Lol don't be silly. The most secure desktop operating system is obviously TempleOS.

What makes Linux safer? The users.

I think the most important fact is having many tech savvy guys using it.

You forgot to mention linux does not come with a built-in backdoor to your computer. Update: Well I guess XZ had proven me wrong.

im sure linux actually absolutely dominates the operating system market if we include servers and not just individual users

If you have a hard time installing any package not made for your specific distro, imagine how hard it is for a dude to make a virus for Linux.

Temple OS is the only safe and secure OS. Just try mounting a usb device in it.

gnu/linux safest? no gnu/linux safer than windows? yes

Not to mention all the patches and possible compromises are CLEARLY listed in the updates unlike the dodgy language of windows and Mac "updates"

I'll swear by Linux's flexibility any day. It's just so much easier to execute on weird hacky ideas. I've had two overlapping Zoom classes at one point, and I'd create two virtual PulseAudio-JACK sinks where each class would go, and wire each class to the left and right channels of my headphones, separately, then use two instances of OBS to record each class into separate files and folders at the same time, so I could watch separately later, and I had a third instance of OBS streaming "the meme camera" into v4l2loopback, and into both Zoom sessions. All of that, while running a Windows 10 GPU passthrough VM in QEMU, where the VM's main virtual disk is a GPT-formatted _partition_ in my physical SSD, that QEMU accesses as a block device, for maximum performance. Less than 10% CPU usage running all of this with VAAPI (aside from Win10 occassionally taking up more), on a Core i7-6700k. It's madness. Windows just can't do that shit, definitely not nearly as efficiently, and definitely not without a ton of crappy trialwares downloaded from the Internet. And that doesn't even count all the times I made slight, trivial customizations to the software I ran at the sourcecode level, to hack around limitations or play with even weirder ideas.

The biggest vulnerability is located between the chair and the keyboard. All jokes aside, not all malware uses vulnerabilities to work. Many of them may (and not limited to) give the attacker a reverse shell to the target. To mitigate this attack vector, a good firewall rule is needed.

To be clear though Linux servers are well known targets. It doesn't get as much press as Windows vulnerabilities but they are still vulnerable because they run most of the web as we know it and not everyone updates their version of Linux.

Well by richard stallmans definition everyone is a hacker

And then there is OpenBSD

1:30 "The script kiddie possibly hasn't even heard of Linux themselves." HAHAHAHAAHAHAHAHAHhahahahahaahaaaaaa..... I see you're unfamiliar with the ranks and armies of edgy 12 year olds who hear about Kali Linux and revere it like a holy grail of hacking, as if simply having it installed is a sign that you're an unstoppable force not to be deterred from your hacking goals. Then they wipe their Windows XP installation and install the thing so that they can escape from their cushy lifestyle into that of a runaway badass hacker who can't be stopped, and end up not only never figuring out how to hack anything, but also never figuring out how to get basic stuff done on Linux.

I talked to my dad about open source software, he said that people back then tried to get him fired for pushing things like Linux.

OpenBSD...

You've got me convinced, I'm switching to linux as soon as I graduate from my online school that does not support linux.

BSDs are generally more secure.

Another reason for Linux being more secure than windows is that a lot of Linux libraries are dynamic which means every single package uses same system libraries so if that lib have bugs and they fix it in the newest version of kernel it will be fixed for every single package that uses that lib There as in the windows world lot of the applications uses static libraries which means that libraries are inside the package itself and each developer should include that bug fix inside of there application So instead of just updating once to fix the bug you need to update every single application that uses that lib to fix bug

That pie chart at 2:00 could be updated given its 6 years old as at the time of this comment. Surely the data is no longer valid.

I think you touched in an important point when it comes to windows. That their security model is rather basic and only really got better since Vista/Windows 7. Furthermore most people want to run as admin on Windows when most users in Linux don't need to run as a admin (SU iirc) unless needed. This is further made worse with how often software on Windows needs to run on an admin account otherwise it just fails to work. If most windows based software can run well in a limited account and most users actually use the limited account windows would be much more secure OS. Not as secure as Linux though. You win there.

All of this open source stuff is only good if you have a fairly large audience. There are github repos that contain frameworks used by only a few developers but the projects using these frameworks have many users. And malicious people who may find those vulnerabilities and not choose to report them but abuse them this open sourcing helps them find the vulnerabilities much easier.

This market share info is outdated. Linux is now at almost 3%

Hi Mental Outlaw, thank you for your videos, they effectively add insight and real value to the discussed topics. You know, IMO, I think that another reason for Linux to be secure is because of its architectural design, because basically, it is designed in layers like an onion for example, being the most inner layer the kernel. From there "to the outside" you have the other layers like video, audio, the user space and so on. So, as you can see, for malware to make a real damage it has not only to get permission, but also it has to reach the innermost layer of the system, which is the kernel. If for example, a certain user in the system downloads a malware, it will affect this particular user and will not have effective damage over the inner layers of the system. So, in order to bring peace again it would be enough to at most delete the users profile and recreate it again or have it restored from a backup, using tools like rsync for example, if you previously did a backup of course.

Most modern Windows systems have file permissions (ACLs), but other than that you're 100% right

Windows has file permissions as well, In fact it is a huge part of most business domain servers. The truth is by default windows is awful with these permissions.

Why did you pick a operating system usage graph from 2014? It didn't even have Windows 10 on it, and a lot of people used Windows XP and Windows 7.

I am a fan of the channel. Would you be willing to do an interview for the KZfaq show Linux Spotlight? The show tries to showcase the best thing about Linux, the community. In the show, each persons talks about their journey in Linux.

The biggest thing that feels safer to me in Linux is that if you make a root user, it's not an accessible account, you have to switch to it using the terminal for everything you want to do, then you go back to your regular user

But can it survive my "sudo rm -rd /" virus?

I think the point about execute-permissions is a bit weak compared to the other very very good points you make here - not just because those permission do, in some more hidden, harder to utilize form, exist in windows too, but because a considerable portion of hardware is not "executing when you didn't mean to execute anything" (a word document disguised as an executable), but instead "executes when you meant to execute something else" ("this is a self-extracting archive that contains your word document"). If I believe that I've downloaded a legitimate program requiring execute-permissions won't be a safeguard in any way. Still a very good video, showcasing how much of Linux' safety comes not from the OS itself, but actually its community & individual users.

Although it's a good point about the execute permissions because as far as i know all browsers make downloaded files non executable on linux there's still the malware that works directly through browsers. There has been multiple bugs especially in chromium where script running on a page could escape the sandbox and actually affect the host operating system. Another thing i find a big problem on windows is cscript.exe because it's configured to run files such as .js by default and i've seen numerous cases where attackers sent javascript ransomware through email and in outlook just one click on the attached file and windows just run the javascript code without any prompting. Remember what is run by cscript is full javascript *including filesystem functions* not the sandboxed browser javascript allowing ransomware to encrypt the harddrive

It is always very interesting to listen to you, please keep going!

Did you record this audio on a loading dock? Love the vids, thanky brain bandit.

One thing you kinda glossed over that servers are actually running on Linux (20 to 90 percent, depending on which source you consult) and actually are a good target.

Some guys in my school made a desktop shortcut to the shutdown script for our computers. caused chaos when people clicked on it thinking it was chrome or files etc...

Just had my first full day of Linux (Mint), loving the control and it not doing whatever it wants

Linux = AMT conduits baked right in. Linux: Hi NSA, have some data! FreeBSD = What's AMT? IME: Can I has your data? FreeBSD: OK, but it's encrypted. IME: Can you decrypt it? FreeBSD: Nope :3

most malware samples I've looked at do not use any Kernel level exploits, very very few do, and when they do, it's usually nor a massive issue as you'd have to run them as administrator, many people regard the admin to system security boundary as unimportant. to encrypt all files on your drives doesn't take kernel, ring0 cpl. still I agree with most other points.

To be fair.. Windows uses ACL for file permission, which isn't worse than Linux File Permission System. Yes, it gets undermined, if the user is an Administrator, but that is also the case, with the linux root user or just about any user which has access to sudo. If a malware gets past the UAC (which isn't trivial, as long as the UAC is protected with the account password (which really should be the default)), it gains full system access. But on the other side, if a malware gets past sudo, it also has full system access. No file permission system can help you in that case. But as long as we are talking about limited users without access to root/administrator, the file permission system from Windows isn't worse than the Linux permission system. And yes, Windows has a "Read & execute" permission in its acl and if you disable that for a specific user.. well.. in that case the user can't run the application. And yes, this also works for administrators (but obviously they can reenable this permission for themselves but again.. this is also the case for linux), and yes you can inherit this permission through an entire folder structure.. so you can make any application in for example the user folder not executable by default.

Thanks brother 👍

Bravo!

Bro that 25% windows XP market share is insane to me. Even in 2014. That’s still a lot for back then.

mental outlaw really swag !

Thank you for articulating this topic brilliantly. Many people, including an information technology professor I know, believe Linux has next to no malware because it's a small target and Windoze is a giant target. They do not believe Linux is inherently less vulnerable than Windoze. Baloney.

