Question What is more secure, desktop Linux or Windows?

Please provide comments and solutions that are helpful to the author of this topic.

Which is more secure, Windows or Linux?

  • Windows

    Votes: 11 30.6%
  • Linux

    Votes: 25 69.4%

  • Total voters
    36

wat0114

Level 11
Verified
Top Poster
Well-known
Apr 5, 2021
514
I wouldn't call myself a seasoned system administrator, but I was a sysadmin for a while before becoming a security engineer. My understanding is that Fedora is more secure out of the box, but both can be configured to be reasonably secure. But I've been wrong about things before, and I'm hoping to get some different perspectives, sysadmin or not :)

I wasn't actually being sarcastic or making an attempt at poor humor with my response. In fact, my response was such because I truly have no idea which is more secure, especially if you are talking about servers. Even if you are talking about a home desktop workstation, I still don't know the answer. I believe SELinux, based on what I've read, is better suited to servers, rather than a workstation. It looks as though considerable expertise is required to set it up correctly, less one locks themselves out of their system

In my humble opinion, I believe Linux for a home workstation is far more secure than a Windows based home workstation, mainly because it is not the desired target that Windows is. Security through obscurity? I guess so. Currently I'm running openSUSE Leap 15.5 with several default processes already enforced with Apparmor, with the addition of NetworkManager (usr.sbin.NetworkManager) added myself, because it has ports open to the internet. No need whatsoever for any kind of useless antivirus on any Linux environment I've ever run. I've always used what's already built in to the kernel:

  1. Apparmor
  2. built-in firewall
  3. Download applications from the recommended repositories - for the most part.
  4. Encrypt the Linux partitons, although I do the same on Windows with Bitlocker.
That's about it.

EDIT

I also don't appreciate the spying and overall nanny control Microsoft has imposed on their end users over the years, especially now where it is the worst it's ever been. My vote went to Linux.
 
Last edited:

RansomwareRemediation

Level 4
Verified
Well-known
Jun 22, 2020
157
I wasn't actually being sarcastic or making an attempt at poor humor with my response. In fact, my response was such because I truly have no idea which is more secure, especially if you are talking about servers. Even if you are talking about a home desktop workstation, I still don't know the answer. I believe SELinux, based on what I've read, is better suited to servers, rather than a workstation. It looks as though considerable expertise is required to set it up correctly, less one locks themselves out of their system

In my humble opinion, I believe Linux for a home workstation is far more secure than a Windows based home workstation, mainly because it is not the desired target that Windows is. Security through obscurity? I guess so. Currently I'm running openSUSE Leap 15.5 with several default processes already enforced with Apparmor, with the addition of NetworkManager (usr.sbin.NetworkManager) added myself, because it has ports open to the internet. No need whatsoever for any kind of useless antivirus on any Linux environment I've ever run. I've always used what's already built in to the kernel:

  1. Apparmor
  2. built-in firewall
  3. Download applications from the recommended repositories - for the most part.
  4. Encrypt the Linux partitons, although I do the same on Windows with Bitlocker.
That's about it.

EDIT

I also don't appreciate the spying and overall nanny control Microsoft has imposed on their end users over the years, especially now where it is the worst it's ever been.
antiviruses are not useless, for me Linux is much less secure than Windows and for several reasons:
1.Microsoft has many people dedicated to system security.
2. The number of users who use Linux is much less than the number of users who use Windows, therefore all malware is eaten by Windows. Is it putting in the scenario of what would happen if Linux received all the malware that attacks Windows? would it hold? the answer is no and it is simple. The number of people working for linux is very small.
The only "advantage" I see in Linux is that it is a low level system, so the hardware has more direct conversation with the system, unlike Windows which is high level.
Greetings.
And another thing, the Windows kernel is encapsulated, even if there are bugs or security holes that can enter the kernel, that makes it much more secure.
 

wat0114

Level 11
Verified
Top Poster
Well-known
Apr 5, 2021
514
antiviruses are not useless, for me Linux is much less secure than Windows and for several reasons:
1.Microsoft has many people dedicated to system security.
2. The number of users who use Linux is much less than the number of users who use Windows, therefore all malware is eaten by Windows. Is it putting in the scenario of what would happen if Linux received all the malware that attacks Windows? would it hold? the answer is no and it is simple. The number of people working for linux is very small.
The only "advantage" I see in Linux is that it is a low level system, so the hardware has more direct conversation with the system, unlike Windows which is high level.
Greetings.
And another thing, the Windows kernel is encapsulated, even if there are bugs or security holes that can enter the kernel, that makes it much more secure.

Your response looks to be based on speculation, much like my response is based on. I see antivirus as mostly useless, especially paid versions, because of the numerous False positives they present. Risk vs reward with a paid AV is not worth it, because most careful home work station users will never need it. It's basically a waste of hard earned money.

I've used many flavours of Linux over the years, without any paid security products, and for my requirements, it has never once been compromised by malware. Luck or because of mostly end-user common sense, as well as the way I secured it with its built-in security features? I'd say the latter. Using Windows, I was compromised by malware on at least three occasions, mainly due to my own cavalier actions, and not because of a weakness in Windows.
 

Stenographers

Level 2
Thread author
Nov 11, 2022
48
antiviruses are not useless, for me Linux is much less secure than Windows and for several reasons:
1.Microsoft has many people dedicated to system security.
2. The number of users who use Linux is much less than the number of users who use Windows, therefore all malware is eaten by Windows. Is it putting in the scenario of what would happen if Linux received all the malware that attacks Windows? would it hold? the answer is no and it is simple. The number of people working for linux is very small.
The only "advantage" I see in Linux is that it is a low level system, so the hardware has more direct conversation with the system, unlike Windows which is high level.
Greetings.
And another thing, the Windows kernel is encapsulated, even if there are bugs or security holes that can enter the kernel, that makes it much more secure.
I’m sorry, but what exactly do you mean by Linux being a more “low level” system? Can you explain what that entails? And what is this Windows kernel encapsulation you’re talking about? Because googling “windows kernel encapsulation“ doesn’t yield any documentation. My concern is that you are retelling 2nd hand information you got somewhere and making wrong assumptions about what you’ve been told. This is dangerous when it comes to people looking for security advice.
 

Brahman

Level 16
Verified
Top Poster
Well-known
Aug 22, 2013
794
2. The number of users who use Linux is much less than the number of users who use Windows, therefore all malware is eaten by Windows. Is it putting in the scenario of what would happen if Linux received all the malware that attacks Windows? would it hold? the answer is no and it is simple. The number of people working for linux is very small.
OMG... Linux is not just a collection of distros that some nerds use in their desktop. It's in your routers, your Android phone, your smart watches, your tv sets and I can go on and on. The total windows os installation would only be 10% of what Linux is in. Most of us uses one version of Linux in our daily life without knowing it's Linux. Apar from that 99% internet facing servers in the world is built around Linux kernel and when you consider the number of attacks it all receives would be far greater than the total number of attacks against all the installation of windows. So you are highly mistaken on that point of argument I suppose.
 

RansomwareRemediation

Level 4
Verified
Well-known
Jun 22, 2020
157
I’m sorry, but what exactly do you mean by Linux being a more “low level” system? Can you explain what that entails? And what is this Windows kernel encapsulation you’re talking about? Because googling “windows kernel encapsulation“ doesn’t yield any documentation. My concern is that you are retelling 2nd hand information you got somewhere and making wrong assumptions about what you’ve been told. This is dangerous when it comes to people looking for security advice.
There are low-level and high-level systems. The low level means that the system is direct with the hardware. The high level is normalized, and there is an intermediary between the hardware and the system. When you install linux and windows at the same time. Linux is prioritized in the system and it is he who gives the pass to windows to work. It uses grub which is the linux launcher to allow me to start windows.
 

RansomwareRemediation

Level 4
Verified
Well-known
Jun 22, 2020
157
I’m sorry, but what exactly do you mean by Linux being a more “low level” system? Can you explain what that entails? And what is this Windows kernel encapsulation you’re talking about? Because googling “windows kernel encapsulation“ doesn’t yield any documentation. My concern is that you are retelling 2nd hand information you got somewhere and making wrong assumptions about what you’ve been told. This is dangerous when it comes to people looking for security advice.
If android is linux, and did you know how attacked the system is?, it receives more attacks than windows itself. Android has more security holes than Windows.
Whether the Windows kernel is encapsulated. You can't get access to it.
 

RansomwareRemediation

Level 4
Verified
Well-known
Jun 22, 2020
157
Your response looks to be based on speculation, much like my response is based on. I see antivirus as mostly useless, especially paid versions, because of the numerous False positives they present. Risk vs reward with a paid AV is not worth it, because most careful home work station users will never need it. It's basically a waste of hard earned money.

I've used many flavours of Linux over the years, without any paid security products, and for my requirements, it has never once been compromised by malware. Luck or because of mostly end-user common sense, as well as the way I secured it with its built-in security features? I'd say the latter. Using Windows, I was compromised by malware on at least three occasions, mainly due to my own cavalier actions, and not because of a weakness in Windows.
Most of the people who make malware make it on Linux, for Windows, for what reason? because it is the most used system. Just because you haven't used an antivirus doesn't mean it's useless. It's like getting in a car and never wearing a seat belt and saying because I've never been in an accident, it's not worth using it. Well on the internet it's the same. It is not recommended to navigate without protection. Linux is a system used by few people (leaving aside android). It is normal not to receive attacks. But what would happen if Microsoft was the one that nobody uses and Linux was the most used? It would be a linux malware strainer, the number of people dedicated to making security changes in linux is low, it is free software to start with. A free software will never be at the level of a paid one. That is my humble opinion.
Greetings.
 

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
457
This might help:


The gist is that most don't have the time or the knowledge to tweak with systems, fix problems themselves, etc., so they look for something that meets their needs (which include using things like MS Office and Adobe products) and that can work especially during mission-critical phases, plus allow them to do leisurely things like buy online, watch videos, and play games. In addition, they want to use the latest device, component, hardware, software, game, etc., especially with new features and services offered by various companies.

Meanwhile, all operating systems are vulnerable, malware developers usually target those that are used most, and to deal with them software developers have to continuously patch, especially given new vulnerabilities created when new features and/or hardware are added, etc.

That means most want operating systems that can run the latest software and hardware and the most popular software and hardware, that have readily available technical support, and that are regularly patched for maintenance, new software, hardware, and features, and against vulnerabilities. These cost money.

They might not work against new malware, so protection is needed. The cost for several devices can be almost the equivalent of buying one hard drive every year or so. Sometimes, there are promos, but prices still go up eventually.

For privacy, technical support always leads to a lot of intrusion, especially when damage involves the operating system. Sometimes, problems might involve a program that you installed for various personal files.

For similar reasons, security programs are intrusive, too, and free versions are used to monetize.

In short, what you should use will depend on how much time, skills, and money you have to deal with problems yourself, and that can including moving from one OS to another if the one you're using gets abandoned, etc.

Similarly, if you move to an OS that you're less familiar with, then you will have to do a lot of research and preparation for the move. For example,


Finally, I remember asking this to Linux users, and I mentioned that many in my family are computer novices. They advised me to stick to Windows.
 

windows1064

Level 1
Jan 7, 2020
23
Daniel Micay (Founder of GrapheneOS):
The Linux kernel is a security disaster, but so are the kernels in macOS / iOS and Windows, although they are moving towards changing. For example, iOS moved a lot of the network stack to userspace, among other things.
The userspace Linux desktop software stack is far worse relative to the others. Security and privacy are such low priorities. It's really a complete joke and it's hard to even choose where to start in terms of explaining how bad it is.

Interesting discussion.
 

Stenographers

Level 2
Thread author
Nov 11, 2022
48
There are low-level and high-level systems. The low level means that the system is direct with the hardware. The high level is normalized, and there is an intermediary between the hardware and the system. When you install linux and windows at the same time. Linux is prioritized in the system and it is he who gives the pass to windows to work. It uses grub which is the linux launcher to allow me to start windows.
I'm going to take that with a heavy pinch of salt. Are you trying to talk about virtualization based security in Windows? Because Linux applications do something similar to that, but instead of abstracting system components into HyperV VMs it uses namespaces and cgroups to isolate the application. Both Linux and Windows, via different layers of abstraction, interact with the hardware directly. That is what the kernel does in both OS's. Grub has nothing to do with this. That is one option of a bootloader for computers in general. Has nothing to do with virtualization based security or abstraction. Please stop perpetuating false information, it can mislead people into unsafe configurations and bad security decisions.
 

RansomwareRemediation

Level 4
Verified
Well-known
Jun 22, 2020
157
I'm going to take that with a heavy pinch of salt. Are you trying to talk about virtualization based security in Windows? Because Linux applications do something similar to that, but instead of abstracting system components into HyperV VMs it uses namespaces and cgroups to isolate the application. Both Linux and Windows, via different layers of abstraction, interact with the hardware directly. That is what the kernel does in both OS's. Grub has nothing to do with this. That is one option of a bootloader for computers in general. Has nothing to do with virtualization based security or abstraction. Please stop perpetuating false information, it can mislead people into unsafe configurations and bad security decisions.
false information???
Linux and Windows work differently:
Windows runs at a high level with an encapsulated NT kernel.
Linux runs at a low level with a free kernel of the monolithic type.
Greetings.
 

piquiteco

Level 14
Oct 16, 2022
634
I've used many flavours of Linux over the years, without any paid security products, and for my requirements, it has never once been compromised by malware.
If you have used many types of Linux distro over the years, without any security product and you have never been compromised by malware, how can you claim this if you had no security product installed to analyze it? I think you better review your concepts about malware for linux. Feel free to read this article. ;)
 
Last edited:

Brahman

Level 16
Verified
Top Poster
Well-known
Aug 22, 2013
794
Thare is no point in arguing about which came first the egg or the chicken. If you believe security is a feature of your preferred operating system, then God save you and your system. Security is not a feature which you can add or remove to your os, it's a set of practices that either you or your system admin chooses to deploy on your system. Consider the the case of a linux server with an open ssh port, no matter how secure your kernel/os is you are an open book to the wide open world, likewise consider a windows installation without updates for a long time, no matter what you do the system is vulnerable to an outside attacker. In both these cases the practices adopted by the end user is what compromised the system. So it all depends on the ultimate user action that makes the system secure.
 

wat0114

Level 11
Verified
Top Poster
Well-known
Apr 5, 2021
514
If you have used many types of Linux distro over the years, without any security product and you have never been compromised by malware, how can you claim this if you had no security product installed to analyze it? I think you better review your concepts about malware for linux. Feel free to read this article. ;)

I need a more compelling reason to take an article like that seriously, when the author simply states that attackers can plant bad software on your system without your knowledge, but does not explain how they can do so. Btw, I've used many Linux distros over the years, utilizing primarily built-in security to protect them.

EDIT

The author's advice is probably geared toward servers rather than home work stations..
 
Last edited:

Stenographers

Level 2
Thread author
Nov 11, 2022
48
false information???
Linux and Windows work differently:
Windows runs at a high level with an encapsulated NT kernel.
Linux runs at a low level with a free kernel of the monolithic type.
Greetings.
Then it should be easy for you to find supporting Microsoft documentation that talks about kernel "encapsulation" or what level it operates at. For reference I've read this book, Windows Internals Book - Sysinternals, and it doesn't talk about kernel "encapsulation" nor does it cite the Windows kernel operating at a high level. Or maybe you can help me understand what you mean by high and low level? Perhaps I'm just misunderstanding something?
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,447
ChatGPT answer @Stenographers


As of my knowledge cutoff in September 2021, there is no specific term or concept known as "Windows kernel encapsulation." It is possible that this term may have emerged or been introduced after my knowledge cutoff date.
However, based on the term itself, "kernel encapsulation" could refer to the practice of isolating or encapsulating the kernel of the Windows operating system. The kernel is the core component of an operating system that handles low-level operations and provides essential services to applications and other system components.
In modern operating systems like Windows, the kernel is typically protected and isolated from user-level processes for security and stability reasons. This is achieved through various mechanisms such as process isolation, memory protection, and privilege separation.
Encapsulation, in this context, may refer to the process of providing a boundary or barrier between user-level processes and the kernel. It ensures that user-level programs cannot directly access or modify sensitive kernel resources without going through controlled interfaces and mechanisms provided by the operating system.
Please note that without more specific information about the context or any recent developments, it is difficult to provide a more detailed explanation. If this term has been introduced or has a specific meaning in a newer context, it would be beneficial to refer to the relevant documentation or sources for accurate and up-to-date information.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top