rambling about how secure Linux is. Linux CAN be very secure, but desktop distros are not any more secure than Windows Vista/7. The Linux servers at CERN are probably very secure. Your and my desktops? Not so much.

For it to be really secure, every app needs to be sandboxed (SELinux). That would play a huge part in preventing a flaw in Firefox, Evolution, etc from killing your /home, which is the only part that matters. I can reinstall the rest of / in 30 minutes, I cannot replace /home if it blows up.

It doesn't really matter how fast a problem is patched if you're one of the people who gets hit before the patch is out.

Desktop Linux is not that secure. It would not be hard for someone to write a script that hooked itself into your .bash_profile and waited for your sudo or root password. This script could possibly be "installed" by some malicious javascript exploited a web browser flaw.

PolicyKit, SELinux, and AppArmour are all attempting to secure the desktop and if it wasn't such a PITA, SELinux would be the best option right now. But none of them are total solutions yet. I hope to see Linux become as focused on security as it claims to be. I think that is the real direction that will make it more popular, not copying other OSes interfaces.

No - one of windows main problem is that it was not designed originally as a multiuser OS it was designed as a stand alone non networked PC the user being administrator etc, which made writing malware easy.

Although Windows has improved it still caries this baggage and users are often administrators even now. In Ubuntu this is not possible even admin users have to sudo. Linus has its UNIX heritage of being a multi user OS and is more secure by design. The Synaptic apt instillation system is also much more secure than thew Windows method

However, no doubt that another Linux advantage is we (it users) are a little more knowledgeable than the average user, less prone stupidity. I can envisage a day when Ubuntu is more dominant and has less geeky users malware will become more of a problem but never close to Windows XP levels it will take real stupidity to get "owned" just using XP was dangerous enough.

No, it wouldn't.

While it is true that a big part of the reason why Linux is so secure is because it is obscure, what's even more important is that it's Open Source, and due to this, security holes are found and closed incredibly fast.

That won't do much good against a zero-day vulnerability.

The lack of vulnerability of Linux will continue to work in it's favor as far as protection from virus attacks. (which go to the heart of the system.)
No matter the usage figures.
The issue is now, and will continue to be malware of other types .. those things that phone home. THOSE are things that attack BROWSERS. So caution should still be taken while on line, as Linux does not WRITE the browsers that most use.

AND IF cloud computing goes as they want it to go, the operating system you use will become a moot point. As EVERYTHING will run through the browser.
Of course, that can only happen when the web is 100% secure .. and as long as MS is in the server business, that won't happen.

An FYI .. one thing that also helps at present .. There is now a PROGRAM that can be paid for and downloaded to assist in writing malware for Windows. This means the bad guys don't even have to know coding anymore! Just fill in the blanks! NOT A CHANCE that such could be written to attack Linux/Unix/BSD!

That won't do much good against a zero-day vulnerability.

True, but it does reduce the amount of vulnerabilities, and thus the amount of zero-day vulnerabilities, to have more eyes on the code.

Most malware today is written by professional software engineers who work for organized crime. It’s quite sophisticated and becoming increasingly difficult to detect/remove.

If Linux and Mac OS X ever gain a larger share of the desktop market, you can expect those platforms will also be targeted.

It’s a myth that Linux is not vulnerable to malicious attacks and computer viruses.

Then, with those things said, would Linux lose it's appeal in comparision to Mac OSX and Windows? I use linux not because it is free, I can get both Win7 and Mac OSX from our University's/employer's alliances...I use it b/c it is totally malware free and stable as all getout. Oh and it's uber. lulz

f Linux and Mac OS X ever gain a larger share of the desktop market, you can expect those platforms will also be targeted.

It’s a myth that Linux is not vulnerable to malicious attacks and computer viruses.

I think this overstates the case - writing Viruses for Win 9x and XP was ridiculously easy. Writing for Win7 is hard, Linux harder still. An increasing amount of Malware is social engineering. There's no system that can protect users who choose to install malware, which is all too common. However, the repository system does add another layer of protection, but if the user chooses to add a doggy repository or install free_naked_ladies.deb well ...

I think this overstates the case - writing Viruses for Win 9x and XP was ridiculously easy. Writing for Win7 is hard, Linux harder still. An increasing amount of Malware is social engineering. There's no system that can protect users who choose to install malware, which is all too common. However, the repository system does add another layer of protection, but if the user chooses to add a doggy repository or install free_naked_ladies.deb well ...

Exactly.

If teh OS isnt the weakest link, the user is....which is why this is happening-


Google: Fake antivirus is 15 percent of all malware

A rise in fake antivirus offerings on Web sites around the globe shows that scammers are increasingly turning to social engineering to get malware on computers rather than exploiting holes in software, a Google study to be released on Tuesday indicates.
Fake antivirus--false pop-up warnings designed to scare money out of computer users--represents 15 percent of all malware that Google detects on Web sites, according to 13-month analysis the company conducted between January 2009 and February 2010.
That's a five-fold increase from when the company first started its analysis, Niels Provos, a principal software engineer at Google, said in an interview.


http://news.cnet.com/8301-27080_3-20003340-245.html?tag=newsEditorsPicksArea.0

I always love it when I find one of those sites- even when I had XP, which they all seem to use the stock theme from, it didnt look like my system because of the wrong theming...and wrong drive letters, etc.

Maybe if linux had a 90% market share they would be a bit more varied, some looking like gnome (ubuntu theme) some looking like KDe (openSUSE theme) etc.

I want there to be more Linux viruses.
That's not a good attitude. You seriously want there to be more viruses?

I cannot replace /home if it blows up.

Yes you can, if you back it up to another drive, like I do.

Are there still viruses out there, has anybody been infected by one lately, or are we talking about malware eg: trojans, spyware and scareware?

It's complete BS that the reason for fewer viruses is fewer users.

If you program on Windows and Linux, you can see in seconds it's far harder to mess someones Linux PC up than it is a Windows one.

Linux doesn't allow programs to completely take over unless you specifically allow them to.

Not does it allow auto start on boot like Windows does without specific permission.

No, but it would destroy the whole desktop computer market.

The reason linux is so "secure" in theory is due to it's lack of viruses,

I think of it like this. Software is written by humans. Humans are all fallible. There are many technologies which work to keep it secure but last time I checked... I'm doing lots of patches for linux all the time. Linux doesnt mean secure. There are TONS of stages required to be working together seemlessly in order for you to get your patches.

That means when security researchers have interest enough to break linux. They will.

Case in point. Look at firefox or oracledb. They were omgyes secure. They then got the attention of security researchers. Not because of popularity... but because they had the gall to publicly say "We cant be hacked, we are secure"

But how you get the researcher's attention doesnt matter.

On top of this. If Linux was even more popular. You would have way way more developers. Which in turn creates even more security issues.


The first group to create that platform OS which is designed such that it makes it impossible to exploit known insecure apps. While being completely perfectly ironclad secure at the core. We are getting closer to it. DEP-ASLR-Sandboxing etc etc. However we are absolutely so far from it. Dont bother holding your breath.

Infact we might as well just get rid of all security. Just have completely open everything. No security problems without security. Why would anyone write code and such to exploit you if they can just login as you?

Things linux has windows never did/will...

Working root/user separation (Even if you turn UAC on its still inferior)

Package managing (According to microsofts own report, most malware is disabled by updating your software once in the last 46 months, yes, almost 4 years) - This means all security vulnerabilities can be fixed easily...

Open source - The only virus to do actual damage on linux was patched within 2 hours of discovery (it did damage because sysadmins didn't bother to update)

To get a virus from an email to work you have to:


Log onto your email
Open your email
Download the attachment
Find the attachment
Right-click and go to properties
Go to the permissions tab
Check the box marked execution
Run the application (It can now infect the files in the same directory as it is in)
Input your password (It can now infect files over the entire system)


On windows, all you have to do is to log onto your email, windows does the rest automatically...

And don't mistake linux as an unattractive mark: The greatest websites on the internet run on linux (Wikipedia, google, yahoo, everything but lolcats basicly: Theres more than enough incentive to crack it...)

So you see, linux is just far more secure...

Here's how I see it- even though Linux would hypothetically 'spread like wildfire', a post-Linux dominant world would be just as diverse, since everyone would support open technology, which means you could use any variety of systems, not just Linux, not just Gnome, not just anything.

So the computer world would become much more diverse and difficult to code malware for.

Let me say it this way...

Microsoft has a horrible security model and encourages a lack of separation of privileges or administration access, and STILL people don't get viruses DAILY, just monthly. So with a system that encourages malware to work, it's still something that you, 9 times out of 10, can fix without reinstalling everything.

This is when Microsoft hasn't really had an antivirus and most users aren't aware of the need for one.

Now take a look at Linux- not only is the base security model superior to anything else on the market, but no one has to monitor it or make it work- it's there by default. This alone would make viruses much, much less common if it were applied to Windows.

Now, think of the other features of Linux beyond the core of the system that make it more secure- people install software from the Software Center, which is full of trusted software, and you can add more from trusted ppas, making the risk of getting a virus through this software nil.

So, this leaves you only a few options for getting malware on Linux. Entering your password after making a file executable that you found on a shady website, installing an untrusted ppa, or compiling some untrusted software from scratch.

Now, what computer user other than you and I would even conceive of doing that unless it were some new, amazing program that FOR SOME REASON isn't available in the software center? This is highly improbable, especially with closed software making it into the Software Center shortly.

The only scenario where I could see this happening is someone pirating Linux software and someone patching the installed files to do something malicious, in which case it's entirely the user's fault for stealing software instead of paying for it like a responsible person would.

So yeah, if there's a popular Linux version of Photoshop being pirated from an unsafe torrent, it's possible that a bunch of thieves will get harmful software on their systems. Once we get to this point I think we'd have a virus-detection layer enabled by default on Ubuntu anyway, however.

We already have security figured out, and we constantly release security updates in our packages. Let's just say that it would be better for everyone to have Linux and a few pirates getting screwed than everyone getting attacked by self-executing viruses sent in spam emails through Windows.

And, for that matter, the diversity in the computing market will likely make writing anything but a cross-platform virus null, considering the reduced impact on users. So there would be fewer virus writers, and they would have to be insanely clever and up to date with several operating systems and their packages and finding how to exploit them.

Just seems extremely unrealistic to me. We don't really have anything to worry about, if you actually look at the situation.

The only thing that could destroy Linux are a million nuclear bombs nuclear bombs. But then, what if one Linux distro CD is found in mint condition under the rubble?:lolflag:

Something would have to devolve and learn how to turn on the computers... then the chupacabra would be in charge of bug #1, and nobody wants that.

If its impossible to happen why even think about it?

<flees>

I'm not so convinced that being open source makes vulnerabilities less of an issue. It might make them less common, but it also makes it easier for crackers to find/exploit them. I would suggest that being open source merely increases the speed by which vulnerabilities are corrected after they've been found or exploited.

But crucially, it means you can trust your supplier based on reputation-- and almost always get it right. Open source software almost never "phones home" unless it asks politely if it may do so. The phoning home is one of the biggest exploitable holes in the entire proprietary software ecosystem. See man in the middle on wiki, and I'll shut up now.

<flees>

Why bother looking through code for vulnerabilities in the OS when you can just create a trojan to trick gullible users into compromising their own security?

Works on every platform, no matter how "secure."

Linux kernel is used in most mission critical apps across the globe, we benefit from the security of that so yes unlike Linux desktop, enterprise is a different story. This is typical defense peddled by Windows fans to defend their OS and put down Linux, they always cite the obscurity factor when the reverse is true, the fact that most critical systems run linux and we get to use the same kernel as they use, we benefit from the enhanced security and we also benefit from the basic design of UNIX.

+1.

:popcorn::popcorn: