I still don't understand security on Linux.

[Debian_SuperUser]

It's been I think over an year since I have been fully using GNU/Linux. But even till this date I don't understand the security part of it.

The major reason of me hating Windows is it's performance. And that includes Microsoft Windows Defender or any other Anti-malware software that you would be running. If you disable Defender and not have any other Anti-malware software running, Windows actually becomes much more usable for me.

This doesn't seem fair when I state that GNU/Linux is better in terms of performance, as I do not have any Anti-malware software running. But I wanna know, why?

The main reason I found by searching for it is that GNU/Linux has very little market share and just isn't the target for attackers, and GNU/Linux users are going to be at least somewhat knowledgeable in computers and wise so they are less likely to fall for it. But in my opinion,
a) What about browser related attacks such as cookie stealing? Browsers can be cross platform.
b) Some other cross platform ways or writing the malicious code for cross platform so that it could target GNU/Linux users as well.
c) GNU/Linux is used widely on servers, and so attacks for them could also affect us (that's why critical servers do have Anti-malware service running). For example, backdoor in operating system itself, though that is something very looked out for, but it could happen.
d) Directly targeting a GNU/Linux system, as the GNU/Linux market share rises.

You know what? Keep all of this aside. First somebody explain this to me. Why is the range of sudo so large? Why is it that sudo is required for a program to write something in the root's folder, to install a necessary package system wide, sometimes a necessary to properly launch (those programs are bad), or to read some information such as from hardware, and that at the moment the root access is granted, it has the ability to wipe or encrypt my entire drive? No, I actually don't understand this, and don't know how I haven't been affected and didn't get my drive wiped till now. This makes so no sense that it feels like I am missing something.

So as a conclusion from my understanding, you do need a security software on GNU/Linux, but you are as okay without it as I have been okay all these years with even Defender disabled on my other system running Windows and my parents have been using it, and now recently that I think about it, I am definitely gonna change that and enable Defender, even if it comes to my laptop screaming with it's fan and slowing down, but my parents don't care, but I will have some setting or a dual boot when I need to use it (I just can't use Windows in that state). Basically you aren't full proof on Linux without a security software, are you?

 

[KGIII]

GNU/Linux has very little market share

Only on the desktop. It dominates everywhere else.

I'll let others address the rest, as I have company.

 

[The Duck]

This may explain.

Security in Linux Mint and Ubuntu: an Explanation and Some Tips

Easy tips, tweaks and tricks for Linux Mint and Ubuntu, both for beginners and for advanced users. Complete starter's guide with simple how-to's.

easylinuxtipsproject.blogspot.com

I recommend this.

Firejail

security sandbox

firejail.wordpress.com

 

[AlphaObeisance]

I had to stop reading at "market share". While windows dominates the PC market, Linux is an absolute shot caller server side. A moderately reasonable blanket statement to be made for the sake of simplicity is that the VAST majority of the internet you browse every day is hosted by..... linux servers.

Now heres the kicker.... There's very..... very little difference between Server Linux and "Desktop" linux. The only notable difference is that of a Desktop Environment of some sort being present on a "desktop" Linux System that helps you visually navigate the system instead of being stuck to TTY.

I'm quite confident that every government agency known to man uses Linux, and conduct operations from the Linux environment. So they're obligated for their own security to contribute to the Linux Kernel to ensure the risks to their systems is minimal at best.

I'm going to rejoice the day desktop users realize that Linux Desktop is really just a Linux server with a shiny coat of paint.

I'm not going to bother trying to elaborate; as it's already been done. And even if I did, I'm not confident it would make sense with the limited knowledge the OP has on the system.

 

[Brickwizard]

I don't understand the security part

Linux is inherently more secure than windows[ if it was not, then all experienced users would be ramming different add-ons down your throat]
Do you need a third party fire wall, NO the Linux firewall works well enough
If you're a conspiracy theorist, then you can always use anonsurf or a tor browser, or better still sandbox any apps that have internet access.

But with all these things, NO operating system will ever be 100 % secure if you want to use the internet, and as long as the weakest link is between the seat back and keyboard

 

[ron.alan]

Keeping your browser, whichever one you use, up to date, along with using common sense while browsing the internet, should be enough to keep you safe from browser vulnerabilities. Keep your OS up to date as well. And if you haven't already, read The Duck's first link (in the third post); I highly recommend that website. AVs are not necessary on a Linux desktop installation.

 

[CaffeineAddict]

a) What about browser related attacks such as cookie stealing? Browsers can be cross platform.

Linux is not better in this regard, both Windows and Linux suffer the same way, you as a user need to be careful.

b) Some other cross platform ways or writing the malicious code for cross platform so that it could target GNU/Linux users as well.

Not true, cross platform malware still works differently on Linux vs Windows, Linux is better here.

c) GNU/Linux is used widely on servers, and so attacks for them could also affect us (that's why critical servers do have Anti-malware service running). For example, backdoor in operating system itself, though that is something very looked out for, but it could happen.

Only a bad Admin could introduce a malware into Linux, or an unskilled user.

d) Directly targeting a GNU/Linux system, as the GNU/Linux market share rises.

Market share of Linux may increase but security features of Linux won't change or make Linux worse than Windows.

You know what? Keep all of this aside. First somebody explain this to me. Why is the range of sudo so large? Why is it that sudo is required for a program to write something in the root's folder, to install a necessary package system wide, sometimes a necessary to properly launch (those programs are bad), or to read some information such as from hardware, and that at the moment the root access is granted, it has the ability to wipe or encrypt my entire drive? No, I actually don't understand this, and don't know how I haven't been affected and didn't get my drive wiped till now. This makes so no sense that it feels like I am missing something.

sudo is another name for "I know what I'm doing, give me full control over OS".
if you're unsure about that don't use sudo.
sudo is like Administrator in Windows or NT SYSTEM account.

So as a conclusion from my understanding, you do need a security software on GNU/Linux

Linux has plenty of security software, but AV is not one of them as it's not really required, those few Linux based AV's are rather bad, much worse than Windows AV's because very few firms make signatures.

---

Bottom line, Linux security depends on user a lot, security software can't help careless user at all.

 

[Mike-BTU]

I had to stop reading at "market share". While windows dominates the PC market, Linux is an absolute shot caller server side. A moderately reasonable blanket statement to be made for the sake of simplicity is that the VAST majority of the internet you browse every day is hosted by..... linux servers.

Now heres the kicker.... There's very..... very little difference between Server Linux and "Desktop" linux. The only notable difference is that of a Desktop Environment of some sort being present on a "desktop" Linux System that helps you visually navigate the system instead of being stuck to TTY.

I'm quite confident that every government agency known to man uses Linux, and conduct operations from the Linux environment. So they're obligated for their own security to contribute to the Linux Kernel to ensure the risks to their systems is minimal at best.

I'm going to rejoice the day desktop users realize that Linux Desktop is really just a Linux server with a shiny coat of paint.

I'm not going to bother trying to elaborate; as it's already been done. And even if I did, I'm not confident it would make sense with the limited knowledge the OP has on the system.

I mostly like this. However, may I point out that a Linux desktop box is not really just a Linux server with a shiny coat of paint.

I don't know about your desktop, but in order to make mine into a public web server, I would have to:

1. Install a lot of packages
2. Configure the firewall to accept incoming requests, on the right ports and with the right security measures.

That, my friend, is vastly understated. Someone else can expand on this if they like.

 

[AlphaObeisance]

I mostly like this. However, may I point out that a Linux desktop box is not really just a Linux server with a shiny coat of paint.

I don't know about your desktop, but in order to make mine into a public web server, I would have to:

1. Install a lot of packages
2. Configure the firewall to accept incoming requests, on the right ports and with the right security measures.

That, my friend, is vastly understated. Someone else can expand on this if they like.

Oh I'm aware, I was speaking generally because I don't feel that elaborating would do any good...

Linux is Linux. Either you install tools and utilities useful for a "desktop" experience, or you install tools, utilities and databases required for it to act as a "server". I'm trying to speak in laymans terms for the sake of simplicity here.

But, i wouldn't know anything of hyervisors and servers n what nots

 

[Mike-BTU]

Oh I'm aware, I was speaking generally because I don't feel that elaborating would do any good...

Linux is Linux. Either you install tools and utilities useful for a "desktop" experience, or you install tools, utilities and databases required for it to act as a "server". I'm trying to speak in laymans terms for the sake of simplicity here.

But, i wouldn't know anything of hyervisors and servers n what nots

Well then, I'm glad that I didn't go into detail and find that I wasted my time.

 

[Condobloke]

The biggest source of Security...is YOU
Read this:
The permission-based structure in Linux prevents regular users from performing administrative actions because each app needs authorization by the superuser (root) before it’s executed. This barrier makes it difficult for any virus to sneak into the system and make disasters.

Without being a root, you won’t be able to run/install new programs on Linux. Only the superuser has the privilege to access all files in the system.

Linux does not process executables without explicit permission as this is not a separate and independent process. So you’ll have to chmod +x a file before running it.

On Linux, it is harder for the virus to get system-level access. This is because the root account owns system-related files. Therefore, if infected, viruses can be easily removed as they can only affect the user account where they were installed and do not affect the root account.

