All the comments about Linux on this video are completely missing the point: The average user idea of "malware being something you click on while browsing" is a very limited view of malware and largely obsolete in various fields of cybersecurity. Most cyber threat actors today don't think in terms of a specific OS, rather a specific target or target group and tailor their techniques to whatever platform is relevant.
Most viewers, seeing your video are convinced you are talking about Linux Desktop OS, especially that you show examples of running malware on it, which is unrealistic scenario in most cases. I'm afraid, you just confused people with this video, because there are too many generalizations and claims from the perspective that viewers won't understand at all. Just consider the title alone: Windows vs. Linux. Windows is a desktop OS mainly. It is used on servers, but most people in the world use it as a desktop system, so people are automatically assume Windows Desktop OS vs. Linux Desktop OS, because that is what they see or what is tangible. Servers are too esoteric for users, although they dominate. A great idea for the video would be: what are the common attack vectors or methods to get malware on desktop platforms (excluding phishing, because you don't need malware to get someone's credentials), so for example, what an average user on Windows does that infects PC and if there is a comparable situation on Linux.
The real problem I expect will bite linux in the ass sooner than later is targeting repositories that gain trust - unverified flatpaks/snaps etc, ppas, compromising the supply chain particularly in frequently updated cases where the average user has no idea who the maintainer behind a given port or even from the source are. This is a vector that can take place directly in the end user software manager for whichever distro. You need only compromise any of these points and you hit a significant part of the market and just because source often can be read doesn't mean someone will necessarily read or understand, in time. This surface certainly isn't better than what can happen on Windows. The xz issue is just a sliver of what could happen on this track and greater attention on linux will multiply the vigilance required at all levels.
@@ShadowOfTheSPQR Yes, that comes with the territory of being popular, so in a way, that is a good thing, because it will mean that Linux reached the certain threshold. With malware, companies' interest start to grow, more money, better quality apps ported, etc. So maybe we get serious antivirus apps for desktop Linux - not that I would miss it, but that's the possible future.
@@michadybczak4862 I'd rather the OS be configured sanely than put my trust in a third party, which is really the problem on windows - defender, good practice and some hardening go miles ahead of any of its av offerings. But hey. When linux is large enough for this to be a serious conversation it'll be interesting times indeed. I'd look forward to other porting for sure...
@@michadybczak4862 Even the available ones of av i won't use. And because the malware game is ever changing. Its more about your data online than whats on your local device. I mean sure, that too, but bad actors targets where there is valuable data. Gone are the day where clicking file destroys your system. Its more of ransomware give money or else its leaked or erased or whatever. Look at android and ios. your life is practically on these devices so these bad actors would want of piece of that data pie too. Google is not doing a good of a job of curbing malicious apps from its play store. Apple is a hit or miss but its been compromised too.
One thing that has always stuck with me in my career in IT is that "the issue lies between the chair and the keyboard." Human error is the biggest cause of malware infection going. It should be compulsory to teach kids and even adults the importance of staying safe online.
When I used to be an Avionics Technician, many moons ago. We called the pilots the SeatCyclic Sloppy Link. for much the same reason, most problems start with the user.
@@NeptuneSega It might also be short for Unix, which i heard Linux is based on (I am not a Linux professional don't take my word at face value, also I heard Mac OS is also based on Unix)
@@celestialsylveon6453 the right things to say about is, is Linux *was* based on unix. In fact it was greatly *inspired* by unix, then unix became a standard in some ways, that Linux still fufills.
@@rizkyadiyanto7922no he’s being a smartass saying every distro or a package manager other than NixOS is inferior. These NixOS worshippers are getting more annoying day by day
Debian the most vulnerability? That site put all Debian release from 1993 up to today in the same basket which is stupid. There is 12 release of Debian so if they split the vulnerability on each release, it still way much less vulnerability than Windows 10.
1:54 This ranking list is SO misleading. Debian Linux is a huge project which ships tens of thousands of software packages including Firefox and Chrome browsers, LibreOffice, server stuff like Apache web server, SQL databases etc. -- of course it will have more vulnerabilities *in total* compared to just bare Windows without any 3rd-party software. If you want valid comparison you should install both in a similar configuration, and then do weighted sum of discovered vulnerabilities in installed software for both for e.g. one year, where weight will be severity of that vulnerability.
A default windows installation comes with all that too! OK, some of it has to be added via Add/Remove Windows Features, but it all still exists and contains vulnerabilities that need patching.
That's not even the point. That list is showing "generic" Debian, or Android (mixing up all versions). For windows, they are separating Win10, Win11, Win8, Win7... If you were to add all the numbers for different versions of windows, it would be much higher number than any other OS on the list
@@davidadams421No. A default Windows does not come with all that. Windows comes with MS Edge; debian repos contain many browsers. Windows has cmd prompt and powershell; debian repos have many many shells available. Windows does not come with Office; debian repos have a few office suites. Windows does not come with DB servers, a variety of web servers, a LaTeX system, compilers for dozens of programming languages, 1000s of command line tools. Windows may have a few 100 dlls, debian repos probably have 1000s of libraries. If some rare 3rd party graph editor has some vulnerability, and it gets patched, also the Debian package will get a "security fix"; on Windows it would just be an unrelated external tool on some 3rd party site, irrelevant to the Windows security statistics. So, no, they don't compare.
@mcdazz2011 It ships with Edge, Microsoft Office (time limited demo), IIS and various flavours of SQL Server e.g. windows search - all comparable features, all of which have vulnerabilities.
I really expected better... But here we go: - 00:51 Nobody on Linux downloads random executables, we have Software Repositories. - 00:51 Server/IOT virus, much harder to come by as a desktop user with a functioning brain. - 01:38 We also have Flatpaks, which make ransomware completely powerless ;) - 01:58 List sums up Linux, but seperates Windows. In total, Windows has more vulnerabilities. - 01:58 Linux is Open Source, so people find vulnerabilities by just browsing its code, not by exploiting it. You didn't give a comparison, you gave a rant. Here's something this video should've been: - Windows users get viruses by just trying to download a web browser, Linux users need a global scale data breach.
@@tsukuyomin Mind the "Random" in "Random Executables". Only time I run a command like that was to install a PiHole DNS server. If PiHole was not trustworthy, the world would implode. Also, Bash scripts are a bit easier to read than .exe's you know.
@@TakumoZero Yeah they do bro. It's almost a necessity on windows. I assure you the average user has never heard of winget. It's gonna be a lot harder to convince a linux user to run some random executable than a windows user.
2:15 kind of a bad point... "debian linux" and "android" include years and years of versions of those operating systems, while windows is split up into aaaall its many different versions.
also worth taking into account is that Debian, Fedora and the Linux Kernel are under constant scrutiny by the millions of companies that rely on these systems to survive said scrutiny is comparatively smaller for consumer OSs you can even see this in Windows too; notice how Windows Server is higher up on the list than most other Windows releases
Also, Windows is closed source, and as a result many vulnerabilities will not be found. Additionally, how can we be sure that all will be disclosed when they are found internally?
@@LimonSqueeZexactly.. You hit the nail on the head here and many ppl aren't able to think that thoroughly or logically. When the code is wide open there's always gonna be issues found at times cuz of human error and unlike Windows.. Linux patches it nearly immediately.. But as in the case of Windows.. You can't fix what you can't see lol there are 10000x more eyes on Linux code and M$ isn't gonna make much of anything public as it's closed source and a money making business. Nevermind the telemetry data collection and recordings of everything you do is sent up stream and the backdoors they have purposely implemented for certain 3 letter agencies to use "for security" reasons and don't think they can't be found and exploited by ppl. All of this surveillance running 24/7 that windows does has an impact on performance even before you install an antivirus. But fanboys don't think objectively and they wear a blindfold to the one they are biased towards and defend the one that they favor even if they have to skew facts to support their own beliefs.
Most people who use desktop Linux aren't worried about being targeted by malware, they want a clean operating system that isn't loaded with Windows pre-shipped spyware. The attack surface of Windows is simply larger when it comes to all of the unknown proprietary processes and telemetry running in the background. Especially after the Copilot+PCs start ending up in everyone's hands. You can defend your spyware box all you want, it doesn't change the fact you have no idea what all is actually running on your computer.
@@johnnyxp64 That's not true. You don't even know what 'everything' is. There's a bunch of processes that run in the background you know nothing about. There's no info available about what these do, when they communicate with MS or whomever the com is encrypted. You may try analyzing binaries, but good luck with that.
No offense but the cvedetails is misleading! Example Debian: Debian leads the charts because 114 versions are grouped under "Debian Linux", while Windows 10 is only Windows 10 and it's updates. Also do security holes in 3rd party software count as Debian vulnerabilities, because they are in the repository. Example Debian --> Debian Linux ---> 10.0 ---> CVE-2024-20952: Oracle Java SE, Oracle GraalVM for JDK. If cvedetails would group all Windows versions from Windows for Workgroups till Windows 11 together including all updates and 3rd party software, then Windows would be the leader. Windows XP SP2 had finally a firewall but the default user was still admin, so insecure. Meanwhile Linux/Unix had proper multi-user with ACL, ASLR, MAC (SELinux, AppArmor, TOYOMO), grsecurity etc Microsoft started the whole UAC, ASLR, MIC stuff with Vista. IMHO malware is still rare under Linux compare to Windows.
I honestly thought people were just being funny with the video because he was insulting their OS of choice, but this comment gives a ton of insight. Linux really should have been split up at some point, because virtually no CVE from 20 years ago will apply today
Another couple of additions to your point. Ubuntu, Linux Mint and a number of other distros are derivatives of Debian, so there are likely CVEs that mention those under multiple flavors. And if every distro listed has CVEs for the Linux Kernel, every one is listed multiple times in the database. All of the code used in most of these distros, especially Debian, is open for anyone to read and analyze, not so for Windows.
People, you really, really need to listen semetimes. Our guest did'nt say Debian was less secure than Windows. Listen again: he doesn't. He was trying to make a point. To show that being on Linux is not a failsafe security in and by itself and that user shouldn't feel they are safe whatever they do, just because they run a linux system. On any computer, on any OS, the worst vulnerabilty is always in the chair/keyboard interface.
Theoretically, no OS is secure, as malware can target any system. However, despite statistics showing that malware can be successful on Linux, we rarely hear complaints or see much drama and victims from Linux users. This discrepancy suggests a gap between statistical data and real-world experience.
Definitely. A better way to judge is to see statistics on attacks not on malwares made targeting a specific platform. You can program infinite malwares but if they didn't do much damage in the desktop scene it shouldn't count. I've used both systems for years and I got infected 3 times on Windows and 0 times on Linux.
Or.. Linux users which by themselves already hate comfort by being such terminal geek, are more aware of potential cyber security than normal joe people
@@urip_zukoharjo terminal saves you a lot of time, you can automate a lot of clicks and manual labor. so they work smarter not harder. unlike most windows users.
@@greypsyche5255 True but windows users makes the technology of computers more accessible to the public which ofc have some downsides and that major downside is that hackers targets windows more due to that OS vulnerabilities and the amoung of people who are using Windows.
My (sysadmin for several schools) real-world experience says: For non-technical users (desktop) Linux is a solution to the malware problem, which includes not only malware but also malware protection software. Linux servers have open ports that make them vulnerable to attacks. The usual way of getting malware (clicking on, or installing something) simply is a no concern on Linux, at least for now. One school even decided to give the students full access to the laptops, and while some managed to break the OS (mostly by deleting some file/package or misconfiguration), we never had an issue with malware so far.
How did your dept. and users handle the transition? I work in K-12 IT. I've always been curious how the transition from Windows to linux would be for our staff. We have over 1000 staff members. A good chunk of them are tech illiterate and others will adapt fairly easy. But others would struggle so hard with moving to a radically different looking computer system.
@@JJFlores197 The teachers are just happy that the computers are working reliable and without regular messages about malware and promotions. They are only using the Web browser and Libreoffice. Luckily Libreoffice's compatibility with MS documents got very good lately. It's just important to have all the MS fonts installed. The teachers felt more comfortable with a taskbar like in Windows. So I installed the extension dash-to-panel in Gnome. In the administration, we cannot switch entirely to Linux because we have a tailored DB (Linear) which requires MS-Office to export data in a table. It only does so as XLSX file and before doing so, it checks the registry if MS-Office is installed. When I asked the developer why this is necessary, he just referred to the contract we signed when we purchased their product. I believe they have some contract with MS that forces them to do it. The students don't care to much except when they have to work with Libreoffice. They absolutely don't like the default GUI, but are very happy with the tabbed view (ribbons). One just has to show them how to switch.
@@rice5817 In my experience, a taskbar is enough for most Windows users to feel comfortable. For that, I'm installing the extension dash-to-panel in Gnome.
It make sense to see more vulnerabilities reported on linux, it's opensource, more eyes on the code = more reports... I do not trust close source OS no more, especially corporation distributed OS... Another thing, the world runs on linux, all the servers and most home devices are linux based, so ofc it makes sense to have a linux bot net... Linux users are more tech literate than windows on average making infection less likely to happen.
@@AesaraB if you take part of a quote out of context, you can make most anything sound bad or ridiculous... but you are correct that complacency that will get you.
@@AesaraB "p..e..n..i..s" with the p from "happens", the e from "happens", the n from "and", the i from "if", and the s from "gets". see? i can make you say ANYTHING given enough text. Don't cherrypick.
1:55 Why are different versions of Windows separate entries? Other operating systems aren't grouped by major versions and it's not like they develop new major versions of Windows from scratch. What I want to see is all of the Windows versions grouped together and removing duplicate vulnerabilities that affected multiple versions.
because old versions get no updates. Windows 7's support was ended, so if a vulnerability is found it never gets fixed but lots of people still use that version of windows. Windows 7 and Windows 10 are COMPLETELY different. The reason the list does not include all updates is because youd have to also list every single update ever to a singular windows version to be fair to the thousands of debian linux versions. Windows 7 is practically a separate OS.
Listing different versions of Windows seems like a nice way to minimize the totality of Windows issues. Which of the 19 versions of Debian is being addressed in the chart, or is it all of them, going back to 1996?
@renpnal229 I'd assume it's due to the end of life support on those versions that means that don't get security patches past that date leaving "newer" vulnerabilities unaddressed. For Linux, it's worth mentioning that it's a all different "beast" as security patches is somewhat "harder" to address, specially for production servers, as security patches that could update/change the kernel of the OS could impact all dependencies and brake everything (same applies to Windows but it's somewhat less impactful). @rgavel The specific vulnerability is usually specified with the impacted version. I'm assuming that having multiple flavors of Debian on the wild does bring this number to be as high as it is.
@@Dim.inished only the interface of windows 7 and windows 10 are completly different, the system apis are pretty similar, unless you count the amount of added layers for stupid devs in windows 10 or microsoft dick sucking services apis as a change of the system. It's only added mandatory bloat and background services, the core working of the OS is not that different. And it still have to retain most of its architecture, like the NT file system.
@@amarodsvokay, fair enough. What about macOS being grouped together then? They have like 22 different versions by now, pretty sure if they were split up, not a single one of them would even make it to top 25.
Yes, Linux malware exists and yes, Linux users need to be worried about it but it's not as prevalent and it generally requires more interference to get it to work. Desktop Linux is largely a harder target to hit than desktop Windows. Especially with more and more distributions shipping with app armor policies or modern SE Linux policies which help prevent unauthorized access to critical parts of the system. Desktop Linux distributions are also often now requiring passwords to be put on the super user account which used to not be required and would result in a fairly easy privilege escalation as long as you knew what you were doing. And in general we have seen a push from both canonical and red hat to start shipping distributions in a baseline secure mode with some flexibility to increase the amount of hardening that can be done. Essentially, the current best practice is to ship a distribution in a state that is hardened but not inconvenient so the distribution shouldn't get too in the way of the user, but it should also not allow excessively dangerous operations. Also, a major point on the lack of variety for Linux malware is just the smaller attack surface. There's not as many users on Linux that can be directly attacked which is why we see the botnets that target iot devices which are often not as secure as the desktop distributions. I am curious as to how anyrun setup their Ubuntu VM because at worst an encrypt and wipe program should only be able to hit the home folder.
not to mention, the general Linux user is tech savvier compared to the average Windows bob, so raised suspicion from the end user is very critical in such an assessment. And this suspicion already starts at the "allow notifications from corn site" level, which is non-existent in elder folk especially.
I'd like to also mention that because of the very nature of Linux being FOSS, not only less malwares gets released on repos but we also have a quicker response when a CVE is discovered. - XZ backdoor wasn't even released yet that it got patched. - Log4J took less than a week before it got patched. Windows on the other hand... Not only you have to wait for Microsoft to release the security update, it might not even patch your system's vulnerability nor the latest windows CVE discovered.
@@Ryuuzaki145 Added that the XZ backdoor was found because a Microsoft employee and developer of PostgreSQL regularly monitored performance on his Debian Sid system.
@@DoltonI This channel OP is a troll compare to Britec09 he turn new leaf even they're both the same. Something like this Britec09 already say long ago This OP is just yet another Linux hater channel but Britec09 is far better he make linux tutorial vdo and neutral at least.
This. He describes as if we got all packages installed in our system and not as if Linux distros were modular, he treats it entirely monolithic like Windows is, and also as if Windows don't keep most of their vulnerabilites confidential
Honestly, the main security advantage of Linux that I see is that you aren't encouraged to go and download apps from random websites. The system itself is of course vulnerable, it's not like no one make mistakes writing code (or just doesn't realize the security implications of something) just because they write Linux software. I think one of the best way an OS can keep you safe is by just making it as convenient as possible to do the secure thing, and by being vigilant when it comes to vulnerabilities. The reason I think it's important that being secure is convenient is because otherwise, some people will start to circumvent the security because it's inconvenient. If it's convenient, fewer will probably do that.
obviously Linux has its own share of Malware , Viruses and Vulnerabilities , but the reason why i trust it more than Windows is because i trust the developers and the community to take feedback and patch things ASAP (this platform gets updates every 2 weeks or so). where as Windows is trying to actively Spy on me themselves. (not to say there aren't Linux distros that don't do spying and ads *cough* Ubuntu *cough*) also with Desktop Linux there's less chances of getting your apps from shady sites , you get them mostly from trusted repositories. (be it from developers or things like flatpak) overall this is precisely why i plan on being mainly a Linux user. especially with the newer rig i have in mind given Gaming has gotten so much better on it as well... once more apps and compatibility comes to Linux , i'll say goodbye to Dualbooting.
Generally speaking, the larger the FOSS community, the quicker they can patch the vulnerabilities. Unfortunately, many communities that grew big fell into the spiral of ens*ittification, whether it's doing the spying (Audacity comes into mind) or devs being hostile (GIMP). Make no mistake, I still trusted FOSS more than proprietary software in most cases, but there's a trap out there that makes a community loses its touch in the delicate balance between privacy, security, and outreach/helpfulness.
@@maxk109 snap not only proprietary it's updates automatically, bloat lsblk output (because it's using loop devices to work and keep old versions of packages installed). But canonical also forces all ubuntu flavours to use snaps also deleted same packages like firefox from repos and added so called transition packages that install snap versions of such applications.
@@GeorgeG-is6ov Depends what you want, if you have very new hardware, make sure to nab the edge ISO. KDE neon, or debian desktop are also good choices, though debian isn't the easiest to download due to poor website design
In default, baseline configuration Linux is still going to be more secure but I get your point. I have yet to come across a home user whose single windows account is NOT a local adminstrator (root).
Whataboutism. Linux, Unix and BSD where all made for networks and multiple users. DOS and Windows was not. A lot of the issues with Windows comes from the single user "if it compiles, sell it" background. The open source products will have a lot more vulnerabilities discovered and fixed than closed source. We cannot really know how many vulnerabilities are even exploited daily in closed source products. No system is immune, and since Linux is so much more common there will of course be a huge number of unpatched, unmanaged vulnerable systems. But as a system developer, if I was tasked with setting up any critical system, I would definitely go for something other than Windows every time. For gaming though, windows is still king.
Well the gaming thing is not a Windows vs Linux thing persee......It's just that game devs want the most amount of money and they taget Windows for that, and in the case of AC wich is the biggest hurde for Linux in gaming today is because game devs can install rootkits on windows computers without fuss, that's not as easy to do on Linux since security triumph greedycorp rootkit spread.
Yes, cyber security is not a Windows problem but I have some comments I want to make: 1- when you show the all time leaders you forgot to mention Windows Server 2016, which is at #6 on the list, although in this case the comment you made was not malware related but vulnerabilities related 2- Mirai is a worm that uses brute force and password spray attacks, when it finds a device with user and password by default it gets root level control over the device so it isn't directed at desktop users, the main focus of this channel, because desktop users' passwords should represent a bigger challenge 3- when you execute the linux ransomeware example you either had to give execution permisions or it was using an PrivEsc exploit, if you execute a an ELF file the shell won't do anything unless you use 'chmod +x file' first
I'm not a security or system admin, but the guys in my firm that do that work say that Windows keeps them up at night. There are a lot of places for malware to hide in Windows like task scheduler, services, RunOnce, etc... But, they say Linux is easier to audit and lockdown with things like systemd and selinux.
I don't know about systemd being easier to lock down or audit lol, that's what people have had an issue with in comparison to other init systems, though systemd is much much more than just an init system. Convenience comes with a cost attached.
You use them every day. Linux just doesn't have the concept of file extensions as file types. You can find out the type of a file using "file", e.g. "file /bin/bash"
ELF is format for binary executables on linux. You didn't know this because on linux executable files doesn't need to have any extension. You can use file command to check it out. For example $ file /usr/bin/ping /usr/bin/ping: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=d9e8ab66f132133ffd715a85a18a9f7883773a2f, for GNU/Linux 3.2.0, stripped Or check file header with hexdump $ hexdump -C /usr/bin/ping | head -n 1 00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
You have, just they don't usually end in .elf. Here's some examples of ELF files that you do have: bash, sudo, cat, ls, grep, sed, xorg, man, and ping. I bet you have all of these, and all of them are ELF files.
depends on the distro and the package maintainers. If your using a niche distro with much more loose rules on packaging/security not really but if you use something like debian/fedora/opensuse where the repos tend to fall under much closer scrutiny and they have well defined packaging guidelines and the bar for being a maintainer is higher then yes
Depends how hard it is to get malware into the package manager, the XZ exploit was really close to backdooring a whole lot of systems. I've recently run into Ren'Py visual novels and games being used to spread malware on both Windows and Linux, so it's not like there aren't avenues outside of package managers as well.
This video is kinda missing the point tbh. The reason Linux is so much more secure than Windows is not because it doesn't have malware (as you've illustrated, it does). The reason is that Linux very heavily encourages you to install software from trusted sources only (the distro's package repos, flathub, etc.) as opposed to downloading & running random executables from the web. Simply the act of "getting in" on Linux is much more difficult than on Windows, because Linux users aren't conditioned to executing random files. On SELinux-enabled distros like Fedora, even hijacked programs are very much limited in what they can do (e.g. you opened a malicious document in your text editor), due to the way the rules are set up there.
But.... Windows wants to lock you down to using their store now, but apparently can't be trusted to even check the submitted software carefully. Apple has the same problem, as does Google.
Moral of the story: don't download random shit of the internet, always look for official and trusted source which linux always does better and makes easy to do.
I spoke to a friend the other day who said no one makes malware for Linux Systems and didn't want to protect his file server, it got infected with a ransomware type virus about a day later.
