Linux vulnerabilities

Chat about Linux in general
Post Reply
User avatar
LanceM
Level 8
Level 8
Posts: 2358
Joined: Sun Jul 08, 2018 11:50 pm

Linux vulnerabilities

Post by LanceM »

To mark this issue solved, go to your original 1st post and click the edit pencil and add [Solved] at the beginning of the title and click Submit.
Mint accepts donations: https://linuxmint.com/donors.php

User avatar
BenTrabetere
Level 6
Level 6
Posts: 1169
Joined: Sat Jul 19, 2014 12:04 am
Location: Hattiesburg, MS USA

Re: Linux vulnerabilities

Post by BenTrabetere »

"Of course, there’s a lot more to security than the mere number of vulnerabilities which pop up in any given operating system or product. There are a number of other important points to consider here, too, such as the nature of those vulnerabilities, the likelihood of them being targeted, and of course the response and ease of patching them, among many other factors."

8th paragraph in. This is known as 'burying the lede.'

User avatar
Pjotr
Level 21
Level 21
Posts: 14853
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Linux vulnerabilities

Post by Pjotr »

Only things that matters to me:

1. How critical were those vulnerabilities in real life?
2. Were they fixed?
3. How quickly were they fixed?

My experience with Debian/Ubuntu/Mint in the past decade is, that critical vulnerabilities which are dangerous in real life, tend to get fixed very rapidly. :mrgreen:
Tip: 10 things to do after installing Linux Mint 19.3 Tricia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

rene
Level 15
Level 15
Posts: 5867
Joined: Sun Mar 27, 2016 6:58 pm

Re: Linux vulnerabilities

Post by rene »

BenTrabetere wrote:
Tue Mar 10, 2020 11:12 am
8th paragraph in. This is known as 'burying the lede.'
I also get the fairly distinct impression that they've tallied up published issues in, ooh, some 51000 individual pieces of software in the Debian repo's vs. those in "Windows". It's then in the second bit of the "mspoweruser" source article that they tally up all issues in all Microsoft products and find Microsoft to have some double the issues of "Debian" --- and Microsoft's products aren't the only potentially vulnerable Windows products that people use on Windows, whereas (basically) those Debian repo packages are on Debian.

That is; it would seem that this article's author doesn't understand that "Debian" is not one entity that a user has all parts of installed, or is deliberately not considering such. The mere fact that N pieces of software available in the Debian repositories have vulnerabilities doesn't mean I as a user have N vulnerabilities. I could have none; am at the very least guaranteed to have only a small percentage of them.

Please be careful with "security" crapola from the internet. Basically 90% of it is marketing and/or otherwise clueless drivel by idiots.

User avatar
Portreve
Level 9
Level 9
Posts: 2799
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida

Re: Linux vulnerabilities

Post by Portreve »

Pjotr wrote:
Tue Mar 10, 2020 12:04 pm
1. How critical were those vulnerabilities in real life?
2. Were they fixed?
3. How quickly were they fixed?
techradar.com wrote: And Debian, a flavor of Linux, was top of the table with 3,067 vulnerabilities over the last two decades. Reasonably close behind was Android on 2,563 vulnerabilities, with the Linux kernel in third place having racked up a count of 2,357. Apple’s macOS was only slightly behind that with 2,212, with Ubuntu in fifth place on 2,007.

All of the top five places were taken by operating systems, although Firefox and Chrome filled the next two positions with 1,873 and 1,858 vulnerabilities respectively.

As for Microsoft’s operating systems, Windows 7 bore 1,283 vulnerabilities, and Windows 10 carried 1,111. If you add those together, you get a total of 2,394 for the past decade, roughly – given that Windows 7 came out in 2009, and handed the baton to Windows 10 in 2015.
Hmm...

1. The article doesn't bother to elaborate.
2. The article doesn't state.
3. The article doesn't elaborate on that, either.

So, in sum, I second every single point Pjotr made above. More-or-less, this article is basically just clickbait.
Still, this serves to underline that Windows security is perhaps not as shaky as you might believe, at least historically, and indeed that Linux and Mac users shouldn’t be complacent.
Except that, historically, GNU+Linux and none of Apple's OSs (at least for the Macintosh platform, can't speak for the Apple II platform) have ever been as "shaky" as Microsoft's security. So, while I agree that users of both Classic Mac OS and Mac OS X were and are definitely a bit too complacent and egotistical (I could make a very apt analogy here, but I don't want to get yelled at twice in a week for posting something political) at least they aren't getting taken for a ride the way Windows users have been.
Please remember to mark your fixed problem [SOLVED].

Running Linux Mint Cinnamon 19.3.

Judge a man by his questions rather than his answers.
— Voltaire

User avatar
lsemmens
Level 10
Level 10
Posts: 3305
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Re: Linux vulnerabilities

Post by lsemmens »

The article is VERY lean on information about the points. i.e. are these vulnerabilities spread across the entire eco-system or ONLY in the OS itself. Again, speed of remediation is also decidedly light on. Click Bait at best.
Fully mint Household
Out of my mind - please leave a message

User avatar
LanceM
Level 8
Level 8
Posts: 2358
Joined: Sun Jul 08, 2018 11:50 pm

Re: Linux vulnerabilities

Post by LanceM »

More in perspective I think is the following published in 2016
From AV-Test.org:
"Thus, the development and distribution of malware adheres to strict economic
principles. One of them says: "It‘s all about economies of scale." Accordingly,
the number of malware has grown steadily since the initial tests by AV-TEST in
the year 1984. Upon completion of this report, the number of known malware
for Windows PCs in the AV-TEST database was at 578,702,687, with strong signs
of growth. Currently, 12 million new Windows malware samples come "onto the
market" each month. And so it is safe to assume that the number of malware
programs targeting the Redmond operating system will break the sound barrier
of 600 million even before the end of this year."
https://www.av-test.org/fileadmin/pdf/p ... 5-2016.pdf
To mark this issue solved, go to your original 1st post and click the edit pencil and add [Solved] at the beginning of the title and click Submit.
Mint accepts donations: https://linuxmint.com/donors.php

ZakGordon
Level 5
Level 5
Posts: 754
Joined: Thu Feb 12, 2015 11:07 am

Re: Linux vulnerabilities

Post by ZakGordon »

Directly replying to that (frankly terrible) techradar piece:

https://www.youtube.com/watch?v=_AQ2B4LYgGg

Chris was not amused! ;)
Laptop overheating? Check link here:itsfoss guide . A move from Cinnamon to XFCE can give a -5 to -10 degrees C change on overheating hardware.

Build a modern dual-boot Ryzen Win7/Linux Mint PC:Tutorial

darkrchaos
Level 1
Level 1
Posts: 11
Joined: Thu Mar 19, 2020 8:29 pm

Re: Linux vulnerabilities

Post by darkrchaos »

As a person that just started using linux, vulnerabilities are one thing I worry about. I know linux is safe, but since I"m a noob I feel like I may be forgetting something. On windows I had norton, which kept out everything, including harmless stuff lol

Lady Fitzgerald
Level 4
Level 4
Posts: 367
Joined: Tue Jan 07, 2020 3:12 pm
Location: AZ, SSA (Squabbling States of America)

Re: Linux vulnerabilities

Post by Lady Fitzgerald »

darkrchaos wrote:
Sun Mar 22, 2020 5:25 am
As a person that just started using linux, vulnerabilities are one thing I worry about. I know linux is safe, but since I"m a noob I feel like I may be forgetting something. On windows I had norton, which kept out everything, including harmless stuff lol
Norton (snort). That thing acted more like a virus than a virus. And it missed a lot of malware, stuff Malwarebytes would pick up (and even Malwarebytes would occasionally miss something).Then there were the false positives from all Windwoes antimalware programs :roll: . Based on personal experience, I didn't trust anything from Symantec (who makes Norton).

The biggest vulnerability in Linux is PEBKAC (Problem Exists Between Keyboard And Chair). A virus or other malware normally cannot start itself in Linux; it has to be given permission by the user, either by approving an action or by downloading software from somewhere other than an approved repository. Every once in a blue moon, a nasty might get into a repository but it gets found and corrected pretty quickly, far, far faster than ever occurred with Windoze products.
Jeannie

Linux Mint Cinnamon 19.3
Lenovo B50 15" notebook

RollyShed
Level 4
Level 4
Posts: 302
Joined: Sat Jan 12, 2019 8:58 pm
Location: South Island, New Zealand

Re: Linux vulnerabilities

Post by RollyShed »

darkrchaos wrote:
Sun Mar 22, 2020 5:25 am
As a person that just started using linux, vulnerabilities are one thing I worry about.
Why?

During 2018, Windows was swamped with viruses written by Microsoft. They called them Updates and they broke all sorts of things and no virus checker ever stopped them. For us, the final one was in October when it totally destroyed all the data on a Windows computer and reverted it from 10 to 7.

And you are worried about Linux? That just does not happen with Linux.

darkrchaos
Level 1
Level 1
Posts: 11
Joined: Thu Mar 19, 2020 8:29 pm

Re: Linux vulnerabilities

Post by darkrchaos »

That's actually why I moved to Linux. I didn't like windows 10, but I was willing to live with it. But then I found out how they were updating windows 10 I knew I had to find something else. I had enough problems with windows 7 updates.

Post Reply

Return to “Chat about Linux”