What is more secure, desktop Linux or Windows?
- Thread starter Stenographers
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Apr 5, 2021
- 571
I wouldn't call myself a seasoned system administrator, but I was a sysadmin for a while before becoming a security engineer. My understanding is that Fedora is more secure out of the box, but both can be configured to be reasonably secure. But I've been wrong about things before, and I'm hoping to get some different perspectives, sysadmin or not
I wasn't actually being sarcastic or making an attempt at poor humor with my response. In fact, my response was such because I truly have no idea which is more secure, especially if you are talking about servers. Even if you are talking about a home desktop workstation, I still don't know the answer. I believe SELinux, based on what I've read, is better suited to servers, rather than a workstation. It looks as though considerable expertise is required to set it up correctly, less one locks themselves out of their system
In my humble opinion, I believe Linux for a home workstation is far more secure than a Windows based home workstation, mainly because it is not the desired target that Windows is. Security through obscurity? I guess so. Currently I'm running openSUSE Leap 15.5 with several default processes already enforced with Apparmor, with the addition of NetworkManager (usr.sbin.NetworkManager) added myself, because it has ports open to the internet. No need whatsoever for any kind of useless antivirus on any Linux environment I've ever run. I've always used what's already built in to the kernel:
- Apparmor
- built-in firewall
- Download applications from the recommended repositories - for the most part.
- Encrypt the Linux partitons, although I do the same on Windows with Bitlocker.
EDIT
I also don't appreciate the spying and overall nanny control Microsoft has imposed on their end users over the years, especially now where it is the worst it's ever been. My vote went to Linux.
Last edited:
- Jun 22, 2020
- 165
antiviruses are not useless, for me Linux is much less secure than Windows and for several reasons:
1.Microsoft has many people dedicated to system security.
2. The number of users who use Linux is much less than the number of users who use Windows, therefore all malware is eaten by Windows. Is it putting in the scenario of what would happen if Linux received all the malware that attacks Windows? would it hold? the answer is no and it is simple. The number of people working for linux is very small.
The only "advantage" I see in Linux is that it is a low level system, so the hardware has more direct conversation with the system, unlike Windows which is high level.
Greetings.
And another thing, the Windows kernel is encapsulated, even if there are bugs or security holes that can enter the kernel, that makes it much more secure.
- Apr 5, 2021
- 571
Your response looks to be based on speculation, much like my response is based on. I see antivirus as mostly useless, especially paid versions, because of the numerous False positives they present. Risk vs reward with a paid AV is not worth it, because most careful home work station users will never need it. It's basically a waste of hard earned money.
I've used many flavours of Linux over the years, without any paid security products, and for my requirements, it has never once been compromised by malware. Luck or because of mostly end-user common sense, as well as the way I secured it with its built-in security features? I'd say the latter. Using Windows, I was compromised by malware on at least three occasions, mainly due to my own cavalier actions, and not because of a weakness in Windows.
- Nov 11, 2022
- 48
I’m sorry, but what exactly do you mean by Linux being a more “low level” system? Can you explain what that entails? And what is this Windows kernel encapsulation you’re talking about? Because googling “windows kernel encapsulation“ doesn’t yield any documentation. My concern is that you are retelling 2nd hand information you got somewhere and making wrong assumptions about what you’ve been told. This is dangerous when it comes to people looking for security advice.
- Aug 22, 2013
- 825
OMG... Linux is not just a collection of distros that some nerds use in their desktop. It's in your routers, your Android phone, your smart watches, your tv sets and I can go on and on. The total windows os installation would only be 10% of what Linux is in. Most of us uses one version of Linux in our daily life without knowing it's Linux. Apar from that 99% internet facing servers in the world is built around Linux kernel and when you consider the number of attacks it all receives would be far greater than the total number of attacks against all the installation of windows. So you are highly mistaken on that point of argument I suppose.
- Jun 22, 2020
- 165
There are low-level and high-level systems. The low level means that the system is direct with the hardware. The high level is normalized, and there is an intermediary between the hardware and the system. When you install linux and windows at the same time. Linux is prioritized in the system and it is he who gives the pass to windows to work. It uses grub which is the linux launcher to allow me to start windows.
