Posted on 03/09/2020 12:34:26 PM PDT by TomServo
Which operating system has suffered the most vulnerabilities since around the turn of the millennium? That would be Linux, not Microsofts Windows, at least according to a freshly released report.
An analysis of the National Institute of Standards and Technologys National Vulnerability Database, compiled by Thebestvpn.com, tracked technical vulnerabilities in popular pieces of software between 1999 and 2019.
And Debian, a flavor of Linux, was top of the table with 3,067 vulnerabilities over the last two decades. Reasonably close behind was Android on 2,563 vulnerabilities, with the Linux kernel in third place having racked up a count of 2,357. Apples macOS was only slightly behind that with 2,212, with Ubuntu in fifth place on 2,007.
(Excerpt) Read more at techradar.com ...
Sorry, but this old canard was disproven years ago when someone designed and exploited a router vulnerability with the "Witty Worm", that had an estimated global target of 10-20k devices.
Also, with the prevalence of Android devices, which are essentially special-purpose Linux devices, I think you might find that these days there are actually more Linux devices in use than you might think. I've seen estimates that there are more of those extant these days than MS-windows systems, but I'm not confident in the sources.
Yes, and no. As a user, really all you can do is trash your user files. That's not such a bid deal because you do have backups don't you?
Many local exploits are essentially privilege escalations that will temporarily give root-like power to a program. This can be really bad news. This kind of thing isn't really that big a deal unless you're using a multi-user system, like in a datacenter or something. For personal workstations and such, it's not quite as bad as long as you trust yourself not to hack your own systems.
Remote exploits are the biggest threat, because someone can do bad things to you from anywhere in world. Of course, that's what firewalls are for and also why you don't run services that you don't need or use.
Not that I trust Wikipedia for much of anything, this at least seemed to be somewhat unbiased.
So I think this proves your point that Windows isn't the predominant OS. :-)
The exact google search phrase I used was "number of linux vs windows devices worldwide" which turned up a plethora of links saying Android was #1.
I'm happy to be objectively corrected.
File-less exploits are on the rise notably.
It's almost hard to believe isn't it? Of course, I'm barely willing to really call Android "Linux", even though it is based on the linux kernel and some services. The way most devices are configured just turns me off. I really figure a shell prompt is necessary for a 'real' linux box. I realize you can install bash/sh/ksh, but unless you're willing to root your device, which opens it up to other badness, you really can't do much with it. I pretty much live in X these days, but always have a prompt open for various things.
I don't keep anything "special" on my PC. I can download everything again, and I have my passwords written down.
I do. about 100GB of CDs that I'd have to re-rip. Pictures. Financials, and other stuff that I'd have to rescan. I have hardcopy of things that are really important, but the investment in time is significant. It's worth it to me to treat my computer seriously. I have quarterly offsite backups as well.
Exactly, if every Tom Dick and Harry used Linux there would more targeted malware and exploits showing up. The money is in exploiting the masses.
One thing I’ve noticed over my 20+ years in IT: Linux servers tend to be “left alone” while Windows servers are often over administrated. Windows admins have become so tuned to “Patch Tuesday” that they make sure everything is patched quickly. Linux admins often take the “it’s safe, it’s a Linux server” approach. I’ve seen RHEL servers go months between patches, and I’ll even admit that Ubuntu servers I have running in my lab go a few months between patches/reboots.
The secondary issue with this is that Microsoft is so under the microscope for every little transgression that they’ve had no choice but to be 100% transparent with their vulnerability patching. Meanwhile, Linux patches come and go, and unless there’s a secOps manager or auditor banging on findings, those systems aren’t prioritized.
This isn’t conjecture on my part. This is demonstrably true across at least a dozen companies I’ve worked under from finance to healthcare to government. I’m not saying that it’s the standard, but it’s true in sectors where it really shouldn’t be. This leaves very public CVEs wide open on Linux systems, making them easy targets.
You're either a dictatorial admin in your environment or completely naive to what your users are doing. I can't tell you how many times I've seen sudo granted to a developer just because they asked for it. I can tell you with 100% certainty they're just sudo -i when they login and doing everything from there.
I overall agree with your description. In fact one of the supporting arguments for Linux being inherently more secure is that even with rampant poor patching practices, the huge number of Linux servers facing the web and in enterprises are, by and large, not getting taken down/out very often.
That's no excuse for not patching, of course. Even Russian roulette is non-fatal 5 times out of 6.
A bootable thumb drive won’t work for me. I use the VMs for my job on my laptop. I need multiple systems to be available for my job, so I’ve got VMs on my laptop of Windows 7, Windows 10, Ubuntu, Kali and Red Hat Enterprise Linux.
It works just fine for me.
Mark
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.