I love the running joke that 4Chan is an elite hacker group

Hey, would you consider also hosting your videos on LBRY?

linux might have a smaller desktop share, but a MUCH MUCH higher server share, and servers are where the real money is, so it kinda evens out

great information

Windows also has a file permission system, it's just unknown and/or inaccessible to most users.

Let me start by saying I am a fan of your show and I like all the content geared towards educating people about Linux and open source. Having said that I feel I need to correct/clarify a couple points you mentioned. And just so no one thinks I don't know what I am talking about. I have used and tested MANY flavors of Linux for over 20 years, since the Red hat 8 days. I have also worked in IT for most of that time, 10 years of which I did IT security for a number of private companies as well as for the Department of Health and Human Services. So the first point is, when you said there isn't a lot of malware for Linux. There is actually quite a bit of malware for Linux. I agree, not as much as for Windows but, still quite a lot. The reason has to do with my second clarification/correction. This one is one I wish more content creators would read up on and mention in their videos but, they don't. The issue is, while yes, only about 2% of the desktop market uses Linux, that is not the whole picture. The fact of the matter is that 76%+ of the internet is run on Linux servers and a huge number of companies also use Linux servers. For example, the financial industry relies heavily on Linux because it is so secure. Another one is Disney and Pixar that converted almost all of there graphic design and rendering servers over to Linux back in 2003 I believe, just to name some examples. Hackers know this, so a lot of malware has been developed for Linux. However, a significant portion of the malware for Linux in the wild requires user interaction in order to gain root permissions so it can actually do anything on a Linux system. In addition, some of the malware out there is just beta software that was developed by hackers and companies that wanted to see what was possible on Linux and a lot of these were eventually abandoned because the way Linux is setup prevented them from actually successfully infecting any Linux systems and being able to execute their payload. This is also the reason many anti-malware companies actually have versions of there software for Linux. Companies and governments need it to help keep their systems secure. The only reason most of these companies, like Norton and McAfee, don't sell the Linux versions of their software to the general public is because there isn't enough of a profit incentive to do so.

But the same logic can apply for advance Windows users who know what they are doing and check the software they install. To install software on WIndows it must have valid certificate or the SmartScreen will inform you about the mistake you are about to make. Any app that require more Administrative permissions will ask you to give such. Also there is Memory integrity feature for the code running in the kernel. It's mostly the user that makes it vulnerable. Of course you must trust MS nowadays that they patch it right on time and that won't break the system. The real beauty of Linux is control and privacy.

Thank you. 🎖🎖🎖

Could you please do a video about hardening gentoo on 2020?

Good video.

MacOS and Windows10 appear to have per-app folder access permissions. i.e. program X has access to Documents/. (Mac: Privacy and Security > Privacy > Files and Folders, Win10 Privacy > App Permissions > Documents). Is this a drawback for Linux? If I install somehow install a malicious program, or install a bad Python package, or install a bad npm package (i.e. via typosquatting), does Linux offer much protection for my personal files?

oh ye thats a classy one i remember loading fraps waaaaaay back in 2009 on windows xp from a sketchy site and got trojan it triggered when i was playing warhammer online something something reckoning i was unable to switch keyboard layout i rebooted, and realized that my PC is bricked but i did had an antivirus software that was able to neutralize this thing so nothing was lost i just rebooted one more time and all was good

I have the doubt, what about third party binaries, deb/rpm/run/sh when you can't find the program you need and have to download from a different source than the distro repositories. I know they need sudo root permissions to do their thing (if it is malware), but as an admin of my system, I constantly face this cause not all programs I need are available on the distro's repos or PPA's

4:50 - I wish there was FOSS windows store / package manager, allowing in only FOSS

I don't know if you purposely do this, and when you think about it, it's not weird at all, but I kinda get a kick out of you calling it "The macOS" instead of just macOS.

Makes sense

9:54 “he doesn’t exist, he’s just an extension of your mind”

I don't know if secure is the word I'd use. According to several security websites, Linux can actually be a hassle to harden in regards to the kernel and so forth.

Thoughts on BSD?

When you are connected to some device as 'group' or 'other' user and you have 'r' permission, just cat the file to your own and execute. That might be a flaw.

Tux in armor makes me happy!

While i late for party i still cant agree with file permission part. On Windows you can have much more granular file permission control, including execution. Its requires some tinkering, true, but its very possible.

