It's Not Magic
Writings of a techie wizard
Fri, 09 Aug 2013
A while back I blogged about the Linux kernel site (not) being cracked. That is, someone had indeed cracked the server, but had not been able to do any damage because all of the files stored there were cryptographically signed in a way that could not be forged. Strictly speaking, that was not a story about how Linux itself is more secure than other operating systems; but the fact that the Linux kernel developers took such precautions certainly indicates a mindset towards security that is different from that of certain other operating systems.
Yesterday ZDNet reported on some more direct evidence of Linux's security as an operating system, not just the security of its kernel repository. There is a Linux virus out there called "Hand of Thief" which apparently can do quite a bit of damage, if it gets installed on your Linux system. (By the way, contrary to what the opening sentence of this article might lead you to believe, this is not the first time such a thing has happened; Linux viruses have been in the wild for years, doing negligible damage, for precisely the same reasons as this one is doing negligible damage, as we'll see in a moment.)
The problem (at least, it's a problem from the standpoint of whoever wrote the virus) is that qualifier I put in: if it gets installed on your Linux system. The article notes:
That probably doesn't sound as dramatic as it actually is. When a virus author admits that he has "no good ways" of infecting a Linux computer, that's like a bank robber admitting he has "no good ways" of getting into Fort Knox. He's admitting defeat, pure and simple.
Evidence like this is nice because it cuts through all the opinions and arguments among experts on a question like this. As you can see on Wikipedia, there are indeed experts on both sides of this question. But experts can have plenty of reasons for promoting a particular opinion, particularly if the experts happen to also sell anti-virus software. So it's refreshing to see evidence that doesn't depend on anything like that.
You may be wondering about the last part of the above quote, that talks about "email and social engineering". Does that mean Linux won't protect you if you accidentally click on the wrong link or open the wrong email attachment? And don't all those anti-virus programs for Windows advertise email scanning, link scanning, etc.?
It's certainly true that no operating system can protect you from yourself; if you try hard enough to run malicious code, your computer will run malicious code. And that's true even if you're running all those anti-virus programs with email scanning, link scanning, etc. At best, such programs can remind users who need reminding that they shouldn't indiscriminately click on links or open attachments; but these days, there aren't many users left who even need such reminding. And no such scanning program can ever spot all possible malware; at best such programs are an arms race, with malware writers constantly finding new tricks and anti-virus writers trying to update their programs to spot them. No program can replace human judgment about whether something looks fishy.
But with Windows, even if you do practice good Internet hygiene, you can still get infected, because there are just too many holes in the system. Windows was not designed from the ground up to be secure; security has been bolted on to it as an afterthought. The very existence of the anti-virus industry is due to this fact. (And by the way, that's also true of the Linux wing of the anti-virus industry; if you look at the Wikipedia article I linked to above, you'll see that even the experts who advise running anti-virus software on Linux do so only because it allows you to scrub files that come from Windows systems.)
Some Windows users may be thinking, what about the popup that appears whenever you try to install a new program, asking if it's OK to change system files? Won't that protect you? Yes, if Windows spots the attempt to modify system files. But on Windows, there are plenty of ways for malware to get in without triggering the parts of Windows that monitor for such attempts. On Linux systems, many of which now implement a similar prompt since it's easier than having a completely separate administrator account, there is no way to modify any system files without triggering it, since unless you've responded "yes" to the prompt your user account has no permissions to change anything except your user files.
And let's suppose you do slip up and malicious code manages to run on your machine. There's still a big difference between a Linux system and a Windows system. On a Linux system, malicious code can certainly mess up your user files. But it can't corrupt the system unless you really slip up; just clicking on the wrong link or opening the wrong email attachment won't do it. So cleaning things up is easy, because you can still depend on the system files to be clean. If you get malware on a Windows system, you can't really trust anything, and most often the only remedy is to wipe the hard drive and reinstall.
Of course now all the Mac users are thinking, doesn't OS X have the same security features as Linux? After all, they're both variants of Unix, which is the original source of the security model. That's quite true. But then why is there anti-virus software for OS X?
There are experts on both sides of this question too; some say OS X doesn't need anti-virus software, for basically the same reasons that Linux doesn't. I'm inclined to agree with this, and to interpret the fact that companies sell OS X anti-virus software as saying more about those companies' ethics than about OS X's security or lack thereof. But maybe that's just me.
However that may be, the article also contains an interesting tidbit:
In other words, Apple's approach to keeping OS X secure is to make it less functional. I'm no fan of Java or Flash, but the fact remains that a lot of Internet content is packaged that way, so just punting and saying you can't install it isn't very helpful. It's not as though it can't be done: Linux systems manage to run Java and Flash without compromising security, by making sure that secure versions of them are available in cryptographically signed repositories, so you can check that they're the right versions when you install them. And although third parties can write "Apple-approved software"--if they're willing to pay Apple for the privilege--the quantity of such software available is nothing like the quantity that's available for Windows or Linux.
All of which is just another reason for this:
peter@localhost:~$ uname Linux
(Update: there is a discussion of this post on Hacker News.)
Open Source Projects
Old Open Source Projects
Copyright © 2011-2014
by Peter A. Donis
All Rights Reserved