In other words, the Linux architecture makes it almost impossible for a virus to do anything. This is one of the main reasons we still don’t need antivirus software on Linux.

Also...a GOOD read

Linux Security Uncovered: Open Source, User Privilege, and Defense Tactics

The Android platform is versatile, user-friendly, and adaptable, yet attention to updates is key for optimal performance.

linuxsecurity.com

------------------------------------------------------

And then, have a read of this:...

Security in Linux Mint and Ubuntu: an Explanation and Some Tips

Easy tips, tweaks and tricks for Linux Mint and Ubuntu, both for beginners and for advanced users. Complete starter's guide with simple how-to's.

easylinuxtipsproject.blogspot.com

------------------------------------------------------------------
get your head around the processes used to shield the operating system.

They appear to be trivial....and in many ways they are.... Simplicity done with a touch of Genius

 

[bob466]

It's not hard to understand...

1. Enable the Firewall
2. Keep your system up to date
3. Don't do anything stupid

 

[MikeRocor]

It's not hard to understand...

1. Enable the Firewall
2. Keep your system up to date
3. Don't do anything stupid
View attachment 24786

Yeah, I remember a time once when I didn't do anything stupid.

 

[CaffeineAddict]

It's not hard to understand...

1. Enable the Firewall
2. Keep your system up to date
3. Don't do anything stupid
View attachment 24786

4. Run aide prior and after every software upgrade to see if system files were modified beyond upgrade.
5. Install as few software as possible to reduce attack surface to minimum.

 

[kc1di]

This page is one of the most comprehensive I've found.
If your really worried about security There are many tips here that will help. Some are geared toward servers.
Good luck.

Linux Security Stats, Tools, and Best Practices | phoenixNAP

With more than half of the internet being powered by Linux, security is a great concern. Learn how to protect your Linux system today!

phoenixnap.com

 

[gvisoc]

Everything is relative. You may not have a malware scanner running, but you definitely have components that are actively mitigating attacks and network scans while we speak, and that are very deeply integrated in the system, such as the firewall (ip_tables or firewalld cover all systems I know).

On top of that, you have either AppArmor or SELinux enforcing security policies to sandbox what applications can do on the systems, and more is being developed for applications that run on Flatpaks and packaging systems like that.

It's all more embedded in the system, but it's not actively scanning so deeply all the file activity like something such as Windows defender would do.

However, all that goes down the drain if you run a malicious script with sudo.

I think that (and this is a hot take) what makes Linux more secure is the users it has so far. We usually trust only a few sources for the software we run, such as the official repository of the distributions, the projects' pages and perhaps flathub since they have implemented the origin verification. When / if Linux ever goes bananas and jumps to #1, we will see a lot more problems coming from users trying to do on Linux what they do on Windows, such as downloading random stuff from dodgy websites.

We don't have to go that far to see an example of a butchery:

This is going to happen all the time. People will get scammed, they will lose their dodgycoins, they will be contacted by a scam callcentre somewhere afar where they will scare them to share their desktop control,... all that.

 

[Condobloke]

Why is the range of sudo so large? Why is it that sudo is required for a program to write something in the root's folder, to install a necessary package system wide, sometimes a necessary to properly launch (those programs are bad), or to read some information such as from hardware, and that at the moment the root access is granted, it has the ability to wipe or encrypt my entire drive?

Sudo so Large?....by necessity. Think about it, ...if you run Linux without sudo, you and your pc will be infected to hell and back. If ROOT is infected, your system is GONE. Also necessary to actually launch some programs (NO those apps are not....bad !) Timeshift requires your password......with good reason. Do you want somebody having access to your daily snapshots which contain access to EVERY file on your pc ?....The moment root access is granted, a bond of trust is esteablished that it is YOU making changes, adding info, restoring backed up data etc etc etc.....NOT someone else.....because if they dont have the password they DO NOT have access. IT???what in hell is IT... (that has the ability to wipe or encrypt your drive)....That is bs....the only person who has the ability to do that is YOU.

you do need a security software on GNU/Linux, but you are as okay without it as I have been okay all these years with even Defender disabled on my other system running Windows

Really ?......run windows with even defender disabled......Seriously ??..... And this because your windows pc is running slow.......which tells me that your windows pc was already infected. The fact that you lost your cool and turned defender off, made the problem worse. Some of my experience is removing Malware from windows systems, and I can guarantee it was already infected. When you turned defender off, you opened the "gate"...to the Malware .....you gave it open access to everything on your pc...EVERYTHING. All data. Passwords. Bank accounts. Card Numbers. You name it they have it all.

By insisting that an password is used to access root in Linux, you are being safeguarded from that happening again. Do you see any topics here at Linux.org where people have been attacked by malware and their information/data has been stolen? ....Think about that.