1:59 May, 2014. lazy... one more problem at 6:21 . no further explanation on what software repositories are. from the context it is understood they are deployed by someone who has this authority and they are being kept online by a p2p network.(i dont know how repository works) but you never explain in in this video

Winux is a special breed, it can infect both Windows and Linux (a Winux on a Windows system also tries to infect ELFs that they have on the system for some reason aside from EXEs and vice versa).

This is all true, but there definitely are people who write malware for Linux, they aren't aiming that malware at the masses though, they target server farms and cloud services which almost all run on a Linux backend.

@2:01 that sure is an old graph, windows 10 didn't even exist yet

The biggest problems with MacOS and Windows is that they are already compromised before you even buy them because their respective vendors have full control over the systems. GNU/Linux has a similar problem but due to being open source to a lesser extend.

GNU/Linux is safer because not any human could hurt a cute penguin like Tux

I thought you shouldn't use 3rd-party repositories, because they can cause many problems?

forgetting OpenBSD?

On Windows, programs with administrative privileges can easily install new trusted root certificates without the user knowing about it

It's not the most secure OS. That's OpenBSD.

What is the name of that linux distro from 6:22 ?

Linux is way more secure than Windows & MacOS. But even more secure is BSD. However, I'm still primarily a Linux user, & in my opinion, Slackware is the most secure. I avoid popular distros such as Red Hat mainly because they're likely to have as many backdoors as Windows does. If the Government is using a particular Linux distro, you can almost be sure the Government can intrude on privacy.

Yeah, it might be the most secure, but it's still NOT 100% secure. You know what they say, pretty much no man-made software is impenetrable and almost always has bugs. If it takes user input, it can be hacked. If it's connected to the internet and accepts data from there, it can be hacked.

Can you put Linux onto a Mac or do you have to buy a Linux laptop?

If one gets attacked by malware made in China, is it supposed to be called Maoware? ;*[} You break it down so clearly in this episode, I'm going to recommend it to friends that are less tech savvy - ganbei!

Linux's access control is only on par with Window's access control unless app armor is configured.

there is also selinux to make permission better

What the, around 8 minutes into this there is a lot of background pan / scrap metal rattling that can be heard :D

Open source means more eyes on the code.

- smaller marketshare -> less people to hack - has a standard secure way to install applications and packages - open source kernel, so the bugs and abuses can also be found and fixed by the community there

I know Richard stahlman would be very happy you always say gnu/Linux giving them credit bc Linux was just the kernel

Hey bro, I found your channel recently and have really been enjoying your content. But I have to tell you, once you started comparing GNU/Linux file permissions to Windows - just had to say something! You've got it all backwards. GNU/Linux permissions are woefully inadequate when stacked up against an NTFS ACL. The ACL's in Windows are so granular and offer so much power that Microsoft developed the Security Descriptor Language (SDL) to allow applications and developers express or consume an ACL in a regular, condensed form. Not only are the individual file permissions more granular (with things like allowing read access for a directory and write access only on files you created), but an NTFS ACL will evaluate *nested* group memberships for both local and Active Directory groups - this is just not possible in GNU/Linux. As for security - what's the default home directory permissions on a fresh install of Ubuntu? 😉

hummm thing is you could find some malware for Linux since MOST servers run Linux. Also, even with only bash and Linux kernel, you could get sources from git and get every thing else then :3

On Windows, always try to download the program from the official site.

Very useful im an old script kiddie ill never be a professional

I remember i was 12 and wrote my first "virus" on linux and wanted to run it on windows remember my disapontment when nothing worked

hi - a debian user i use arch now btw

Oh man, speaking of script kiddies, remember Back Orifice from Cult of the Dead Cow? I used it swipe login and PW for the school internet back in 99. Good shit.

The difference between Linux and Windows is Linux shines and Windows glows

linux is the most secure environment because nothing works not even the viruses not the scripts nothing sometimes not even the sys calls work so no need to worry about it BUT in case you suspect anything just change the distro or kernel it wont work for sure if it still budges try pulling out some of the modules like kvm and you set

Just because something is open source does NOT make it secure. In fact, there generally are far fewer eyes on the software because everyone just assumes the software is secure. And the vast majority of open source projects are maintained by 1-3 core developers with the occasional patch here and there from others. Whereas most commercial software is maintained by a team of well-paid devs (not to say that is a better model). Bugs lurk for years to decades in projects until a fresh set of eyes shows up and goes, "Hey...I think I spotted something suspicious here." The one lead dev never noticed it because they've stared at the code for the entire time and no one else noticed. When it is a critical system service, it usually makes the news but Linux applications have new vulnerabilities discovered all the time. They get patched, everyone updates, but the vulnerabilities exist.

May i correct you, python code doesn't need x persions unless you are ./ it