View previous topic :: View next topic |
Author |
Message |
Fitzcarraldo Advocate
Joined: 30 Aug 2008 Posts: 2038 Location: United Kingdom
|
Posted: Tue Feb 07, 2017 10:42 am Post subject: Gentoo Developer: Is Linux Desktop Less Secure Than Windows? |
|
|
Phoronix wrote: | Gentoo Linux developer Hanno Böck, who also writes for Golem and runs The Fuzzing Project as a software fuzzing initiative to find issues in software, presented today [5 February 2017] at FOSDEM 2017 over some Linux desktop security shortcomings and how Microsoft Windows 10 is arguably more secure out-of-the-box. |
Gentoo Developer: Is The Linux Desktop Less Secure Than Windows 10?
And the slides from the presentation. _________________ Clevo W230SS: amd64, VIDEO_CARDS="intel modesetting nvidia".
Compal NBLB2: ~amd64, xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC systemd-utils[udev] elogind KDE on both.
My blog |
|
Back to top |
|
|
chithanh Developer
Joined: 05 Aug 2006 Posts: 2158 Location: Berlin, Germany
|
Posted: Tue Feb 07, 2017 11:20 am Post subject: |
|
|
Ugh, the usual quality Phoronix article...
Quote: | So Hanno Böck's argument for the Linux desktop being less secure than Windows being that the automatic indexing of files under Linux has "a lot of questionable quality parser code" and that there isn't this behavior on Windows by default, but that Windows users generally are running anti-virus software too. An exploit with Ubuntu's Apport bug reporting tool was also pointed out and that more must be done to improve the Linux desktop security. | What's this even supposed to mean?
I was at Hanno's talk (which was excellent btw) and I am under the impression that he carefully avoided giving a definite answer to the question in the title.
Yes, Antivirus software makes you less secure (news at 11).
Yes, running complex parsers on any content you encounter on the Internet is bad (not surprising either).
If you don't do either, your attack surface will be small. |
|
Back to top |
|
|
Wallsandfences Guru
Joined: 29 Mar 2010 Posts: 378
|
Posted: Tue Feb 07, 2017 5:37 pm Post subject: |
|
|
Thanks for bringing that up. I'll definitly look into securing my desktop and system via gentoo hardened. |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Tue Feb 07, 2017 5:54 pm Post subject: |
|
|
It appears from the link that the discussion was about GNOME and KDE rather than desktops in general or X11. Since both of these are trying to clone Windows via systemd, I'm not surprised. Is fluxbox as vulnerable? |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8965
|
Posted: Tue Feb 07, 2017 6:18 pm Post subject: |
|
|
@Tony0945: Empty words unless you bring up any part of Plasma-5 that depends on systemd.
You completely miss the point, the slides do not mention systemd one single time. Vulnerable libraries can affect every system; automatic indexing/parsing that depends on these libraries multiplies the attack surface. Plasma and Gnome are two widely used examples that use such indexing by default. |
|
Back to top |
|
|
ct85711 Veteran
Joined: 27 Sep 2005 Posts: 1791
|
Posted: Tue Feb 07, 2017 8:07 pm Post subject: |
|
|
The other weakest point in any operating system (doesn't matter if it's Mac, *nix, or windows) is going to be the human component. Passwords has always been, and for a long time will still be, the most common weak point. All of this is because we all are terrible on remembering passwords and have to use something to aid us to remember all of them. |
|
Back to top |
|
|
steveL Watchman
Joined: 13 Sep 2006 Posts: 5153 Location: The Peanut Gallery
|
Posted: Tue Feb 07, 2017 8:47 pm Post subject: |
|
|
phoronix wrote: | So Hanno Böck's argument for the Linux desktop being less secure than Windows being that the automatic indexing of files under Linux has "a lot of questionable quality parser code" |
Ah, good old semantic-craptop.. ;)
OTOH, admins have been using {m,}locate for decades now, without major issues to my knowledge. You have a choice there, even on a bindist since the cronjob has to be enabled/can be disabled. |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8965
|
Posted: Tue Feb 07, 2017 8:50 pm Post subject: |
|
|
steveL wrote: | Ah, good old semantic-craptop.. |
I feel even better now for making it build-time optional and getting that upstreamed.
steveL wrote: | OTOH, admins have been using {m,}locate for decades now, without major issues to my knowledge. |
Well, mlocate does not index metadata, that's the whole point of tracker and baloo. |
|
Back to top |
|
|
steveL Watchman
Joined: 13 Sep 2006 Posts: 5153 Location: The Peanut Gallery
|
Posted: Tue Feb 07, 2017 9:54 pm Post subject: |
|
|
asturm wrote: | I feel even better now for making it build-time optional and getting that upstreamed. |
kudos. |
|
Back to top |
|
|
rob_dot_p n00b
Joined: 28 Jan 2017 Posts: 30
|
|
Back to top |
|
|
|