It is possible for you to be hacked via your browser....but it is fairly rare. It usually results from someone not paying attention to the usual rules.....accessing sketchy sites (porn sites are notorious, because people are usually thinking about other things when they access a porn site)
What happens?....they click on a link....and the link is a trap. Their pc starts to misbehave...doing stuff it usually does not do. That is the start of being hacked. The best 'fix' for that is a complete reinstall. Another way is a link in an email. Click on an unknown link in an email....and it is more than possible your info will be gone....kapoof.
Usually the email is from an unknown source....and it may promise pics, nudes etc etc.....and this is the "encouragement" to open it.

Summary: it is not impossible for a virus to sneak onto the system and make a disaster.
But...it is unusual. The most common way it can happen is via your browser.
SO?....secure your browser.
You will find topic after topic here about browsers. Making them secure. Different people will go to different lengths to protect themselves. Some go way over the top....some do nothing. Finding the middle ground is something only you can do. ...There plenty of people who will help....they will give opinions. It is up to YOU to pay attention to someone you feel you can trust.....and to choose a browser that you can trust also.

Emails: Do you get a lot of spam emails ?....If you do, that is usually because your email address has been 'collected' from some sketchy site. It is then used to send you an email with a "bad link"......which they hope you will click on.......which gives them more access to your pc.
This might be why your windows became infected.

Basically you aren't full proof on Linux without a security software, are you?

Being fool proof on a system depends on who is sitting in the chair in front of the computer.
As I said earlier..... "Do you see any topics here at Linux.org where people have been attacked by malware and their information/data has been stolen?"
No.....you do not see that. Linux.org has 80,000 members+
I guess that means we have a good idea what we are talking about.

Calm down and re read what I have typed. Maybe a few times.

 

[theLegionWithin]

it's easy to keep a system virus/malware free - you use hot glue on all usb/ethernet ports, disable/uninstall all network devices, and never attempt to connect it to any network. rofl

but no, the reality is that if your system gets infected, it's your fault - something you did (knowingly or not)

 

[Vimmer]

The biggest source of Security...is YOU
Read this:
The permission-based structure in Linux prevents regular users from performing administrative actions because each app needs authorization by the superuser (root) before it’s executed. This barrier makes it difficult for any virus to sneak into the system and make disasters.

Without being a root, you won’t be able to run/install new programs on Linux. Only the superuser has the privilege to access all files in the system.

Linux does not process executables without explicit permission as this is not a separate and independent process. So you’ll have to chmod +x a file before running it.

On Linux, it is harder for the virus to get system-level access. This is because the root account owns system-related files. Therefore, if infected, viruses can be easily removed as they can only affect the user account where they were installed and do not affect the root account.

In other words, the Linux architecture makes it almost impossible for a virus to do anything. This is one of the main reasons we still don’t need antivirus software on Linux.

Also...a GOOD read

Linux Security Uncovered: Open Source, User Privilege, and Defense Tactics

The Android platform is versatile, user-friendly, and adaptable, yet attention to updates is key for optimal performance.

linuxsecurity.com

------------------------------------------------------

And then, have a read of this:...

Security in Linux Mint and Ubuntu: an Explanation and Some Tips

Easy tips, tweaks and tricks for Linux Mint and Ubuntu, both for beginners and for advanced users. Complete starter's guide with simple how-to's.

easylinuxtipsproject.blogspot.com

------------------------------------------------------------------
get your head around the processes used to shield the operating system.

They appear to be trivial....and in many ways they are.... Simplicity done with a touch of Genius

Great answer, this pretty much answers all questions related to OP's confusion.

However, I would like to add that none the operating systems are inherently secure: there have been big issues with a few hackers infiltrating linux systems over the years, yet it's the click-based computing that remains vulnerable to ppl installing viruses to a greater degree. They are targeting people who fall for browser scams, and yes they mostly target windows users. However, these same methods would work the same if people habitually used "sudo" at the command line to install software without thinking about what they were agreeing to. We're all too lazy to fully scrutinize the software we use and install, but I guess learning and gut reaction can prevent painful things from happening.

As far as secure installation of software on an operating system goes, it boils down to protecting a lot of the important directories from being effected by malicious software, both windows and linux distros make some sort of an effort to do this, even if you're generally safer on a linux machine.

 

[KGIII]

it's easy to keep a system virus/malware free - you use hot glue on all usb/ethernet ports, disable/uninstall all network devices, and never attempt to connect it to any network. r

Pfft... That only works if you stay home and vigilant at all times!

You've got to bury it in a 20' hole and then fill it with concrete if you want to keep it 100% secure! (You might want to break it apart first and scatter the bits in the concrete, just in case someone has an excavator.