Is Securing Windows worth it?

[bribon77]

Malware is focused on 99% for windows and 1% for linux, ie if I visit a malicious page even if it is infected if I use linux will not affect me because Win malware does not work on linux.

 

[Andy Ful]

Malware is focused on 99% for windows and 1% for linux, ie if I visit a malicious page even if it is infected if I use linux will not affect me because Win malware does not work on linux.

That is not true for the web based malware samples, because they are running the code which is hosted by the web browser (usually JavaScript).

 

[bribon77]

That is not true for the web based malware samples, because they are running the code which is hosted by the web browser (usually JavaScript).

What I mean is that my system if I use linux is very difficult to get infected because the malwares of windows do not run on Linux.

Also the test is that nobody comes to MT that uses Linux asking for help because it is infected.

 

[Azure]

Can Linux protect a user from phishing?

 

[shmu26]

Can Linux protect a user from phishing?

No.

 

[bribon77]

Can Linux protect a user from phishing?

No, but the linux user knows that and takes action.

 

[dJim]

Linux it´s not a real solution, at least for most users, wich are gamers. or need work with team with programs designed for windows linux problem its like android,, very fragmented if they all united just can dream with master of all OS xD. anyway normal user hardly can get infected with some serious malware, meanif you are not constant installing news strager programs or click in suspicious links you dont had to worry for real.

 

[shmu26]

Linux it´s not a real solution, at least for most users, wich are gamers. or need work with team with programs designed for windows linux problem its like android,, very fragmented if they all united just can dream with master of all OS xD. anyway normal user hardly can get infected with some serious malware, meanif you are not constant installing news strager programs or click in suspicious links you dont had to worry for real.

Team working is harder with Linux. You can get around the problem with online tools, or, for instance, by using something like LibreOffice or Google Docs and saving your docs in MS format when you finish. Sometimes this works quite well, sometimes not.
Google Docs has a bug with Hebrew text in bold when converted to doc format, I have been reporting it for years. But there is a workaround: convert to RTF.

 

[shmu26]

malware inside the browser;

Disable the browser's javscript by default, and only enable it when needed.

 

[Andy Ful]

No, but the linux user knows that and takes action.

Do you say that the users should start from Linux, and next (after they learn safe habits) try Windows?

 

[Andy Ful]

Disable the browser's javscript by default, and only enable it when needed.

Also Java web apps, Flash, ...
There are also the phishing web pages ...
If you can do it, then you are probably trained to use Windows.
But anyway, if someone is happy with Linux, then there is no reason to use Windows.

 

[ForgottenSeer 72227]

As for Malware, Linux is extremely vulnerable, doesn't even include a Firewall from the get go. The only thing that makes people believe Linux is more secure than Windows is the fact it's not heavily targeted. But if Linux was as targeted as Windows it would fall in seconds with no effort.

I rarely see people infected with malware nowadays, and there's lots of suites like Kaspersky which are install and forget.

I agree!

One can argue that Linux did do some things better than Windows when it came to security, however IMHO Windows has finally caught up for the most part. OS's in general are so massive now a days that there will always be bugs and vulnerabilities, it's just the nature of things. Malware infections are very few and far between in my experience. Those that do get infected, is usually because of things like cracked software, clicking on links/ad's, not updating Windows/other software, etc... It's more to do with habit's than anything else IMO.

It's all about market share when it comes to hackers wanting to attack a particular product. In the case of Linux it's market share is what is really keeping it secure, it doesn't mean it's not vulnerable. On the flip side, some times I think these situations create bad habits as you get people with the mentality like "well I can do anything and everything I want, I'll never get infected because I'm using Linux, not that stupid Windows."

The common dangers for Windows users:

1. cracks, pirated software, malicious email attachments.
2. phishing webpages, malware inside the browser;
3. friend's pendrive (or USB drive).

The common dangers for Linux users:

1. phishing webpages, malware inside the browser;

So, let's say that Linux is trhree times as secure as Windows. But, it is still insecure for the happy clickers due to web browsers (hacked email and shopping accounts, stolen credit card data, stolen passwords, etc.). There is no other way - the user must be taught/trained to avoid the common dangers.

Spot on. As I've always said your habits are just as important, if not more important than security software. They need to work together, you can't just have a piece of software, or use another OS and practice unsafe habits, as one day that software/OS will fail you. Doesn't mean you cannot get infected while using safe habits, but it significantly reduces your chances IMHO.

Can Linux protect a user from phishing?

No it can't.

TBH phishing for the most part really isn't that harmful unless you enter your information. They are usually pretty easy to spot too. For example, if you get a page that looks likes gmail and is asking you to log into gmail, but the URL has nothing to do with Google/Gmail (which they usually don't), then close the web page and your good.

 

[shmu26]

I agree!

One can argue that Linux did do some things better than Windows when it came to security, however IMHO Windows has finally caught up for the most part. OS's in general are so massive now a days that there will always be bugs and vulnerabilities, it's just the nature of things. Malware infections are very few and far between in my experiences. Those that do get infected is usually because of things like cracked software, clicking on links/ad's, no updating Windows/other software, etc... It's more to do with habit's than anything else IMO.

It's all about market share when it comes to hackers wanting to attack a particular product. In the case of Linux it's market share is what it really keeping it secure, it doesn't mean it's not vulnerable. On the flip side some times I think these situations create bad habits as you get people with the mentality like "well I can do anything and everything I want, I'll never get infected because I'm using Linux, not that stupid Windows."



Spot on. As I've always said your habits are just as important, if not more important than security software. They need to work together, you can't just have a piece of software, or use another OS and practice unsafe habits as one day that software/OS will fail you. Doesn't mean you cannot get infected while using safe habits, but it significantly reduces your chances IMHO.



No it can't.

TBH phishing for the most part really isn't that harmful unless you enter your information. They are usually pretty easy to spot too. For example, if you get a page that looks likes gmail and is asking you to log into gmail, but the URL is has nothing to do with Google/Gmail (which they usually don't), then close the webpage and your good.

Yeah, it's more about the user than the OS. An impulsive user will eventually get himself in trouble, no OS can stop him.

 

[ForgottenSeer 72227]

Yeah, it's more about the user than the OS. An impulsive user will eventually get himself in trouble, no OS can stop him.

I agree.

They way I look at it, is that it's no different than that real world. What I mean is, there are consequences to everything. For example no one can just go around breaking into stores/banks and stealing merchandise/money, as the consequence is jail time. The same can be said for many things in life, as there will always be a consequence to doing what ever you want. What keeps society in check for the most part is the understanding of those consequences.

In the case of computing, the consequence is getting infected, losing your precious photos/music and or potential ID theft, etc... because of unsafe habits. While there's no jail time for you getting yourself infected, people don't see the consequences of their actions when it comes to using computers, until they lose everything.

 

[shmu26]

I agree.

They way I look at it, is that it's no different than that real world. What I mean is, there are consequences to everything. For example no one can just go around breaking into stores/banks and stealing merchandise/money, as the consequence is jail time. The same can be said for many things in life, as there will always be a consequence to doing what ever you want. What keeps society in check for the most part is the understanding of those consequences.

In the case of computing, the consequence is getting infected, losing your precious photos/music and or potential ID theft, etc... because of unsafe habits. While there's no jail time for you getting yourself infected, people don't see the consequences of their actions when it comes to using computers, until they lose everything.

This is the objective aspect of it.
But from a subjective perspective, a careful user on Windows often feels like he is on the defensive. Downloaded software is suspect, documents from unknown sources are suspect, your child's flash drive is suspect. So you configure your security solutions, you check for digital signatures...
On Linux, the subjective experience is very different, because you are not a target from those attack vectors.

 

[Sunshine-boy]

If instead of Windows someone uses Ubuntu
[/QUOTE]
Many apps don't work in Linux(not usable for some ppl)

1 - they have to worry much less about injections

1-HMPA
2-Any HIPS software
3-windows defender exploit guard
4-any advanced antivirus like Kpaskery, and Bitdefender, Eset can help you on that.
5-App control/SRP/APPLOCKER(can prevent it)

3 - an apparmor profile per app

1-Rehips
2-Sandboxie
3-360 sandbox
4-Comodo sandbox
5-windows store apps(app container)
6-APP-V
7-Cameyo

5 - continuous updates for all the apps

If you download your software from the store you get updates very fast(windows updates are also fast like Linux)

has a bug the other week but Linux in general doesn’t have a higher frequency of bugs

that's a valid point. but you can still use windows without any serious problem.

6 - plenty of rootkit hunter tools

idk what are them but in windows, you have enough rootkit protection/detection tools.
1-secure boot
2-early launch anti-malware
3-Measured Boot
4-PatchGuard kernel protection
5-trusted boot
6-Windows Defender System Guard
6-Pchunter
7-Hips software
plenty of rootkit hunter tools
Microsoft bug bounty is decent!to me, its the most secure os in the world(attack surface is high but that doesn't mean it's not safe or it's less secure than Linux).you can make it secure with windows inbuilt tools+thridparty av/tools
linux doesn't have an active bug bounty like Microsoft and there are probably many undiscovered vulnerabilities in Linux!

 

[bribon77]

Do you say that the users should start from Linux, and next (after they learn safe habits) try Windows?

Master@Andy Ful, with due respect. But Linux users are people who have used Windows first and realize that in terms of security is not easy in Windows, but must be an advanced user in Windows to know.
That's why Linux has a very very low user quotal.

 

[Andy Ful]

Many apps don't work in Linux(not usable for some ppl)
...
1-HMPA
2-Any HIPS software
3-windows defender exploit guard
4-any advanced antivirus like Kpaskery, and Bitdefender, Eset can help you on that.
5-App control/SRP/APPLOCKER(can prevent it)
...
1-Rehips
2-Sandboxie
3-360 sandbox
4-Comodo sandbox
5-windows store apps(app container)
6-APP-V
7-Cameyo

idk what are them but in windows, you have enough rootkit protection/detection tools.
1-secure boot
2-early launch anti-malware
3-Measured Boot
4-PatchGuard kernel protection
5-trusted boot
6-Windows Defender System Guard
6-Pchunter
7-Hips software
plenty of rootkit hunter tools
Microsoft bug bounty is decent!to me, its the most secure os in the world(attack surface is high but that doesn't mean it's not safe or it's less secure than Linux).you can make it secure with windows inbuilt tools+thridparty av/tools
linux doesn't have an active bug bounty like Microsoft and there are probably many undiscovered vulnerabilities in Linux!

That is true.
But, how many years you needed to learn about all of this?
Most people will never learn such things.

 

[shmu26]

That's why Linux has a very low user fee.

Linux users pay with their sweat.

 

[Andy Ful]

Master@Andy Ful, with due respect. But Linux users are people who have used Windows first and realize that in terms of security is not easy in Windows, but must be an advanced user in Windows to know.
That's why Linux has a very low user fee.

You know, that I like jokes.