It's been I think over an year since I have been fully using GNU/Linux. But even till this date I don't understand the security part of it.
The major reason of me hating Windows is it's performance. And that includes Microsoft Windows Defender or any other Anti-malware software that you would be running. If you disable Defender and not have any other Anti-malware software running, Windows actually becomes much more usable for me.
This doesn't seem fair when I state that GNU/Linux is better in terms of performance, as I do not have any Anti-malware software running. But I wanna know, why?
The main reason I found by searching for it is that GNU/Linux has very little market share and just isn't the target for attackers, and GNU/Linux users are going to be at least somewhat knowledgeable in computers and wise so they are less likely to fall for it. But in my opinion,
Not entirely true there. While that is a part of the reason the bigger part is that in order to get malware you have to approve it. malware is not magic it is a program. Windows allows installs without any regard for user permission. Linux does not. You would have to supply authorization for install of software including malware. This is the bigger part of why linux is more secure. Windows is often targeted for reasons such as it is easy to target due to nearly non-existent security and because people don't like paying for everything on it so they take it on themselves to get back at M$.
a) What about browser related attacks such as cookie stealing? Browsers can be cross platform.
cookie stealing? sounds like sesame street cookie monster. Bottom line for browsers is that the browser is were security is not the OS.
b) Some other cross platform ways or writing the malicious code for cross platform so that it could target GNU/Linux users as well.
no system is perfect but malicious code has to have permission to install on linux. so unless you authorize it with your password each time it installs, it is not an issue. This does not include browser issues but browsers are not linux nor windows.
c) GNU/Linux is used widely on servers, and so attacks for them could also affect us (that's why critical servers do have Anti-malware service running). For example, backdoor in operating system itself, though that is something very looked out for, but it could happen.
You could also walk out your door and get hit and killed by a falling satellite. However it is not very likely. When you saw all those ransomware attack such as "wannacry" it only affected windows servers. those using linux servers were untouched. Reason is the same as before. It did not have permission. Nor would it be able to read linux. Malware has to be written for the OS it affects and no other.
d) Directly targeting a GNU/Linux system, as the GNU/Linux market share rises.
Linux is not windows. that is why it is better. But to target windows machine directly takes very little. To target Linux directly you need some serious knowledge and that means pissing off somebody that really knows their stuff. To make an analogy, a 3rd grader possesses the knowledge to cripple windows. It would take a college grad to do the same to Linux.,
You know what? Keep all of this aside. First somebody explain this to me. Why is the range of sudo so large? Why is it that sudo is required for a program to write something in the root's folder, to install a necessary package system wide, sometimes a necessary to properly launch (those programs are bad), or to read some information such as from hardware, and that at the moment the root access is granted, it has the ability to wipe or encrypt my entire drive? No, I actually don't understand this, and don't know how I haven't been affected and didn't get my drive wiped till now. This makes so no sense that it feels like I am missing something.
Sudo is the administrator. Windows has this also but they disable the account and hide it. In windows when you install you get that pop up that asks if it is ok to modify the drive. That is their version of sudo. You should not need to use the root to run programs. Just install. If you need root to run the program then most likely you have something wrong or you are just not understanding it. Windows can wipe you out with or without the administrator account, Linux can not. Windows is far better at wiping a drive by accident. I see it all the time at work. Usually the encryption gets turned on by MS without notifying the user and when something happens they have no idea what the key is or how to get and everything is lost. Linux will never do that without you expressly requesting the encryption.
So as a conclusion from my understanding, you do need a security software on GNU/Linux, but you are as okay without it as I have been okay all these years with even Defender disabled on my other system running Windows and my parents have been using it, and now recently that I think about it, I am definitely gonna change that and enable Defender, even if it comes to my laptop screaming with it's fan and slowing down, but my parents don't care, but I will have some setting or a dual boot when I need to use it (I just can't use Windows in that state). Basically you aren't full proof on Linux without a security software, are you?
nothing is fool proof. They are always inventing better fools. You do not need antivirus on linux, in fact the antivirus that exists on linux at this time is strictly to catch windows viruses so that you do not pass them along. The windows virus will not affect linux in any way. let me repeat, you do not need antivirus on linux as this time. There are no linux virus threats to worry about. Now only a fool will run windows without antivirus. Unless you never install new software, updates or use the internet. Windows is a virus haven. Running without antivirus is like leaving your front door open with a neon sign that say "Come in and destroy as you wish". Linux is like having a door with an automatic lock. antivirus for windows will only catch about 98% of viruses. does not matter which one you use and never never never never use more than one antivirus on windows. since windows had 400,000 viruses last I checked, 2% of that is 8,000 viruses that will go through the antivirus like it did not exist. Linux has I think 4 viruses that were made in labs in an attempt to see if it was possible. Those viruses need you to authorize them to install and do bad things and they do not spread. They kept to a lab.
You are correct in your self assessment. You do not understand linux security. I hope I gave you some beginner information and alleviate some of the concerns. If I was to summarize....
Windows... use an antivirus and be very very very careful in everything you do all the time.
Linux ... no antivirus needed, feel free to enjoy and do what you like just use some common sense and don't ignore warnings. In linux you have to provide password to do dangerous things each time. If you are not doing that but are asked for password, do not give it. Problem solved.
