Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Gentoo Developer: Is Linux Desktop Less Secure Than Windows?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
Fitzcarraldo
Veteran
Veteran


Joined: 30 Aug 2008
Posts: 1289
Location: United Kingdom

PostPosted: Tue Feb 07, 2017 10:42 am    Post subject: Gentoo Developer: Is Linux Desktop Less Secure Than Windows? Reply with quote

Phoronix wrote:
Gentoo Linux developer Hanno Böck, who also writes for Golem and runs The Fuzzing Project as a software fuzzing initiative to find issues in software, presented today [5 February 2017] at FOSDEM 2017 over some Linux desktop security shortcomings and how Microsoft Windows 10 is arguably more secure out-of-the-box.

Gentoo Developer: Is The Linux Desktop Less Secure Than Windows 10?

And the slides from the presentation.
_________________
Clevo W230SS: amd64, OpenRC, nvidia-drivers & xf86-video-intel.
Compal NBLB2: ~amd64, OpenRC, xf86-video-ati, dual booting with Win 7 Pro 64-bit.
KDE on both laptops.

Fitzcarraldo's blog
Back to top
View user's profile Send private message
chithanh
Developer
Developer


Joined: 05 Aug 2006
Posts: 2141
Location: Berlin, Germany

PostPosted: Tue Feb 07, 2017 11:20 am    Post subject: Reply with quote

Ugh, the usual quality Phoronix article...
Quote:
So Hanno Böck's argument for the Linux desktop being less secure than Windows being that the automatic indexing of files under Linux has "a lot of questionable quality parser code" and that there isn't this behavior on Windows by default, but that Windows users generally are running anti-virus software too. An exploit with Ubuntu's Apport bug reporting tool was also pointed out and that more must be done to improve the Linux desktop security.
What's this even supposed to mean?

I was at Hanno's talk (which was excellent btw) and I am under the impression that he carefully avoided giving a definite answer to the question in the title.
Yes, Antivirus software makes you less secure (news at 11).
Yes, running complex parsers on any content you encounter on the Internet is bad (not surprising either).

If you don't do either, your attack surface will be small.
Back to top
View user's profile Send private message
Wallsandfences
Apprentice
Apprentice


Joined: 29 Mar 2010
Posts: 260

PostPosted: Tue Feb 07, 2017 5:37 pm    Post subject: Reply with quote

Thanks for bringing that up. I'll definitly look into securing my desktop and system via gentoo hardened.
Back to top
View user's profile Send private message
Tony0945
Veteran
Veteran


Joined: 25 Jul 2006
Posts: 1980
Location: Illinois, USA

PostPosted: Tue Feb 07, 2017 5:54 pm    Post subject: Reply with quote

It appears from the link that the discussion was about GNOME and KDE rather than desktops in general or X11. Since both of these are trying to clone Windows via systemd, I'm not surprised. Is fluxbox as vulnerable?
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 5444
Location: Austria

PostPosted: Tue Feb 07, 2017 6:18 pm    Post subject: Reply with quote

@Tony0945: Empty words unless you bring up any part of Plasma-5 that depends on systemd.

You completely miss the point, the slides do not mention systemd one single time. Vulnerable libraries can affect every system; automatic indexing/parsing that depends on these libraries multiplies the attack surface. Plasma and Gnome are two widely used examples that use such indexing by default.
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
ct85711
Veteran
Veteran


Joined: 27 Sep 2005
Posts: 1363

PostPosted: Tue Feb 07, 2017 8:07 pm    Post subject: Reply with quote

The other weakest point in any operating system (doesn't matter if it's Mac, *nix, or windows) is going to be the human component. Passwords has always been, and for a long time will still be, the most common weak point. All of this is because we all are terrible on remembering passwords and have to use something to aid us to remember all of them.
Back to top
View user's profile Send private message
steveL
Advocate
Advocate


Joined: 13 Sep 2006
Posts: 4809
Location: The Peanut Gallery

PostPosted: Tue Feb 07, 2017 8:47 pm    Post subject: Reply with quote

phoronix wrote:
So Hanno Böck's argument for the Linux desktop being less secure than Windows being that the automatic indexing of files under Linux has "a lot of questionable quality parser code"

Ah, good old semantic-craptop.. ;)

OTOH, admins have been using {m,}locate for decades now, without major issues to my knowledge. You have a choice there, even on a bindist since the cronjob has to be enabled/can be disabled.
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 5444
Location: Austria

PostPosted: Tue Feb 07, 2017 8:50 pm    Post subject: Reply with quote

steveL wrote:
Ah, good old semantic-craptop.. ;)

I feel even better now for making it build-time optional and getting that upstreamed. ;)

steveL wrote:
OTOH, admins have been using {m,}locate for decades now, without major issues to my knowledge.

Well, mlocate does not index metadata, that's the whole point of tracker and baloo.
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
steveL
Advocate
Advocate


Joined: 13 Sep 2006
Posts: 4809
Location: The Peanut Gallery

PostPosted: Tue Feb 07, 2017 9:54 pm    Post subject: Reply with quote

asturm wrote:
I feel even better now for making it build-time optional and getting that upstreamed.

kudos.
Back to top
View user's profile Send private message
rob_dot_p
n00b
n00b


Joined: 28 Jan 2017
Posts: 30

PostPosted: Tue Feb 07, 2017 10:04 pm    Post subject: Reply with quote

Good talk, important topic.
Here are some relevant blog posts from Chris Evans who researched those vulnerabilities:
http://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html
http://scarybeastsecurity.blogspot.com/2016/12/redux-compromising-linux-using-snes.html
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum