Linux Give me reasons for switching from windows to linux (Ubuntu)

If one says Linux is secure and does not need updates and patches regularly, he/she has no idea about Linux. Our IT guys patch Linux every month. Here is a site that shows how many CVEs exist:

Linux : Security vulnerabilities, CVEs

Security vulnerabilities related to Linux : List of vulnerabilities affecting any product of this vendor
www.cvedetails.com

This is the reality. The more apps you install, the more vulnerable your system is and the more patches you get.
 
Mr.J said:
And those patches can be installed without rebooting the system...unlike Windows.
Click to expand...
Not all. Kernel patches need reboot in many cases. Same with Windows. Application patches, no reboot. OS patches, reboot needed. There are regular infra activities. The one OS that truly was rock solid was the Solaris. ****ing servers would run years without a reboot. Stability was legendary.

PS: I don’t know what the big deal is about a reboot. It takes lot more time to update a game via steam than patching entire OS. I see the same boring points around security and updates whenever someone asks about Linux and windows. It’s like they are not able to find anything worthwhile these days.

Android update: reboot
iOS update: reboot
Linux OS major updates: reboot
Windows update: reboot
MacOS update: reboot.
 
Last edited:
Mr.J said:
Wow, for the first time on the internet I have seen anyone making this claim. Even Windows' most ardent supporters agree that Linux is more secure.
Click to expand...
I don't care what claims people make. I know for a fact that Windows is far ahead of any Linux distribution in terms of security. I maintain both Windows and Debian Sid on clusters of servers. I will back my claim with hard data. I suggest you go through Aidan's article and other resources linked below in the article: https://madaidans-insecurities.github.io/linux.html
ibose said:
Aren't the protections made available because Win can be exploited using these "features" specifically in the first place ?
Click to expand...
No, those protections should be present in any operating system. The Linux desktop user base is relatively small, which may reduce the motivation for hackers to exploit it in the first place. However, security through obscurity is not true security. I recommend reading the above article once.
gourav said:
I don't think this is true anymore. A vast majority of servers run on Linux and exploiting servers is going to give you far more data than a bunch of regular machines. So the incentive to exploit Linux is far more now.
Click to expand...
Servers are typically heavily firewalled and protected by various security measures, making it difficult for them to be hacked. However, despite these precautions, many servers still get hacked on a daily basis.
desiibond said:
If one says Linux is secure and does not need updates and patches regularly, he/she has no idea about Linux. Our IT guys patch Linux every month. Here is a site that shows how many CVEs exist:
Click to expand...
Many CVEs for Linux often go unreported compared to Windows. This is a sad and unfortunate fact. That is why our entire fleet of Linux servers runs on Debian Sid (unstable). I have observed numerous security fixes implemented between releases, even without associated CVEs.
Mr.J said:
And those patches can be installed without rebooting the system...unlike Windows.
Click to expand...
Reboot is not an issue. Most critical servers / services run in a cluster. They restart one by one with health check. Live kernel patching have caused more troubles in the past.

I recommend Windows users to use Windows 11 with a WDAC (Windows Defender Application Control) policy. Creating a policy is now easier than ever with their wizard tool, and once implemented, it provides the strongest protection you'll ever experience. You can create a policy using the wizard tool available at https://webapp-wdac-wizard.azurewebsites.net/.

It is impossible to delete a policy without administrative rights, and once a policy is signed, it can only be replaced with another signed policy.

wdac-wizard-template-selection.png
 

Attachments

  • 1688359631607.png
    1688359631607.png
    8.3 KB · Views: 86
Last edited:
TinTinSnowy said:
No, those protections should be present in any operating system. The Linux desktop user base is relatively small, which may reduce the motivation for hackers to exploit it in the first place. However, security through obscurity is not true security. I recommend reading the above article once.
Click to expand...
Well for one can you explain how UAC improves security ? Here is one suggested read -
www.cynet.com

User Account Control – Overview and Exploitation

User Account Control, commonly abbreviated UAC, is a Windows security component introduced in Windows Vista and Windows Server 2008. UAC restricts processes’ access to admin-level (privileged) resources and operations as much as possible, unless they are explicitly granted by the user.
www.cynet.com www.cynet.com
My point is that claiming Windows security is better than XYZ OS is misleading without any proof of the basis of comparison.
 
TinTinSnowy said:
Just because UAC was exploited in the past doesn't mean it is not useful. UAC is an essential security feature in Windows operating systems designed to prevent unauthorized privilege escalation for processes.
Click to expand...
Even now it takes 3 lines of PS code to bypass it. Some security.
 
ibose said:
Even now it takes 3 lines of PS code to bypass it. Some security.
Click to expand...
You can disable UAC with admin access yourself, but running as admin makes it possible to be exploited. There is no UAC to protect against various privilege escalations in Linux. It's better to operate with a standard user account in Windows, as I do. The admin/root account should only be used for configuration, installation, and updates.

I don't need any exploit in Linux to gain privileged access in most cases if I have a non-root account. The same cannot be said for a standard user account on Windows. The article you highlighted requires various exploits to bypass UAC and gain privilege escalation. The article I linked you to requires no exploit at all. ;) That much poor Linux is with security.
 
ibose said:
You need to prove that and so far I have seen nothing from you. I should have realized early that I was wasting my time on a Windows fanboy.
Click to expand...
You are making a claim that UAC can be bypassed from a standard user account on Windows. I never made such claim. So the onus is on you to prove that sir!

I made a claim that Linux is insecure and I backed it up with data and sources. https://madaidans-insecurities.github.io/linux.html
 
TinTinSnowy said:
You are making a claim that UAC can be bypassed from a standard user account on Windows. I never made such claim. So the onus is on you to prove that sir!
Click to expand...
No. You were the first to claim that Windows was more secure quoting all those "features". And your claim to fame is that one article denouncing Linux security hosted in Github of all places. I have so far seen nothing from you on how Windows is more secure. Sorry but you need to try harder to convince others.
To the OP, as much as others try to convince you to stay on Windows, security is not one of them, at least not yet, but MS is taking positive steps with 11. I myself use Windows 10 as my daily driver and Mac for WFH. I recognize each has its own strength and weaknesses unlike some of the blind believers. I also use linux on Rpi. Use whatever makes it the most easy and productive for you.
 
ibose said:
Github
Click to expand...
Why does it matter where it's hosted? The writer of those articles, Aidan, is a top security researcher and contributor to the Whonix project. He has single-handedly made significant contributions to Linux for security. Before discarding the content simply because it is hosted on Github, at least try to figure out who the writer is. You can find more information about Aidan and his work on the Whonix project's website: https://www.whonix.org/wiki/Whonix-Workstation_Security.

I think you did not read that article properly. All the security features I mentioned have already been discussed in terms of how they make Windows a more secure operating system than Linux. Everything on the article is referenced with a source. I have interacted with Aidan multiple times in the past and they use Linux but security is not the reason. They recommend Windows and Mac OS on Desktop and GrapheneOS and iOS on mobile devices.

VBS:
1688371108823.png


UAC:
1688371155410.png

ibose said:
one article
Click to expand...

2) Daniel Micay and their GrapheneOS team also rely on Windows. One of their developer Anuprita have shared their WDAC policy into the matrix group. I was a member there before. They also find linux to be very weak in terms of security. They do a lot of hardening to linux kernel and the OS to make GrapheneOS secure. They have always expressed interest in moving away from Linux kernel at some point in time.

https://www.reddit.com/r/GrapheneOS/comments/bddq5u/_/ekxifpa

"GrapheneOS also has longer term goals involving moving away from the Linux kernel to a microkernel with a Linux compatibility layer, etc. which are going to be achieved via lots of collaboration with other projects and reusing existing external projects like gvisor as much as possible."

3) I was a QubesOS user in the past. Joanna Rutkowska is the founder of the project. She is very well known in the security community. They moved away from it and now they use MacOS as their daily driver.

https://twitter.com/x/status/1136220742662664193

"So, I'm reinforced in my belief that *security* of mainstream platforms (from Apple, Google, MS) will continue to improve, likely exceeding the "open source" offerings."

4) Whoever is into professional server management and security must be aware of Brad Spengler and GRSecurity.

https://twitter.com/x/status/1308734202330963970

"Microsoft tries to improve upstream Linux security, upstream kernel dev tells them they're "smoking crack": https://openwall.com/lists/kernel-hardening/2020/09/23/3 And people wonder why Linux has a security problem"

https://twitter.com/x/status/1249850031357788162

"#grsecurity is for companies with serious security needs that recognize the real risk of the Linux kernel on which their services and containers run, for whom an exploit in 2020 being able to reuse 13-year-old techniques is entirely unacceptable"
ibose said:
I also use linux
Click to expand...
I also use Debian Sid for servers. I get paid for securing web servers and application servers. Feel free to use Linux but it is the last thing you should use if you want top notch security. If any body say that FOSS = secure then they should be slapped hard. Most open source projects are full of security bugs, don't have any security researchers in team and don't even have money to go for regular 3rd party security audits. Not every project can be like bitwarden and be able to raise millions of dollars.
 
TinTinSnowy said:
Why does it matter where it's hosted? The writer of those articles, Aidan, is a top security researcher and contributor to the Whonix project. He has single-handedly made significant contributions to Linux for security. Before discarding the content simply because it is hosted on Github, at least try to figure out who the writer is. You can find more information about Aidan and his work on the Whonix project's website: https://www.whonix.org/wiki/Whonix-Workstation_Security.

I think you did not read that article properly. All the security features I mentioned have already been discussed in terms of how they make Windows a more secure operating system than Linux. Everything on the article is referenced with a source. I have interacted with Aidan multiple times in the past and they use Linux but security is not the reason. They recommend Windows and Mac OS on Desktop and GrapheneOS and iOS on mobile devices.

VBS:
View attachment 172181

UAC:
View attachment 172182


2) Daniel Micay and their GrapheneOS team also rely on Windows. One of their developer Anuprita have shared their WDAC policy into the matrix group. I was a member there before. They also find linux to be very weak in terms of security. They do a lot of hardening to linux kernel and the OS to make GrapheneOS secure. They have always expressed interest in moving away from Linux kernel at some point in time.

https://www.reddit.com/r/GrapheneOS/comments/bddq5u/_/ekxifpa

"GrapheneOS also has longer term goals involving moving away from the Linux kernel to a microkernel with a Linux compatibility layer, etc. which are going to be achieved via lots of collaboration with other projects and reusing existing external projects like gvisor as much as possible."

3) I was a QubesOS user in the past. Joanna Rutkowska is the founder of the project. She is very well known in the security community. They moved away from it and now they use MacOS as their daily driver.

https://twitter.com/x/status/1136220742662664193

"So, I'm reinforced in my belief that *security* of mainstream platforms (from Apple, Google, MS) will continue to improve, likely exceeding the "open source" offerings."

4) Whoever is into professional server management and security must be aware of Brad Spengler and GRSecurity.

https://twitter.com/x/status/1308734202330963970

"Microsoft tries to improve upstream Linux security, upstream kernel dev tells them they're "smoking crack": https://openwall.com/lists/kernel-hardening/2020/09/23/3 And people wonder why Linux has a security problem"

https://twitter.com/x/status/1249850031357788162

"#grsecurity is for companies with serious security needs that recognize the real risk of the Linux kernel on which their services and containers run, for whom an exploit in 2020 being able to reuse 13-year-old techniques is entirely unacceptable"

I also use Debian Sid for servers. I get paid for securing web servers and application servers. Feel free to use Linux but it is the last thing you should use if you want top notch security. If any body say that FOSS = secure then they should be slapped hard. Most open source projects are full of security bugs, don't have any security researchers in team and don't even have money to go for regular 3rd party security audits. Not every project can be like bitwarden and be able to raise millions of dollars.
Click to expand...
Thanks for sharing your interpretation of all those information sources. It was useful.
However I still see that most of them are again critiques of Linux, Android or open source in general.
I agree that open source = secure, is definitely a myth. But it does not imply closed source is always secure. This may be anecdotal at best but does offer interesting insights -

Top 50 products having highest number of cve security vulnerabilities

Top 50 products having highest number of cve security vulnerabilities Detailed list of software/hardware products having highest number security vulnerabilities, ordered by number of vulnerabilities.
www.cvedetails.com
 
Mr.J said:
And those patches can be installed without rebooting the system...unlike Windows.
Click to expand...
Rebooting a server is always a very healthy habit. We reboot every productions server (win/linux) once a month or three esp. during monthly patching activity and it really helps in performance and many other factors.
Reboot is a planned downtime activity and those who all worry why windows reboots all of a sudden have no knowledge there's a setting for end-user to select reboot preferred times/days or avoid it and in a domain an official email is sent for reboots which is done on weekends.
desiibond said:
PS: I don’t know what the big deal is about a reboot. It takes lot more time to update a game via steam than patching entire OS. I see the same boring points around security and updates whenever someone asks about Linux and windows. It’s like they are not able to find anything worthwhile these days.
Click to expand...
Coz such people host private servers and provide services way beyond google and microsoft hence they feel their servers shall never reboot in their lifetime while they are unaware how many times servers of these giants are rebooted :D
desiibond said:
If one says Linux is secure and does not need updates and patches regularly, he/she has no idea about Linux. Our IT guys patch Linux every month. Here is a site that shows how many CVEs exist:

Linux : Security vulnerabilities, CVEs

Security vulnerabilities related to Linux : List of vulnerabilities affecting any product of this vendor
www.cvedetails.com

This is the reality. The more apps you install, the more vulnerable your system is and the more patches you get.
Click to expand...
Exactly! there's no such thing like install and forget and there's never ever gonna be such a piece of software ever..
We have a dedicated Linux team for patching and vulnerability mgmt. not because cos. have excess to splurge on salaries but its always better to keep systems updated rather than be sorry and face the shame at the last moment and incurring huge financial losses..
Hackers behind are constantly busy exploring every possibility to break-in be it linux mac windows solaris android etc.
lockhrt999 said:
I don't think anyone is using windows servers these days (except some govt websites). Why would someone torture themselves like that.
Click to expand...
Why the misconceptions? MNCS, Banks, Medical etc. all use Windows cum Linux servers.
I have worked with govt. and they use Linux 70% at least while pvt. cos. prefer both combinations.
Linux are preferred as front facing and windows at the back depending on envi. though differs across application and environment.

Not to forget Active Directory in itself is the masterpiece and most robust yet simplified infra. mgmnt tools which eases deployments, configurations and what not. And it evolving with every upgrade. Linux or Mac can never ever offer or match AD and even if they do they will still be faraway as AD can be as simple as well as can get configured at granular levels with multiple complexities.

Everything is easy to hack and hard too. It your networks which got loopholes and once you get through your corporate or whatever envi. there's no stopping from exploiting the infrastructure be it win lin mac etc.

Last words.. gone is the era about win vs linux in terms of security, today both needs to be patched yet are equally vulnerable and have to be remediated.
If someone from 90s is still using linux today as if he is living in 90s, he is guarded only by his good luck till now... enjoy while it lasts as stars keep changing rotating and revolving...
 
Last edited:
Hi people

I installed Ubuntu as dual boot and have been using for few days. So far I like it and will be on Linux. The command line is so insane. All updates in one command. Whoa. But no gaming on linux is the only drawback, but it is excellent for coding environment.

Thanks guys
 
cloudblogs.microsoft.com

Microsoft Loves Linux - Microsoft Windows Server Blog

In a press and analyst briefing a few months back, Microsoft CEO Satya Nadella put up a slide proclaiming “Microsoft ♥ Linux”. Wow! What a great slide and what a change for Microsoft! The trade press picked up on this slide in a major way, with a number of articles echoing this new approach...
cloudblogs.microsoft.com cloudblogs.microsoft.com
 
Back
Top