Linux and Security: A simple analysis

A day like every other: You sit in a public room, open your laptop, and boot up your Linux operating system. When working in a tech-oriented environment, your operating system does not attract any attention, but if you are working in a public tea-room or in the train, the second you open up a terminal window, you have the attention of everyone around you. Why is that so?

Basically, nobody who is not technically skilled uses Linux. Even though developers of Linux are putting great efforts into making the system more user-friendly, it is still considered difficult to use and maintain. It is still easier to use a Windows or Mac OS X device, even though Linux devices offer big advantages in terms of privacy, customizability, and they supposedly are mostly malware free. Since 2015, Canonical Ubuntu does not recommend installing an antivirus because malware in Linux operating systems is so uncommon. In 2012, the Fedora Project claimed their operating system to be “virus free” [1]. However, when checking the Wikipedia article on Linux malware, one can see that Linux is not entirely malware free; and when digging a little deeper we find reports of giant Linux botnets, pumping malware into Windows computers, and other security nightmares.

Linux: The safest operating system?

Despite the news of malware reaching Linux operating systems, the system is still more secure than its competitors. This has multiple reasons, with the first being straight forward: Due to the small market share of Linux, it is rare to find a hacker which is ready to put effort into creating malware which will probably never spread widely. This is also one of the reason why there is more Windows than Mac malware. In 2017, Windows held a global market share of 81.9%, while OS X held 12.55%, and Linux only 1.47%. These big differences make it more lucrative for hackers to create malware for Windows devices rather than UNIX based systems.

However, it is not only the small market share that keeps Linux users safe, it is also the open source nature of Linux itself. Keeping software open source has many advantages. While educational purposes and the spreading of good ideas are more subtle advantages, it has also big ramifications for the security of your software. As the commonly known proverb “four eyes see more than two” states, making your source-code available for the public will make the discovery of errors faster. Security breaches within the Linux source code are often spotted within a very short period of time, and as everybody has the right to edit the source code and push updated branches, the errors are fixed in a matter of days and not weeks or months as for closed source operating systems. As a consumer, the most important thing is to keep your computer up-to-date by allowing updates, so you can benefit from the fast correction of errors.

Hardware vulnerabilities

Early this year, the whole IT industry was hit by two hardware vulnerabilities: Meltdown and Spectre. Linux system were affected in the same way every other system was affected, since the vulnerabilities targeted hardware directly. However, the security flaws were both fixed using software in Linux, as well as in Windows and macOS. The sole difference lies in the way it was fixed. Microsoft and macOS have their fixes under closed-source operation while the Linux fix (provided in the Linux-kernel version 4.15) is completely open source and was checked by the users in the active Linux community. This resulted in a more stable fix and as a result, Linux users suffer less performance impact than users of other operating systems.

Network security

Linux computers are as prone to breaches as Windows or macOS devices. Man-in-the-middle, denial-of-service attacks, and session hijacks are not dependent on the operating system but rather on the vigilance of the user and the network administrator. However, as Linux-users are generally technically skilled, they are more aware of the risks generated by networks and may pay closer attention to odd behavior of the browser or websites. This results in generally less cases of network breaches in Linux-devices.

Conclusion

The most important thing you should draw out of this text, is that Linux is as prone to security flaws as Windows or , but the flaws are usually uncovered and fixed faster than for other systems. Furthermore, having a smaller audience makes it less lucrative for hackers to write malware for Linux systems. Of course, there is still malware around, so you should always keep your operating system up-to-date and be vigilant while browsing the web. As Linux devices are vulnerable to network hacks, a summary how to protect yourself is listed below. It is not complete and should be extended with personal research.

Man-in-the-Middle attacks can be prevented by always using encrypted connections (e.g. https instead of http, Mozilla Firefox browser extension HTTPS everywhere ensures this automatically) and by paying attention to the security certificate of the website (You receive a warning from your browser if the certificate is not valid, do not ignore it). Session hijacks can be prevented by deleting or not allowing cookies and by using encrypted connections. The most secure thing is to use a trustworthy VPN while using public or large networks.

[1] M. Koch, "An Introduction to Linux-based malware," Sans Institute InfoSec Reading Room, pp. 1-25, 2015.