from Hacker News

Linux being secure is a common misconception

by WallyFunk on 11/26/23, 3:13 PM with 118 comments

  • by devit on 11/26/23, 4:16 PM

    Well, the biggest advantages of Linux are that the OS vendor is not itself malicious (in particular, does not collect telemetry, push advertisements or attempt to restrict your use of the system like Microsoft and Apple do), the OS is relatively unpopular and thus not a profitable target for malware directed to end-users, and it is flexible and customizable.

    You need to use VM-based isolation to have good security with Linux beyond that (i.e. use Qubes or a similar alternative).

  • by indymike on 11/26/23, 5:10 PM

    This line, to me, caused me to become much more critical of the article:

    "such as Windows, which is leaning heavily towards Rust, a memory safe language,"

  • by xorcist on 11/26/23, 4:55 PM

    That anything is not completely secure is a truism.

    In what way? Compared to what?

    Linux is not as secure as some research-level operating systems, but that comparison is not very useful for most people. Among mainstream operating systems, Linux contains comparably few surprises.

    There's also the fact that, like with much of open source, when the developer's interest align with yours the tools get more effective. Contrary to what you read on the Internet, most actors in the Linux ecosystem take security seriously.

    That the article references Spengler and Micay says a lot. That's like referencing the UNIX Hater's Handbook. That handbook was mostly right, but also not very practical. But over time it has done more for unix than most other texts, because it was mostly read by unix developers. The situation with these guys is mostly the same. A lot of the ideas voiced by them has been the basis for new features, just not in the form they were made originally.

  • by ramshanker on 11/26/23, 4:11 PM

    “I am secure”, ohh well “Xyz is secure”, is a common misconception. Anyone remember the old saying “ given enough time and tools, all locks are broken”.

  • by upofadown on 11/26/23, 4:53 PM

    Sometimes things are secure for no particular reason. Something might not do the things you think are important for security but that does not mean that that thing is insecure. There are almost an infinite number of things you can do in the name of security. The failure to do those thing is not evidence of a problem.

    So if you want to show that Linux is insecure you have to directly show that it is.

  • by TrueDuality on 11/26/23, 4:05 PM

    iOS being secure is also a common misconception. A bit of an extreme example but that is a meaningful problem as opposed to Linux on the Desktop cases.

    The problems pointed out in this post are almost all around usability as Linux on Desktop. The author admits the tools exist but are hard to use in most of the cases. Where features are missing its a misunderstanding of the Linux world.

    A lot of these protections either live under different names outside of the Windows world and the ones that aren't don't exist because Linux protects things in a different less vendor-lock-in way. This is very apparent in the virtual machine section which are about protecting host kernel primitives from the VM... Linux doesn't expose _any_ host kernel primitives to the VM. The closest is narrow drivers, properly sandboxed and isolated in userspace, that are minimal and have their own security guarantees.

    eBPF is far from a dangerous feature, C is only a dangerous language when that danger isn't managed, and the Linux kernel is top-of-class for managing those features, there is the same root boundary issue in Windows and is a deep source of security problems (root on Linux CAN be restricted through both seccomp and SELinux policies unlike SYSTEM).

    Things could be better for sure in the Linux world, but pretty much everything besides secure defaults here requires a level of effort or access to attack that requires full compromise of the machine already. There is much lower hanging fruit that we need to clean up and the funny thing about Linux is that it trends hard toward security and quality over time.

    You just have to look at time to fix patches for security vulnerabilities, not just in the kernel but in any packages maintained by security distributions. The author calls out not getting patches back-ported, without looking into the patches that don't get back-ported. RHEL won't backport fixes for features that aren't compiled in for example.

    There was a post earlier this week about the CVSS scores being different between NVD and RHEL's bug trackers... It was because the networking functionality of that package wasn't compiled in so there was no possibility of remote execution .

  • by timetraveller26 on 11/26/23, 4:40 PM

    Linux may not be totally secure but it is securest of all the viable options.

  • by paravirtualized on 11/26/23, 5:56 PM

    It's highly unlikely that any operating system can be as secure as Qubes OS[1], simply by considering the model itself. Especially if using Whonix[2] VMs to browse the internet. It is based on GNU/Linux and Xen.

    Each piece of software can be separated into its own VM. It uses read only templates for the root filesystem, making it difficult for malware to persist.

    Templates have no access to networking or hardware making it difficult for them to be compromised, AppVMs where you run software can be treated as throwaway and be trivially destroyed after each use.

    Dom0 has no access to networking, USB devices and runs no software. Total compromise would require a hypervisor escape.

    It is designed with the assumption that you will be owned start to finish.

    [1]: https://www.qubes-os.org/

    [2]: https://www.whonix.org/wiki/Qubes

  • by mid-kid on 11/26/23, 5:39 PM

    There's no worse way to be right than being technically right. Most of these points are essentially the state of the art of desktop operating systems, or pure speculation, and the fact that they aren't perfect or widely used yet is usually because of tradeoffs that must be made in favor of usability.

