Aside from the new theme, the included video editor, and the new social media client in the latest release of Ubuntu, there is one feature that I believe can win in any argument for Linux - security.
For the longest time, Unix based software such as Mac OS X, BSD, and Linux have had very good security settings and procedures, and have not been targets for the common malware, viruses, and trojans which plague the windows operating system. In many Linux versus windows arguments, the fact that Linux can not get viruses has been brought up, and to an extent that is completely true. It's not just that attackers only write viruses that target windows machines, but that the active development, open nature of the source, and basic methods of the operating system has made *NIX platforms safest for the home user.
First of all, because Linux systems, from the software all the way down to the kernel, are completely open source, the code is under constant surveillance and fresh, new eyes that watch out for things that might trigger buffer overflows or exploitable memory leaks. The code is much more hardened than that of closed source systems because they have a limited set of coders and a very broad audience, some of which is searching deliberately for breaks in code in which to take advantage of. Little quirks in powerfully dangerous things such as activeX scripts and even things as common as Adobe Reader are quickly broken by hackers. A few weeks after the exploit is found, code is quickly written and launched through file sharing sites and black box web servers to be consumed by the general public. If the exploit is executed correctly, millions of machines will be effected before large security firms begin to catch on to it. Even if it is caught, it could be months before the bug which caused the original exploit to be reported and fixed by a company.
Next, the super user hierarchy in *nix systems prevent malicious scripts from doing anything... well malicious to the core system. Permissions and binaries are locked down, modifiable only by the root user - which by default is completely disabled in modern Linux desktops. Now don't get me wrong - a system can still be hacked into, given that services such as ssh, vnc, and ftp are running on a system. Weak passwords are 70% of the cause - however a general rule of thumb is that if someone has enough knowledge to launch systems like ssh, they will know to use complex passwords and systems like denyHosts to secure it.
Finally, Ubuntu has become more secure because of a new feature called /usr/bin/cautious-launcher. This is the default in which a file with any sort of executable extension, such as potentially dangerous executables which could be run by WINE. An (not)- emulator doesn't exactly constitute a need for anti virus: A virus run in wine would be jailed to the home directory, and would be very confused by the bulletin libraries. Additionally, the virus would be dead by the next restart, as there is no model in wine that lets programs run themselves at start-up. Such actions can only be configured by the user or by natively installed software*.
So the basic security requirement in the latest version according to https://wiki.ubuntu.com/
is the setting of an executable bit on all files with potentially executa
ble extensions, but only if the file in question resides in either the /home or /temp directory. cautious-launcher's job is to check a file's permissions, and if the executable bit is missing, it warns the user and instructs them on how to make the file executable. This has increased the desktop security of Ubuntu dramatically, and in addition to systems such as the SeLinux kernel, have made desktop Linux even more attractive to the security minded.I don't know about you, but I have enjoyed not needing to buy any security software suite for the past seven years.
*note that software can only be installed in Ubuntu either through the software centre and PPAs, which are signed and verified with RSA public key authentication, with deb files which also have a signing algorithm, or manually by compiling from source (expert). All software install procedures require super user privileges.
No comments:
Post a Comment