I’m just tired. On the last post about having Linux at our work, many people that seems to be an IT worker said there have been several issues with Linux that was not easy to manipulate or control like they do with Windows, but I think they just are lazy to find out ways to provide this support. Because Google forces all their workers to use Linux, and they have pretty much control on their OS as any other Windows system.
Linux is a valid system that can be used for work, just as many other companies do.
So my point is, the excuse of “Linux is not ready for workplaces” could be just a lack of knowledge of the IT team and/or a lack of intention to provide to developers the right tools to work.
Here you go https://www.cynet.com/ransomware/linux-ransomware-attack-anatomy-examples-and-protection/ literally top of the results from googling “Linux ransomware”
Cybersecurity is all about preventative measures. It’s extremely irresponsible to go “yeah, it’s fine, nothing bad has happened so far!”. But even then that’s not quite true, since you yourself have written that your servers are being attacked all the time. And privilege escalation exploits are found all the time.
When you are advocating for putting a system in a workplace, you need to do more due diligence and preparation than what you would for a personal system. Linux can be great for security! But you don’t just go “yeah it never gets viruses”.
Thinking about security in this manner is how all these companies have their vital data leaked all the time.
Edit: another thing, when you hear about companies hacked and all that, how often do they run Windows, and not Linux? Often that information isn’t shared, and so we don’t really know. But nearly all web infrastructure runs on linux, including a majority of the cloud. I’m sure a significant part of those hacks are targeted at linux systems.
And again, let me clarify, I’m talking about workplaces, companies, not personal use. Because for personal use I do agree that Linux with the defaults for most distributions is plenty safe.
And yet another article containing 0 viruses. And only targeted attacks which we’ve kind of excluded because it’s another topic. I’m kinda halfway willing to count something like ‘QNAPCrypt’. But it’s mainly the fault of a single manufacturer having bad security in place. And it’s not really Linux at fault. Also something like QNAP will most likely affect consumers and small companies. I’m not sure… I’d like to see some actual numbers about how that played out.
I know about security. The main question is always: “What are you trying to protect against?”, “What’s YOUR attack scenario.” And that’ll vary a great amount. It’s different for companies and consumers. It’s different for servers and desktop computers. It’s even different for parts of infrastructure of the same company. I know about that. And I happily admit there are other kinds of attacks on Linux infrastructure. Only thing is, they’re kinda rare and viruses aren’t involved.
Regarding how often companies that get attacked also run Linux: That’s true. But you gotta look at the case individually. If Microsoft loses an authentication key that allows access to their cloud and AWS (or something like that). Sure. It’s potentially a severe attack on their infrastructure. They have been compromised. And they also run Linux servers. But how does that relate to the existence of Linux viruses?
Yes, they’re targeted attacks. That’s the point. That’s what you will be facing when putting Linux in your workplace. The main threat for workplaces will be targeted attacks.
So saying that putting Linux in your workplace because it has no viruses is irresponsible. Or at the very least it’s lying by omission.
The text in the post’s image literally says “just set it and forget it”.
I think I get it now. You’re using the word ‘virus’ as a synonym for an attack on computers. I’m using the word in the sense of a computer program that replicates on it’s own and in practice also spreads and does some kind of damage. I get why we cannot agree. But the distinction has vastly different implications.
I read that quote in the context it was written in. And I’d partly agree. If you’re talking with someone who has a small/moderately sized company and they’re thinking about renewing their Sophos subscription. Hot-glue the USB-ports and protect their samba-share against being encrypted by some ransomware… You can’t lump in highly targeted attacks on the top 5 companies in the world and every hypothetical scenario. Without any regards of statistical likelihood… If you want to condense it into a simple truth (which I think was the main point of that post), it’s: There are no Linux viruses. And there probably won’t be.
I think this is technically false. But practically true in the context it was written. And for most people anyways. If you want to talk about cybersecurity as a whole, your webserver and 150 PCs for your employers, I wouldn’t recommend paying a 14 yo $50 to set it up Linux and fire and forget.
I agree. “just set it and forget it” is just bad, bad advice. I think I know where that comes from. I’ve seen >10 years old RHEL servers that hadn’t been touched for quite some time. And a ridiculous hundreds and hundreds of days of uptime. They’re kind of “just set it and forget it”… But… You gotta do it right. Do updates. Have it set up properly and with security in mind. Put in the effort. Lock it down. Don’t expose them to the internet. Pay for longterm support and someone backporting patches and have them installed automatically etc… You can’t do it with any other OS (except for BSD and some specialized stuff). But you can’t say “set it and forget it”. I agree. That’s more than misleading. It’s just false.