Like a privacy based fully open source browser. Wouldnt it be more hackable because every one know the script and is a glopal privacy based gpay alternative possible ? What about targeted hacking is someone using closed source application more better off than someone with ooen source ?
The fact that most hacked software is closed source (i.e. Windows and most Windows tools) proves that open source software is not lees secure.
Not really. That windows is targeted more is not to do with it being closed source or necessarily less secure; it is ubiquitous and so from a hacker/malware point of view it’s the best chance of getting a financial reward from their efforts.
However it being closed source makes it harder to identify and patch the holes. We only come across those holes either because a good actor has taken the time to find them (which is hard work) or a bad actor has started exploiting the flaws and been caught - which is terrible as the horse has already bolted, and often stumbled across after damage has been done
Open source does not magically fix that problem, it just puts the good and bad actors on a more level open playing field. Software can be secure with open code as security is about good design rather than obscuration. But open source code can also be very insecure due to bad design, and those flaws are open to anyone to see and exploit. And it requires people taking the time and effort to actually review and fix the code. There is less incentive to do that in some ways as it is currently less targeted.
However there are a lot more benefits to open source beyond that, including transparency, audit, and collaboration. It’s those benefits together that make open source compelling.
Security is also more than being hacked. There are lots of examples of closed source software doing things to benefit it’s makers rather than its users - scraping user data for example and sending it home to be exploited. It’s harder to hide in open source software, but someone also has to take the time to look.
Not really, windows is most targeted because it’s most used. If Linux had comparable market share it would be attacked way more.
Most of the services you use every day run on Linux servers. Even Microsoft uses Linux on their servers. And these services, not an average laptop, are the main targets of malicious actors.
The vast majority of behind-the-scenes infra that the end user never sees are open-source, even if the end-user part is proprietary. Eg. Facebook and Xwitter are proprietary, but run on open-source infrastructure like Docker, Kubernetes, Nginx etc.
Proprietary OS-s are workstation/office/home PC land. They have way more security issues due to crap coding whereas security problems with open-source server stuff are as a rule the fault of the admins misconfiguring services and not keeping their software up to date.
Linux servers are hacked left and right on a daily basis.
Yes, because vast majority of orgs both in private and public sectors suck at securing their systems. Either:
-The admins lack the knowledge and skills to properly configure their stuff.
-The admins are not given the resources they need to update and secure the systems.
-The in-house parts of the system rely on some deprecated functionality of an old version of some underlying service. Updating in-house parts to make it work with new versions is not made possible because “Phil knew how but Phil was laid off 10 years ago” or “the company who made it is out of business” or “we don’t have the money to do it” or “it works now, so why bother?”
-The servers are fine, up-to-date and secure, but the in-house service itself has glaring security issues that go unfixed due to above reasons.
And thus came along little Bobby Tables and was able to completely incapacitate his school district…
Generally a Linux installation is very good at keeping itself up-to-date and installing security patches automagically. Updating Docker containers is somewhat more involved, but can be easily automated with Watchtower.
Linux is used a lot, though, in a lot of high value situations (servers).
Oh yeah, definitely but those tend to be different attacks than would target random consumer computers.
Being open source definitely plays a role in Linux security, but it’s minor compared to stuff like market share, user privilege, package management vs just installing random exes, different distros using different packaging systems.
Linux is the most used OS, it has many attacks every day. The problem is that you can’t see it and that’s why you think there aren’t Linux systems or attacks to it, because you can’t see them.
I like how you just ignored the comment you replied to which acknowledged linux makes up most servers and instead just argued against a guy you made up.
I didn’t ignore.
That doesn’t mean attacks on Linux are minors, just different kind of attacks, because a user mistake is easier to exploit than a vulnerability in a software/code. That’s not about software mistakes that create vulnerabilities, that’s a user mistake that install malware.
This kind of attacks you are saying are actually the “minor” attacks that daily occurs, but normally the most effective, there is a lot of scam, but daily or hourly there are millions or billions of attacks everywhere, or that’s what my cybersecurity team at my company showed me, they are 24/7 there to never let any attack penetrate to the organization. Imperva and Cloudflare (for example) are or have powerful firewalls that block many attacks every minute. And you are comparing that to a malware that a user install.
So that’s why I am saying, because you can’t see them, doesn’t mean there aren’t attacks.
Edit: More data added on bottom.
I found this: https://www.imperva.com/cyber-threat-index/
Is saying the role open source plays in Linux security is minor compared to the role other aspects play, not that the attacks are minor.
But I still think it’s wrong. Linux is the most used because it’s open source, anyone can audit it and adapt it to their servers or any infrastructure that can compute, as many libraries like OpenSSH and others that most closed source repositories are using to not re-make them from 0.
Someone hasn’t been paying attention for decades and instead chose to be confidently incorrect