Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Linux is FOSS so many people can look not only at the binaries but at the source code to determine what issues exist.
Compare that to closed source UNIX like AIX and ask yourself: How much time does this vendor spend on attacking its own products? How many users have access to the source in the first place?
Also there is a bit of a flaw in your premise. Most closed source OSes contain many open source packages. (Perl, Apache, etc...). Usually hacks found in Linux (other than the kernel) are also found in the closed source UNIX systems.
Hello,
New to the linuxquestions group... Been an AIX er for years and finally getting deeper into Linux and all the distributions....
I find it disturbing how many security fixes keep coming out for linux compared to the old dinosaur AIX.
Is it worth the openness of linux?
Just throwing it out there...
AIX is closed source and not updated often.
Linux is open source and updated regularly.
Thus, you should find it comforting that Linux is maintained and patched regularly. You would rather these security issues not be fixed ?
Or do you believe that a closed source system that is not updated regularly is more secure ?
Being open source allows people to find and fix bugs quickly, you too can contribute. Having more security fixes does not imply the system is insecure.
Having long standing critical security bugs that take a long time to patch and are never fully fixed, like Flash Player, that is concerning. The fact that Flash Player is closed source also means that you don't know the state of the code underneath.
Open source projects can have low quality code as well, just look at openssl. There is a code audit coming for it tho, so maybe things will improve.
At first glance it seems a waste of time to patch every week and other closed source do not.
Yes, you have to rely on the testing of the closed source and TRUST.
In the long run it seems for a business to use LINUX is a lot more costly on a day to day basis.
I know, I know.. for close source, you do not know what problem exist because it is closed to all.
The transparency is not there and you do not know what to fix unless you do some ethical hacking.. I get it... but from a pure business perspective.. seems like a bigger risk.
At least it keeps folks employed, interested, and innovative.
For me, the innovation is more important than pointing out the downside.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by 07ykraps
All great Replies.. Thank You.
At first glance it seems a waste of time to patch every week and other closed source do not.
Yes, you have to rely on the testing of the closed source and TRUST.
In the long run it seems for a business to use LINUX is a lot more costly on a day to day basis.
I know, I know.. for close source, you do not know what problem exist because it is closed to all.
The transparency is not there and you do not know what to fix unless you do some ethical hacking.. I get it... but from a pure business perspective.. seems like a bigger risk.
At least it keeps folks employed, interested, and innovative.
For me, the innovation is more important than pointing out the downside.
Great Conversation.. thanks.
I think you must be getting confused somewhere here or using a "cutting edge" Linux version. Updates are not any more frequent for Linux than for Windows and everything that goes along with it, for example. So Linux is no more costly.
When it comes to AIX I can't comment on their update frequency but I can say that flaws in the OS can't be "less quickly findable" so if they don't update as frequently as a stable Linux version then there are more likely to be security holes which is "a bad thing (TM)" and could be extremely costly indeed.
I'm not sure why you think that one OS is more secure or cheaper to run than another because bugs aren't fixed as regularly?
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by veerain
Perhaps OP bases it on real world/general statistics. Many small players are unaffected/unimportant to have hack issues.
However, BASH runs on AIX, for example.
I would think any OS small enough not to be targeted would also be niche enough that trying to run your server farm or desktop computer on it would be difficult.
You could generalise and say he more useful an OS is the more places it is used so the more likely it is to be attacked. The figures don't always back this up, and the security through obscurity and other arguments go against it but if we're being general that would be my response.
Also, I doubt there are as many installations of Siemens's power plant control software as many other programs but there's still a worm for it...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.