When a product becomes established and then becomes commonly used, myths about it quickly become “accepted truths.” That’s particularly true when the product has extremely vocal supporters and detractors.
That’s definitely happened with Linux. Those who love Linux are certain that it’s the most secure operating system available, while those who hate it guarantee that it’s an open invitation to security exploits.
Both of those positions are largely based on myths. Here’s our attempt to pull back the curtain on those myths and unveil the truth.
Detractors: Linux is insecure because it has open source code.
Transparency can be the best defense against exploits. Yes, it’s theoretically easier for hackers to look through Linux code to find a way in. However, thousands of developers and security experts work with Linux every day, not only modifying it for their own purposes but closely examining the source code for weak code, potential holes, and back doors.
Imagine trying to find all of the vulnerabilities in a Windows product before an imaginative hacker discovers just one of them and creates an exploit – it can’t realistically be done, because Windows source code is so closely guarded. On the other hand, the same weaknesses obvious to hackers are obvious to the “good guys,” and holes can be plugged almost immediately. Patches for Linux are often released within hours. How long does it take for Windows developers to uncover problems and then release patches for that platform’s newly-discovered vulnerabilities?
As Linux developer Linus Torvalds has said, “Given enough eyeballs, all bugs are shallow.”
Supporters: Hackers don’t create viruses for Linux because Windows is much more popular.
It’s true that Windows is far-and-away the most popular operating system for consumers. However, the dominance of Linux as a server operating system and its widespread use by commercial and government installations arguably make Linux systems much more attractive targets for those looking to do the most harm. There are certainly viruses and malware which have been created to attack Linux. (“I ain’t afraid of no GHOSTs!”)
Detractors: As more and more end users switch to variations of Linux, it is increasingly becoming more vulnerable.
We can’t say this is completely a myth. With new applications (particularly socially-oriented ones) being developed for those switching to products like Ubuntu and Mint, some of the exploits common for Windows or even iOS are definitely appearing for Linux as well. However, this is less an issue with the platform itself, and more a challenge to ensure that Linux is administered and operated properly. And the open-source nature of Linux will always work to make vulnerabilities less of a long-term issue than they are with Windows.
Supporters: Linux is virtually virus-proof.
Again, this isn’t completely a myth, because the architecture of Linux does often mitigate the damage that can be caused by malware; most users don’t have root access so system files are often protected from attacks at the user level. Additionally, Linux doesn’t support the .exe files often used to transmit viruses, and doesn’t use registries which are commonly the focus of attacks.
However, architecture isn’t all that comes into play on a Linux system – users also have a say in what happens. Someone opening an email containing a malicious file and then executing it is going to cause problems for any system, no matter what operating system it is using.
The bottom line: Linux, by its very nature, is more secure than Windows or Mac OS. However, no operating system is 100% invulnerable, despite the myths which may surround it. Regular updates and scans – and a huge dollop of user caution – are the only real ways to maximize system security.
