Why Linux is a better choice than Windows or macOS for security

Why Linux is a better choice than Windows or macOS for security

Enterprises invest a great deal of time, effort and cash to keep their systems secure. The most security-conscious may have a security operations center.

They, in fact, use firewalls and anti-virus tools. They most likely spend copious amounts of time and manpower observing their networks, trying to find telltale anomalies that might indicate a breach.

What with IDS, SIEM and NGFWs, they deploy a veritable alphabet of defenses.

But how many of them have given a lot of thought to at least one of the cornerstones of their digital operations: the operating systems deployed on the workforce’s PCs?

Was security even an element once the desktop OS was selected?
[ additional info: self-defense is essential to Linux kernel security ]

This raises a question that each IT person ought to be able to answer: what operating system is the best and most secure for general deployment?

We asked some specialists what they think about the protection and safety of these three choices: Windows, the ever-more-complex platform that’s simply the most common desktop system; macOS X, the FreeBSD Unix-based OS that powers Apple Macintosh systems; and Linux, by that we tend to mean all the varied Linux distributions and connected Unix-based systems.



How we arrived here

One reason enterprises may not have evaluated the safety of the OS they deployed to the workforce is that they created the selection years past.

Look back far enough the majority of operating systems were reasonably safe, as a result of the business of hacking into them and stealing information or planting malware was in its infancy. And once an OS choice is decided, it’s difficult to think about a change.

Few IT organizations would wish the headache of moving a globally distributed workforce to a completely new OS. Heck, they get enough pushback once they move users to a brand new version of their OS of choice.

Still, would it not be wise reconsider?

Are the three leading desktop OSes diverse enough in their approach to security to warrent a change in OS worthwhile?

Certainly, the threats challenging enterprise systems have changed within a previous couple of years. Attacks became much more subtle.

The lone adolescent hacker that once dominated the general public imagination has been supplanted by well-organized networks of criminals and shadowy, government-funded organizations with immense computing resources.

Like many of you, I myself have firsthand and up-close experience of the threats that are out there: I even have been infected by malware and viruses on various Windows computers, and I’ve even had macro viruses that infected files on my Mac.

More recently, a widespread automatic hack circumvented the safety on my website and infected it with malware.

The results of such malware were continuously slow and subtle, one thing you wouldn’t even notice, till the malware ended up becoming so deeply embedded within the system that performance began to suffer drastically.

One notable factor regarding the infestations was that I had never specifically targeted by the miscreants; these days, it’s as simple to attack 100,000 computers with a botnet as easy as it is to attack a dozen.



Does the OS actually matter?

The OS you deploy to your users will create a distinction for your security stance, however, it isn’t a certain safeguard.

For one thing, a breach currently is more than likely to return these days because an attacker probed your users, not your systems.

A survey of hackers that attended a recent DEFCON conference disclosed that “84 % use social engineering as a part of their attack strategy.”

Deploying a secure software is a crucial place to begin, however lack of user education, sturdy firewalls and constant vigilance, even the foremost secure networks may be invaded.

And after all, there’s always the chance of user-downloaded package, extensions, utilities, plug-ins and alternative packages that seems benign however becomes a path for malware to appear on the system.


Regardless of what platform you decide on, one of the most effective ways you can keep your system secure is to confirm that you simply apply package updates promptly.

Once a patch is in the wild, after all, the hackers will reverse engineer it and realize a brand new exploit they will use in their next wave of attacks.

And don’t forget the fundamentals.

Don’t use root, and don’t grant guest access to even older servers on the network.

Teach your users a way to choose specialized passwords and arm them with tools like 1Password or LastPass that makes it easier for them to possess totally different passwords on each account and website they use.

Because the bottom line is that each choice you make relating to your systems can have an effect on your security, even the OS your users do their work on.
[ To inquire into this story, visit Computerworld’s Facebook page. ]



Windows, the most popular choice

If you’re a security manager, it’s very possible that the queries raised by this text {could be|might be|can be|may be|may well be} rephrased like so: Would it be safer if we moved on from Microsoft Windows?

Saying that Windows dominates the enterprise market is to downplay the case. NetMarketShare estimates that a staggering 88% of all computers on the net currently, are running a version of Windows.

If your systems fall inside that percentage, you’re most likely aware that Microsoft has continued to fortify security within the Windows system.

Among its enhancements is rewriting and re-rewriting its OS codebase, adding its own antivirus code, upgrading firewalls and implementing a sandbox design, wherever programs can’t access the memory area of the OS or alternative applications.

But the popularity of Windows may be a drawback in itself.

The safety of an OS will depend to a large degree on the dimensions of its installed base. For malware authors, Windows provides a vast ball field. Concentrating thereon offers them the foremost bang for his or her efforts.

As Troy Wilkinson, a chief operating officer of Axiom Cyber Solutions, explains, “Windows invariably comes in last within the security world for a variety of reasons, primarily due to the adoption rate of customers. With an oversized range of Windows-based personal computers on the market, hackers traditionally have targeted these systems the most.”

It’s definitely true that, from Melissa to WannaCry and on the far side, a lot of the malware the globe has seen has been geared toward Windows systems.



macOS X and security through obscurity

If the foremost widespread OS is often aiming to be the largest target, they will employ a less widespread possibility guarantee security? thought} may be a new wrestle the previous — and fully discredited — concept of “security through obscurity,” that control that keeping the inner workings of package proprietary and so secret was the simplest thanks to defending against attacks.

Wilkinson flatly states that macOS X “is more secure than Windows,” however he hastens to feature that “macOS used to be considered a totally secure operating system with little chance of security flaws, but in recent years we have seen hackers crafting additional exploits against macOS.”

In alternative words, the attackers have been branching out and not ignoring the mack universe.

Security research worker Lee Muson of Comparitech says that “macOS is probably going to be the choice of the bunch” once it involves selecting a safer OS, however, he cautions that it’s not impenetrable, as once thought. Its advantage is that “it still benefits from a touch of security through obscurity versus the still much larger target presented by Microsoft’s offering.”

Joe Moore of Wolf Solutions offers Apple a small amount of additional credit, expressing that “off the shelf, macOS X contains a nice log once it involves security, partially as a result of it isn’t as wide targeted as Windows and in part as a result of Apple does a reasonably good job of staying on top of security problems.”

And the winner is …

You probably knew this from the beginning: The clear accord among specialists is that Linux possesses the most secure OS.

But whereas it’s the OS of choice for servers, enterprises deploying it on the desktop are few and very far between.

And if you do decide that Linux was the way to go, you’d still need to decide what distribution of the Linux system to settle on, and things get a small amount more sophisticated there.

Users are aiming to have a UI that looks familiar, and you’re going to need the foremost secure OS.

As Moore explains, “Linux has the potential to be the foremost secure, however, needs the user be something of an influenced user.” So, not for everybody.

Linux distros that focus on security as a primary feature embody Parrot Linux, a Debian-based distro that Moore says provides various security-related tools right out of the box.

Of course, a crucial factor is that Linux is open source.

The very fact that coders can scan and comment upon each other’s work may appear sort of a security nightmare, however it really seems to be a vital reason why Linux is so secure, says Igor Bidenko, CISO of Simplex Solutions.

“Linux is the most secure OS, as its source is open. Anyone can review it and make sure there are no bugs or back doors.”

Wilkinson elaborates that “Linux and Unix-based operational systems have less exploitable security flaws famous to the data security world.

Linux code is reviewed by the technical school community, that lends itself to security: By having that abundant oversight, there are fewer vulnerabilities, bugs, and threats.”

That’s a delicate and maybe unreasonable explanation, however by having dozens — or generally, lots of-of individuals scanning through each line of code within the OS, the code is truly more sturdy and therefore the likelihood of flaws slithering into the wild is diminished.

That had a great deal to do with why pc World came right out and said Linux is safer. As Katherine Noyes explains,

“Microsoft may tout its large team of paid developers, but it’s unlikely that team can compare with a global base of Linux user-developers around the globe. Security can only benefit through all those extra eyeballs.”

Another issue cited by pc World is Linux’s higher user privileges model: Windows users “are typically given administrator access by default, which suggests they basically have access to everything on the system,” consistent with Noyes’ article. Linux, in distinction, greatly restricts “root.”

Noyes additionally noted that the various potential inside Linux environments may be a higher hedge against attacks than the everyday Windows monoculture: There are simply tons of various distributions of Linux out there.

Some of them are differentiated in manners that specifically address security considerations. Security research worker Lee Muson of Comparitech offers this suggestion for a Linux distro: “The Qubes OS is as good a starting point with Linux as you can find right now, with an endorsement from Edward Snowden massively overshadowing its own extremely humble claims.” alternative security specialists purpose to specialize secure Linux distributions like, designed to run firmly and anonymously directly from a USB flash drive or similar external device.




Building security momentum

Inertia may be a powerful force. But there’s clear agreement that Linux has the safest selection for the desktop, there has been no stampede to dump Windows and Mac machines in favor of it. Even so, a very tiny but significant increase in Linux adoption would most likely end in safer computing for everybody, that’s because in market share loss is one for sure tactic to get Microsoft’s and Apple’s attention. In different words, if enough users switch to Linux on the desktop, Windows and Mac PCs are more than likely to become securer platforms.

Add comment