- Oct 3, 2022
- 521
Stronger Permission System: Linux enforces stricter user permissions and access controls, making it more difficult for malware to gain unauthorized access or cause widespread damage.
Linux generally has a smaller attack surface due to its modular design Linux allows users to install only the necessary components and software packages. This minimizes the number of active services, libraries, and drivers, reducing potential entry points for attackers. In contrast, Windows often comes bundled with numerous pre-installed features, some of which may be unused and vulnerable. In particular, Windows 11 Pro comes with a lot of legacy technologies to remain compatible with software built for OS of distant past like Windows XP. Legacy means it is unchanged with the same vulnerabilities as before.
Snap packages are containerized applications that run in their own isolated environment. They come with pre-defined security policies that restrict their access to the rest of the system. For example, Firefox, the default browser comes as a snap. Edge on the other hand, is not compartmentalized. Chromium also comes in a snap package.
AppArmor is a mandatory access control (MAC) system that confines individual programs to a limited set of resources. It is enabled by default on Ubuntu. You can restrict any program to the directories it can access, the code libraries it can access, and devices it can access. The DLL side loading attack is mitigated. But it requires configuration. But configuration is easy, and we all do configuration for security matters here at MT.
Windows also comes fixed with a set of services which you cannot un-install, can not further protect. Ubuntu on the other hand uses systemd service manager which was designed with options which allows administrators to restrict access to the system like kernel modules, kernel options, home directories and devices. Reducing services minimizes attack surface. Service constriction further limits attack vectors.
Ease of use and familiarity argument. Ubuntu COPIES the common UI features of Windows. For everyday general use, the effects of lack of familiarity is minimal. The menu items like Cut, Copy and Paste are the same on both sides. There is still a start menu and all apps menu.
The common perception that Linux is primarily command line is no longer valid. There is no daily usage things in Ubuntu that solely Requires you to use the command line. You do not need to know that ls means dir, there is a File Manager. The common commands like netstat, and ping are available on both. The command line argument is negated because we already know the commonly used commands on both sides. You can cite the Linux command chmod as a security command that needs to learned, but you can change that with File Manager and you don’t need to learn that. You can cite the Linux command chown which changes the owner of a file, but in Windows we have a similar command takeown. Small differences like that can be easily learned because it is not a radically alien concept. And that about sums up all the commands I frequently use to configure security.
The ease of use argument is also used because some familiar applications are not available in Ubuntu. But are we born to know how to use VLC. We learned that. And features are Copied from one app to another, like how all browsers now have tabs. Not to mention that VLC is also available in Ubuntu. Developers borrow features from Windows apps. The thing to consider is what broad class of app is entirely not available to Ubuntu – not many. And there are new features and new benefits which comes with each app that will make sense to adapt. We try out new things to find better ones don’t we?
Having competition and lots of choices only matters sometimes, when there are lots of cost required to mitigate inherent, difficult, accumulated flaws. But when the flaws are gone, the cost are gone too, then having many products and solutions don't matter. The remaining few security flaws are covered the open source way. The security foundation matters a lot. You shouldn't have to pay.
The security benefits are Many, and it requires little effort to migrate. Plus, security costs nothing in Ubuntu, imagine, no more yearly subscriptions to AV's.
I don't have a favorite OS. Changing OS may seem like a big deal. One has to consider addressing the root cause, the efficiency of the solution of the ongoing cost year after year even if you are a home user. And one has to weigh the sustainability of not having a long term solution - zero days will continuously appear - more so for Windows.
Linux generally has a smaller attack surface due to its modular design Linux allows users to install only the necessary components and software packages. This minimizes the number of active services, libraries, and drivers, reducing potential entry points for attackers. In contrast, Windows often comes bundled with numerous pre-installed features, some of which may be unused and vulnerable. In particular, Windows 11 Pro comes with a lot of legacy technologies to remain compatible with software built for OS of distant past like Windows XP. Legacy means it is unchanged with the same vulnerabilities as before.
Snap packages are containerized applications that run in their own isolated environment. They come with pre-defined security policies that restrict their access to the rest of the system. For example, Firefox, the default browser comes as a snap. Edge on the other hand, is not compartmentalized. Chromium also comes in a snap package.
AppArmor is a mandatory access control (MAC) system that confines individual programs to a limited set of resources. It is enabled by default on Ubuntu. You can restrict any program to the directories it can access, the code libraries it can access, and devices it can access. The DLL side loading attack is mitigated. But it requires configuration. But configuration is easy, and we all do configuration for security matters here at MT.
Windows also comes fixed with a set of services which you cannot un-install, can not further protect. Ubuntu on the other hand uses systemd service manager which was designed with options which allows administrators to restrict access to the system like kernel modules, kernel options, home directories and devices. Reducing services minimizes attack surface. Service constriction further limits attack vectors.
Ease of use and familiarity argument. Ubuntu COPIES the common UI features of Windows. For everyday general use, the effects of lack of familiarity is minimal. The menu items like Cut, Copy and Paste are the same on both sides. There is still a start menu and all apps menu.
The common perception that Linux is primarily command line is no longer valid. There is no daily usage things in Ubuntu that solely Requires you to use the command line. You do not need to know that ls means dir, there is a File Manager. The common commands like netstat, and ping are available on both. The command line argument is negated because we already know the commonly used commands on both sides. You can cite the Linux command chmod as a security command that needs to learned, but you can change that with File Manager and you don’t need to learn that. You can cite the Linux command chown which changes the owner of a file, but in Windows we have a similar command takeown. Small differences like that can be easily learned because it is not a radically alien concept. And that about sums up all the commands I frequently use to configure security.
The ease of use argument is also used because some familiar applications are not available in Ubuntu. But are we born to know how to use VLC. We learned that. And features are Copied from one app to another, like how all browsers now have tabs. Not to mention that VLC is also available in Ubuntu. Developers borrow features from Windows apps. The thing to consider is what broad class of app is entirely not available to Ubuntu – not many. And there are new features and new benefits which comes with each app that will make sense to adapt. We try out new things to find better ones don’t we?
Having competition and lots of choices only matters sometimes, when there are lots of cost required to mitigate inherent, difficult, accumulated flaws. But when the flaws are gone, the cost are gone too, then having many products and solutions don't matter. The remaining few security flaws are covered the open source way. The security foundation matters a lot. You shouldn't have to pay.
The security benefits are Many, and it requires little effort to migrate. Plus, security costs nothing in Ubuntu, imagine, no more yearly subscriptions to AV's.
I don't have a favorite OS. Changing OS may seem like a big deal. One has to consider addressing the root cause, the efficiency of the solution of the ongoing cost year after year even if you are a home user. And one has to weigh the sustainability of not having a long term solution - zero days will continuously appear - more so for Windows.
Last edited: