Is Linux more secure than Windows?
While neither Linux or Windows can claim to be 100% bulletproof, the perceived wisdom is that Linux is more secure than Windows. We try to find out if that’s the case.
By Olga Apostolova January 22, 2020 57276 views
Not that long ago hackers were not sophisticated or organized in criminal networks and all operating systems were reasonably secure. Fast-forward a few years, stealing data has turned into a business, and security is on everyone’s mind. So a good time, then, to investigate if the niche operating system Linux is more secure than the most widely used one, Windows.
How secure is Windows?
77% of computers today run on Windows compared to less than 2% for Linux which would suggest that Windows is relatively secure. Indeed, recently, Microsoft introduced a massive improvement to its operating system’s codebase. They added their own antivirus software system, improved firewalls and implemented a sandbox architecture, limiting programs from accessing the memory space of the OS or other applications. Still, Windows is in a tight spot. As you might expect, the volume of malware developed for an operating system is proportionate to its popularity. Windows has a large market share and because of that, it is a bigger target for scammers. Compared to that, there’s barely any malware in existence for Linux. That’s one reason some consider Linux more secure than Windows. In addition, many believe that Windows architecture makes it a little easier for users to download malware compared to Linux. On Windows, all you need to do for viruses and spyware to run is to double-click on an “.exe” file. When we asked Vivaldi devs to verify this statement, they told us that there are some safeguards against that. By default, current versions of Windows will warn you if you download an “.exe” from the Internet using a technique called “ Mark of the Web ” (that’s as long as your browser correctly marks it as a download). There are also various executable signing options to make sure that “.exe” files come from a trusted source. However, by default, that protection is not set to a high enough level, since unsigned applications can still run. In contrast, freshly downloaded executables are treated as dangerous, and Windows 10 makes you perform actions on warning dialogs before they will run. This “weakness” of Windows architecture might be why some consider Linux more secure than Windows. And also why Windows users are constantly prompted to download updates to their antivirus application and firewall software. This was indeed the case with the very recent software update to fix an issue flagged by the NSA that could allow attackers to successfully spoof code-signing certificates and use them to sign malicious code or intercept and modify encrypted communications. Still, not all malware developed for Windows will run on all Windows devices. For example, a virus built for XP may not run on Windows 10. This makes it harder for malware developers who have to keep up with the ever-changing platforms.
Is Linux more secure by design?
Many believe that, by design, Linux is more secure than Windows because of the way it handles user permissions. The main protection on Linux is that running an “.exe” is much harder. Linux does not process executables without explicit permission as this is not a separate and independent process. You’ll have to chmod +x a file before you can run it. However, that’s changing. More and more Linux systems simplify things by understanding file extensions (double-click an .html file, and it will open a browser), so users are now relying on the security of every application. That means that an exploit in an image viewer can become a system exploit if you can get the user to double click on a .jpg An advantage of Linux is that viruses can be more easily removed. On Linux, system-related files are owned by the “root” superuser. If infected, viruses can be easily removed as they can only affect the user account where they were installed, and they do not affect the root account (if the computer has one – Ubuntu does not normally use a root account, most other Linuxes do). On the downside, Linux has been very slow to fix these “privilege escalation bugs” and there have been some from time to time. Because they can only be used by a local user account, they are not considered as serious as a remote exploit. However, Vivaldi devs reckon that once the malware is running locally, it can use them to become root and remove all of that permissions protection. Being able to compromise a user account can be just as bad as being able to compromise a root account. Linux has more things going for it though. It has a large community of developers reviewing its code and making sure there are no back doors. Some have called Linux the most secure OS simply on the grounds of its large “team” of Linux user-developers around the globe. The diversity of Linux distributions (as opposed to the relative monoculture on Windows) is another shield for Linux users. Some of these distributions have been built specifically around security. Edward Snowden, for example, has endorsed Qubes OS saying that if you’re serious about security, Qubes OS is the best operating system available today and that it’s what he uses. Some Linux distributions have been accused of bad security practices but assuming your chosen distro (Ubuntu, Red Hat, Qubes OS, others ) has a good reputation for security, you can use it safe in the knowledge that it has all the necessary security patches applied. All this is not to say that Linux machines cannot be infected (remember the Heartbleed bug in 2014), it’s just harder to do. That (and the cost probably) is the reason most of the web runs on Linux servers.
Security beyond the operating system
- Networking . Having a firewall is extremely important on both Windows and Linux. Make sure you know how that side of things works on your machine.
- Phishing . This threat is the hardest to prevent as anyone can be tricked into disclosing a username, password, or other sensitive stuff. Beware that “social engineering” is the preferred method for a huge chunk of scammers. By sending emails posing as PayPal or Netflix, they will try to steal your passwords and, consequently, credit card information.
- Choice of browser . Your choice of OS won’t protect you from phishing attacks but your browser might . Many browsers check for known malicious websites or websites that offer malware for download. For example, Vivaldi will ask you explicitly if you want to run an executable file.
- Malware . When shopping around for software, you can be tricked into downloading and running suspicious software, extensions, or plug-ins that open the door to malware. Before installing anything on your machine, look up reviews, check if the software is used by a respectable number of people, as well as install it in a sandbox. And keep it updated! On Linux, stick to trusted repositories or download from official and trusted sites (e.g. download Vivaldi browser from vivaldi.com).
What are your thoughts on this? Is one OS more secure than the other? Is Linux more secure than Windows?
The good news is that no matter which OS you go for, Vivaldi is out there for you. It is also available for Mac, and a beta version is available for Android devices. We’ve got you covered!
Why is Linux considered more secure than Windows? [closed]
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Why is Linux considered more secure than Windows? Is there some sort of recent security report that proves it? I have come to believe that Linux has been safer so far, but now as we have Windows 10, is Linux still better in security?
I think the only real answer to your question is: «Every OS is equally secure in the hands of a competent administrator». For a more detailed answer, you’ll need to think about things like: what programs are running? What is your patch process? End-user or server? What kind of network infrastructure is it running in? Are you include in your statistics that your average Linux user tends to be more tech-savy than your average Windows user (and therefore less likely to download and run suspicious files).
One thing that gives Linux a slight edge is the source code is available for almost everything and anyone can develop a patch and post it for other users to adopt. If you have Windows you can’t get anywhere near the source code and your at Microsoft mercy for any patches.
@RobertMennell Considered by whom? Certainly not by any knowledgeable professional (assuming they are willing to put their religious feelings aside).
You can decide for yourself, see madaidans-insecurities.github.io/linux.html other than that it mostly depends on choice of software. Yes, anyone can develop a patch if source code of application is public but most developers simply don’t care about vulnerabilities and it remains unfixed for months or even years, what I mean is open source does not guarantee security.
1 Answer 1
Linux isn’t really more secure than Windows. It’s really more a matter of scope than anything. No matter what malware, exploits, and bad users exist EVERYWHERE. One being more secure than the other is nothing more than anecdotal evidence.
Malware exists for *nix, Mac, Windows, Android, iOS, Symbian, Xbox(yes), hard drives, and bios.
No operating system is more secure than any other, the difference is in the number of attacks and scope of attacks. As a point you should look at the number of viruses for Linux and for Windows. You’ll see a trend in that Windows has FAR more viruses for it than Linux does and that’s purely because it’s more lucrative to hack for Windows since you have a greater chance of getting the thing you want. For all we know there might be a critical flaw in Linux that would open the world to pain if discovered. It hasn’t been yet, but it could be there.
Really however OS security comes down to usage, habits, behaviour, and users just as much as it does software, hardware, security, and passwords. Your computer can be safe in an infected network as long as you do the following:
Constantly ask yourself «How do I keep MY computer safe?»
Really all you can ever do is work to keep your computer safe. That includes most notably safe computing habits. You could run for years without anti virus* and never get a virus as long as you’re safe and you keep your computer safe. I’d still run an anti virus though since you could be safe all you want and make a single mistake.
After all those big data breaches you often hear about aren’t usually on computers, but servers running special software, and it’s the software itself that gets attacked and exploited to extract the data. What this means is that your computer is as safe as you make it. They didn’t make theirs very safe.
Of course even if you make that software as secure as possible, it’s all meaningless if someone manages to steal your credentials. In most data breaches an administrator gets phished, and their credentials are used to log in and steal the data. Here you can see that it didn’t matter that the computer was safe since the user was attacked.
This really shows that there are two parts to security: The security of others (never trusted) and the security of yourself (only as good as you make it). To that end we all just try to make sure that the security of ourselves is as good as it can be. Herd immunity doesn’t really apply to computer, so we have to keep them safe through our habits, usage, software we put on there, and making sure not to let in anything bad.
The world’s most secure computer is turned off, not connected to anything, buried six feet underground, and destroyed.
Notes: *: Note the same as no security!