  • by cal85 on 11/26/23, 4:46 PM

    > Due to inevitable pedanticism

    Pedantry ;)

  • by hackeraccount on 11/27/23, 3:52 PM

    I think the two important statements which I think almost everyone would agree with are:

    1 - against a resourceful enough opponent a networked OS being used by a human is (probably) never secure.

    2 - the biggest insecurity in any OS is the person running it

    3 - a knowledgeable person can use / secure any OS to a degree that will avoid 99.99% of the vulnerabilities (excepting point 1)

    I like Linux, I tend to think that when I want to increase security on a Linux system the tools are there and work. That said I'm sure that same thing can be said for OSX and Windows.

    I do tend suspect that the best of the bunch - out of the box, naive user - is probably IOS. Linux is probably a close second because that naive user will find it harder to create problems and it's just a smaller target because of smaller installed base (and there's a little more heterogeneity among the distributions)

  • by Timber-6539 on 11/26/23, 4:26 PM

    Flatpaks don't necessarily aim to sandbox applications by default. They just give you the platform to DIY in the easiest way possible, esp when coupled with Flatseal. If we really want to criticize Flatpaks for allowing access to /home or x11 for compatibility reasons, then we should do the same to traditional applications which are packaged non-sandboxed with the same permissions anyways. And before you say that this is an issue because of unknown contributors to popular Flatpak applications, verified apps from the project owners themselves ship with these same "express" permissions.

    As far as I am concerned, no general purpose OS will ever come hardened to max defaults; which seems to be the standard applied for security here.

  • by SamuelAdams on 11/26/23, 5:15 PM

    People also assume all defaults are “safe”, and that the out of the box configuration does not need to be reviewed.

    For example, I just installed Fedora Ashai Linux last night and discovered that the sshd daemon is listening on port 22 by default. Not sure if there was an easy to guess password for that, but it was not mentioned at all in the installer and could have been a big problem if I had not caught it.

  • by butz on 11/26/23, 5:42 PM

    I agree that "Linux" is not secure, but there must be at least a few Linux distributions that are made as secure as they can be.

  • by 1vuio0pswjnm7 on 11/26/23, 9:02 PM

    The article mentions reducing attack surface several times (in the context of VMs, sandboxing, etc.) but it never considers the ability to reduce the surface of the entire OS (no VMs, sandboxes, etc.). What are other OS that make shrinking the size of the entire OS even easier. Do they exist.

  • by tpoacher on 11/27/23, 12:00 PM

    Placing Flatpak as the top argument on that list to demonstrate insecurity for linux more generally, is a bit like saying your house is insecure if you use a padlock instead of a proper lock, so you shouldn't own a house more generally.

  • by rascul on 11/26/23, 6:32 PM

    Might be that none of that really matters. Figure out what security goals you want to meet for your use case and take the necessary steps to get there.

  • by PrimeMcFly on 11/26/23, 5:45 PM

    With the kernels devs attitudes toward security vulns, of course it is.

    Then again there is stuff like SELinux available which balances things out.

  • by MongoTheMad on 11/26/23, 6:15 PM

    Am I missing something? Isn't SELinux supposed to mitigate/stop the attacks described?

  • by Thaxll on 11/26/23, 4:58 PM

    "Most programs on Linux are written in memory unsafe languages, such as C or C++"

    ?

  • by betaby on 11/26/23, 4:50 PM

    Meh! From the article "In macOS, all applications require user consent before accessing sensitive data"." Well and once given have access to all "Files and folders Note: Includes: Desktop, Documents, Downloads, network volumes, and removable volumes", absolutely in a same way as in Linux. Additionally when installing packets in Linux I would say you give permissions by answering 'yes' to apt/dnf. Such small nuances between MacOS and Linux are not important. Additionally author ignores the fact SELinux may provide protection from accessing random files by random app.

  • by asylteltine on 11/26/23, 5:10 PM

    Mac OS and iOS are beyond a doubt the most secure operating systems. I’m not saying they are bulletproof, but are definitely the most secure compared to anything on the market. Linux desktop is laughably insecure, as much as I love it. Windows? I guess with hardware backed bitlocker(apparently not even the default lmao) is alright.

  • by wly_cdgr on 11/26/23, 4:38 PM

    It is easy for ugly people to be chaste, if you know what I mean

  • by rolph on 11/26/23, 3:54 PM

    so should we all switch to whonix ?

  • by theevilsharpie on 11/26/23, 4:13 PM

    (2022)

  • by kakaz on 11/26/23, 4:42 PM

    Is Microsoft founding FUD campaigns again?

  • by 1970-01-01 on 11/26/23, 3:47 PM

    Linux being insecure is also a misconception, because its so damn fragmented. Only when a Linux flavor matures does it become a target for hackers.