- Jun 22, 2020
- 165
If android is linux, and did you know how attacked the system is?, it receives more attacks than windows itself. Android has more security holes than Windows.
Whether the Windows kernel is encapsulated. You can't get access to it.
- Jun 22, 2020
- 165
Most of the people who make malware make it on Linux, for Windows, for what reason? because it is the most used system. Just because you haven't used an antivirus doesn't mean it's useless. It's like getting in a car and never wearing a seat belt and saying because I've never been in an accident, it's not worth using it. Well on the internet it's the same. It is not recommended to navigate without protection. Linux is a system used by few people (leaving aside android). It is normal not to receive attacks. But what would happen if Microsoft was the one that nobody uses and Linux was the most used? It would be a linux malware strainer, the number of people dedicated to making security changes in linux is low, it is free software to start with. A free software will never be at the level of a paid one. That is my humble opinion.
Greetings.
- Mar 9, 2014
- 545
This might help:
www.dedoimedo.com
The gist is that most don't have the time or the knowledge to tweak with systems, fix problems themselves, etc., so they look for something that meets their needs (which include using things like MS Office and Adobe products) and that can work especially during mission-critical phases, plus allow them to do leisurely things like buy online, watch videos, and play games. In addition, they want to use the latest device, component, hardware, software, game, etc., especially with new features and services offered by various companies.
Meanwhile, all operating systems are vulnerable, malware developers usually target those that are used most, and to deal with them software developers have to continuously patch, especially given new vulnerabilities created when new features and/or hardware are added, etc.
That means most want operating systems that can run the latest software and hardware and the most popular software and hardware, that have readily available technical support, and that are regularly patched for maintenance, new software, hardware, and features, and against vulnerabilities. These cost money.
They might not work against new malware, so protection is needed. The cost for several devices can be almost the equivalent of buying one hard drive every year or so. Sometimes, there are promos, but prices still go up eventually.
For privacy, technical support always leads to a lot of intrusion, especially when damage involves the operating system. Sometimes, problems might involve a program that you installed for various personal files.
For similar reasons, security programs are intrusive, too, and free versions are used to monetize.
In short, what you should use will depend on how much time, skills, and money you have to deal with problems yourself, and that can including moving from one OS to another if the one you're using gets abandoned, etc.
Similarly, if you move to an OS that you're less familiar with, then you will have to do a lot of research and preparation for the move. For example,
www.dedoimedo.com
Finally, I remember asking this to Linux users, and I mentioned that many in my family are computer novices. They advised me to stick to Windows.
The Year of the Linux dissatisfaction
Article explaining my recent negativity and dissatisfaction with the Linux distribution testing, focusing on the state of the wider Linux desktop ecosystem, my requirements for home and work, my present and past usage of Linux, my testing rigor, missing or inadequate capabilities like graphics...
www.dedoimedo.com
The gist is that most don't have the time or the knowledge to tweak with systems, fix problems themselves, etc., so they look for something that meets their needs (which include using things like MS Office and Adobe products) and that can work especially during mission-critical phases, plus allow them to do leisurely things like buy online, watch videos, and play games. In addition, they want to use the latest device, component, hardware, software, game, etc., especially with new features and services offered by various companies.
Meanwhile, all operating systems are vulnerable, malware developers usually target those that are used most, and to deal with them software developers have to continuously patch, especially given new vulnerabilities created when new features and/or hardware are added, etc.
That means most want operating systems that can run the latest software and hardware and the most popular software and hardware, that have readily available technical support, and that are regularly patched for maintenance, new software, hardware, and features, and against vulnerabilities. These cost money.
They might not work against new malware, so protection is needed. The cost for several devices can be almost the equivalent of buying one hard drive every year or so. Sometimes, there are promos, but prices still go up eventually.
For privacy, technical support always leads to a lot of intrusion, especially when damage involves the operating system. Sometimes, problems might involve a program that you installed for various personal files.
For similar reasons, security programs are intrusive, too, and free versions are used to monetize.
In short, what you should use will depend on how much time, skills, and money you have to deal with problems yourself, and that can including moving from one OS to another if the one you're using gets abandoned, etc.
