Yeah, would be nice to have some of the mitigations in Linux but in practice these are not needed when you don’t run malware on your system by default and keep the attack surface small. And if you do run malware or have the system full of crazy bloat (just look at the MSHTML exploit) then no amount of sandboxing or hardening is going to help you.
If the Linux desktop is used like Windows (downloading and running random malware from the internet as the default way to install apps) it is about as secure as Windows, meaning not at all…
Is this the fault of the Kernel developers and should they add a lot of security bloat that at best mitigates this issue a bit? I don’t think so.
Linux’s user base is small, so it isn’t a very attractive to malware developers.
Linux’ user base is huge and there were lots of malware for all kinds of devices, e.g. Linux routers. I think what you meant was that the market share for GNU/Linux on desktop devices is pretty small.
Linux’s userbase is mostly tech savvy people, who don’t do stupid stuff.
Both of these assumptions are false:
There’s a difference on being an active administrator of a Linux system and not even knowing you run Linux.
Tech savvy people do stupid stuff all the time, just nobody catches them doing it because most of the time they don’t go around telling people (they can usually fix it themselves).
Yes, I and hope the “the day of the Linux desktop” never comes due to this :D
Well, you can see what happens where this two does not hold with Linux, just looks at Android and ChromeOS.
Would the community jump on the mitigations/sandboxing side of things same way Google did?
Linux is secure thanks to they way it is used and developed. If you change the way it is used the whole security model changes and it would not be as secure as for example Android in the same use cases.
Yeah, would be nice to have some of the mitigations in Linux but in practice these are not needed when you don’t run malware on your system by default and keep the attack surface small. And if you do run malware or have the system full of crazy bloat (just look at the MSHTML exploit) then no amount of sandboxing or hardening is going to help you.
I think this has worked till now because:
Linux’s user base is small, so it isn’t a very attractive to malware developers.
Linux’s userbase is mostly tech savvy people, who don’t do stupid stuff.
But the question is, does it scale up if Linux became mainstream and popular among the tech illiterate?
If the Linux desktop is used like Windows (downloading and running random malware from the internet as the default way to install apps) it is about as secure as Windows, meaning not at all…
Is this the fault of the Kernel developers and should they add a lot of security bloat that at best mitigates this issue a bit? I don’t think so.
Linux’ user base is huge and there were lots of malware for all kinds of devices, e.g. Linux routers. I think what you meant was that the market share for GNU/Linux on desktop devices is pretty small.
Both of these assumptions are false:
Yes, I and hope the “the day of the Linux desktop” never comes due to this :D Well, you can see what happens where this two does not hold with Linux, just looks at Android and ChromeOS. Would the community jump on the mitigations/sandboxing side of things same way Google did?
Linux is secure thanks to they way it is used and developed. If you change the way it is used the whole security model changes and it would not be as secure as for example Android in the same use cases.