I honestly don’t know how to think about this. On one hand, it’s pretty cool that more and more users are giving the finger to Microsoft and switch to Linux.
On the other hand, Linux systems are gonna become a bigger target for cyberattacks or malware. I realise that I, as a regular person who isn’t on dodgy porn sites all day, probably have nothing to fear but still, I like my Linux lightweight and if they have to slap some antivirus on there… eh idk
Don’t fret! 95+% all servers on the internet run Linux so the attack vector has been there for ages. Follow best practices and your risk will remain low!
You’re right that the “back end” of Linux systems tend to be quite hardened.
It’s the desktop environments that are a concern when it comes to security hardening, IMO. Almost all servers have no DE installed so it’s not something enterprise has cared about.
How much effort has been put into security on DEs? I honestly have no idea, but so far there hasn’t been an enormous pressure to security harden them.
Shit, look at:
X11. It’s insecure by design, yet most distros still ship with it (understandably, since Wayland isn’t 100% yet).
packaged software runs as root during the whole installation period - this means that anything slipped into the install script will have full root privileges to do anything to your system. Flatpak does fix this, but normally-packaged software is still abundant.
any non-root program can change aliases in your bashrc or bash_aliases file. I.e. they can change “apt install” to some other nefarious command, or to point to a dodgy software repository, so that next time the user types “sudo apt install [XYZ]”, it downloads malware or does other nasty things.
I’m absolutely clueless about this stuff and I can come up with those potential attack vectors in seconds. Imagine what a proficient hacker could do, or a hostile nation-state.
I definitely think improvements will have to be made in terms of security, and we’re no doubt going to hear more about malware in the coming years. But it’s not an insurmountable problem, IMO. Distros and DEs will just take time to adapt.
100% there will be more malware and scams as Linux grows. In fact, it’s happening already.
Just look at there being multiple instances of cryptowallet theft on Ubuntu’s app store by devs uploading fake copies of crypto wallet managers.
And that’s before we even get onto DEs – and much of the desktop Linux stack in general – generally not being designed with security in mind, as it’s not been something they’ve had to worry about.
We will see more malware, more scams. We will see glaring security problems that were allowed to stay in place for years be exploited. We will see infighting in the Linux community over all of this stuff.
It is the price we must pay for being an increasingly relevant platform.
With any luck, more users will mean more contributors, more financial support for devs, and of course better security as a result of that - you only need to look at how much KDE Plasma has improved with support from Valve, and how much work Gnome has been getting done after Germany’s “Sovereign Tech Fund” contribution to see that even a little bit of support can go a long way.
I honestly don’t know how to think about this. On one hand, it’s pretty cool that more and more users are giving the finger to Microsoft and switch to Linux.
On the other hand, Linux systems are gonna become a bigger target for cyberattacks or malware. I realise that I, as a regular person who isn’t on dodgy porn sites all day, probably have nothing to fear but still, I like my Linux lightweight and if they have to slap some antivirus on there… eh idk
Don’t fret! 95+% all servers on the internet run Linux so the attack vector has been there for ages. Follow best practices and your risk will remain low!
Unfortunately there’s a lot more to it than that.
You’re right that the “back end” of Linux systems tend to be quite hardened.
It’s the desktop environments that are a concern when it comes to security hardening, IMO. Almost all servers have no DE installed so it’s not something enterprise has cared about.
How much effort has been put into security on DEs? I honestly have no idea, but so far there hasn’t been an enormous pressure to security harden them.
Shit, look at:
X11. It’s insecure by design, yet most distros still ship with it (understandably, since Wayland isn’t 100% yet).
packaged software runs as root during the whole installation period - this means that anything slipped into the install script will have full root privileges to do anything to your system. Flatpak does fix this, but normally-packaged software is still abundant.
any non-root program can change aliases in your bashrc or bash_aliases file. I.e. they can change “apt install” to some other nefarious command, or to point to a dodgy software repository, so that next time the user types “sudo apt install [XYZ]”, it downloads malware or does other nasty things.
I’m absolutely clueless about this stuff and I can come up with those potential attack vectors in seconds. Imagine what a proficient hacker could do, or a hostile nation-state.
I definitely think improvements will have to be made in terms of security, and we’re no doubt going to hear more about malware in the coming years. But it’s not an insurmountable problem, IMO. Distros and DEs will just take time to adapt.
100% there will be more malware and scams as Linux grows. In fact, it’s happening already.
Just look at there being multiple instances of cryptowallet theft on Ubuntu’s app store by devs uploading fake copies of crypto wallet managers.
And that’s before we even get onto DEs – and much of the desktop Linux stack in general – generally not being designed with security in mind, as it’s not been something they’ve had to worry about.
We will see more malware, more scams. We will see glaring security problems that were allowed to stay in place for years be exploited. We will see infighting in the Linux community over all of this stuff.
It is the price we must pay for being an increasingly relevant platform.
With any luck, more users will mean more contributors, more financial support for devs, and of course better security as a result of that - you only need to look at how much KDE Plasma has improved with support from Valve, and how much work Gnome has been getting done after Germany’s “Sovereign Tech Fund” contribution to see that even a little bit of support can go a long way.
The best protection against malware is closing the security flaws they typically abuse to make them work in the first place.