Similarly, if you move to an OS that you're less familiar with, then you will have to do a lot of research and preparation for the move. For example,
Moving away from Windows - the software checklist
Follow-up article explaining my rationale for moving away from Windows as the operating system of choice, focusing on software parity between Windows and Linux, with a detailed breakdown of application categories, native or equivalent functionality, WINE support, and other key factors
www.dedoimedo.com
Finally, I remember asking this to Linux users, and I mentioned that many in my family are computer novices. They advised me to stick to Windows.
Agree, windows has heaps of build-in options (SAC, WDAC, CIG, SRP, SUA, ACL) which can make it a safe and secure OS.
Daniel Micay (Founder of GrapheneOS):
The Linux kernel is a security disaster, but so are the kernels in macOS / iOS and Windows, although they are moving towards changing. For example, iOS moved a lot of the network stack to userspace, among other things.
The userspace Linux desktop software stack is far worse relative to the others. Security and privacy are such low priorities. It's really a complete joke and it's hard to even choose where to start in terms of explaining how bad it is.
Interesting discussion.
The Linux kernel is a security disaster, but so are the kernels in macOS / iOS and Windows, although they are moving towards changing. For example, iOS moved a lot of the network stack to userspace, among other things.
The userspace Linux desktop software stack is far worse relative to the others. Security and privacy are such low priorities. It's really a complete joke and it's hard to even choose where to start in terms of explaining how bad it is.
Interesting discussion.
- Nov 11, 2022
- 48
I'm going to take that with a heavy pinch of salt. Are you trying to talk about virtualization based security in Windows? Because Linux applications do something similar to that, but instead of abstracting system components into HyperV VMs it uses namespaces and cgroups to isolate the application. Both Linux and Windows, via different layers of abstraction, interact with the hardware directly. That is what the kernel does in both OS's. Grub has nothing to do with this. That is one option of a bootloader for computers in general. Has nothing to do with virtualization based security or abstraction. Please stop perpetuating false information, it can mislead people into unsafe configurations and bad security decisions.
- Jun 22, 2020
- 165
false information???
Linux and Windows work differently:
Windows runs at a high level with an encapsulated NT kernel.
Linux runs at a low level with a free kernel of the monolithic type.
Greetings.
piquiteco
Level 14
- Oct 16, 2022
- 626
If you have used many types of Linux distro over the years, without any security product and you have never been compromised by malware, how can you claim this if you had no security product installed to analyze it? I think you better review your concepts about malware for linux. Feel free to read this article.
Last edited:
- Aug 22, 2013
- 825
Thare is no point in arguing about which came first the egg or the chicken. If you believe security is a feature of your preferred operating system, then God save you and your system. Security is not a feature which you can add or remove to your os, it's a set of practices that either you or your system admin chooses to deploy on your system. Consider the the case of a linux server with an open ssh port, no matter how secure your kernel/os is you are an open book to the wide open world, likewise consider a windows installation without updates for a long time, no matter what you do the system is vulnerable to an outside attacker. In both these cases the practices adopted by the end user is what compromised the system. So it all depends on the ultimate user action that makes the system secure.
- Apr 5, 2021
- 571
If you have used many types of Linux distro over the years, without any security product and you have never been compromised by malware, how can you claim this if you had no security product installed to analyze it? I think you better review your concepts about malware for linux. Feel free to read this article.
I need a more compelling reason to take an article like that seriously, when the author simply states that attackers can plant bad software on your system without your knowledge, but does not explain how they can do so. Btw, I've used many Linux distros over the years, utilizing primarily built-in security to protect them.
EDIT
The author's advice is probably geared toward servers rather than home work stations..
Last edited:
- Nov 11, 2022
- 48
Then it should be easy for you to find supporting Microsoft documentation that talks about kernel "encapsulation" or what level it operates at. For reference I've read this book, Windows Internals Book - Sysinternals, and it doesn't talk about kernel "encapsulation" nor does it cite the Windows kernel operating at a high level. Or maybe you can help me understand what you mean by high and low level? Perhaps I'm just misunderstanding something?
- Feb 25, 2017
- 2,505
- Nov 11, 2022
- 48
That is funny, no specific concept known as "windows kernel encapsulation." Oh and look at that it handles low level operations. What was that about it operating at a high level that guy was saying?
Similar threads