The number of vulnerabilities listed here 1:52 is not really comparable at all. First of all, open source projects such as Linux, Chrome and Firefox (all in top 15) are pretty much always reporting security fixes. Microsoft does not, they're developing their OS and software behind the curtain and only report issues when they have to. So the number of vulnerabilities is completely meaningless and only makes sense for comparing the popularity and complexity of open source projects, not proprietary software like Windows. I mean, Chrome seems to be 10% more vulnerable to exploits than Windows 10, but we all know that's not true. One is a web browser which runs on user-level, one is an entire operating system. And Debian linux having 9000 reported issues compared to Fedora's 5000 doesn't mean that Fedora is more secure. It just shows that Debian is by far the most popular distribution. Secondly, "Debian", "Fedora", "Linux kernel" and other Linux entires represent all versions of those systems, while Windows is split between "Server 2016", "10", "11", "XP", "Vista" etc. Debian 9 is by far the most vulnerable version and it has 4000 vulnerabilities, not 9000. So it's pretty much like Windows 10, except it's not underreporting security issues. If you group all Windows versions you get over 20'000 vulnerabilities. The main reasons why Linux is thought to be more secure (for an average user): - Windows users historically always used admin accounts instead of separate non-admin accs, while Linux users would be given a non-root account by default. You'll get severely infected a lot easier if you have admin/root access. - Linux updates will update everything. The system itself, system software, drivers, and all your user software. Windows only updates the system and not your applications (and often not even your drivers). So the user is left to manually update each app, which users usually won't do. Often it's not the Windows OS that's vulnerable, it's a 3rd party program which the user assumed to be safe even though it hasn't been updated in months or years. - Linux has always had a concept of "App stores" aka repositories so the users are not forced to hunt down executables/installers on the internet. Meanwhile Windows users Google "VLC installer", "CCleaner download" or "OBS installer" and are often tricked into clicking a link to a malicious version of the app they're searching for (happened for all 3 of these programs, not so long ago). This pitfall is almost entirely eliminated on Linux as you're always using software provided directly by your distribution maintainers (which you trust since you're using their OS), or you're using software provided by directly by developers or trusted parties if using Flatpak/Flathub. No matter which system you use, be it Linux, Windows or Mac, you will only be secure if you keep your system and software up-to-date. This is why routers and IoT devices are most vulnerable, they almost never apply updates unless they're specifically running a Linux distro like Fedora or Ubuntu which have versions with forced automatic updates which don't need user interaction at all. For desktop users, as long as you keep applying updates and don't manually run malicious software/scripts you'll be fine. Windows just gives users more pitfalls to fall into when it comes to this. If you're using Windows 10/11, never turn off Windows Defender, it's probably the best thing Microsoft has done for security on Windows since the Firewall and UAC (and always install security updates ofc).
I hate to disagree those numbers seem a bit suspect to me mainly because I'm not sure what versions they are talking about I mean if you go from Windows 95 to 11 Windows will be much higher than anyone else I'd bet. On top of that the OS that's the most popular will be the biggest target for malware and windows for now is still the one. So while Linux isn't perfect it's still way better than windows when it comes to this sort of thing.
Prove it. Find 1,000 Linux malware samples and execute them as a normal user on a desktop Linux distribution like you do in your Windows videos. Make it a fair like for like comparison between Windows and Linux desktop. I've never seen or heard of anyone doing that before.
I think it's worth noting too that most linux users wont need to download many apps from 3rd party websites, as most software are available in official repos and flatpaks (Which are very secure due to sandboxing) It is simply a lot harder to get a malware onto something within the official distro's repos, though it is still possible (As we saw with the XZ backdoor)
@@user-ks1oh2wx6o That's true, but there are malware delivery methods that don't involve the user intentionally downloading and installing programs from random websites - e.g. emailing malicious attachments or drive-by download attacks.
TempleOS is hands down the most secure OS out there. Its simple, 100,000-line codebase and operation in 64-bit ring-0 make it nearly impossible to hack. Plus, with no network support, it's immune to remote attacks. Your data has never been safer!
Every OS is capable of running malware but WINDOWS is malware. Linux uses file permissions and user permissions so it is more secure. I have never seen linux malware in the wild.
@@nadtz Windows has it but it is not enforced. You can download any file from anywhere and run it. I don't get the datacenter jibe. Windows OS is designed to spy and keylog you, enjoy. When I download stuff on Linux I have to change its permissions to run it. Crap may get on my machine but it cannot run. There is superusr at the top level. The REAL superuser on windows is owned and controlled by M$. It has the highest privilege. You do not fully control a windows machine.
@@tiomkinnyborg2289 "Windows has it but it is not enforced. " This is incorrect. Yes a user can download an exe from anywhere, that is not the same as windows not having/using user and file permissions. The problem is your average home user is using an admin account because a standard user wouldn't be able to get anything done. "I don't get the datacenter jibe." I'm sure. I'm not saying windows is somehow better or more secure, but when you make incorrect claims expect to be corrected.
@@nadtz So a person is infected by a virus on windows and the virus stops dead because it cannot infect every file on that machine? I have seen a virus tag every file in the system. But hey, you keep 'correcting me'. Ransomware is a myth. Enjoy your secure and non spyware windows. Thanks for the correction dad. I'll stick with linux. Why defend a trash OS you sheep.
Great video, but why do you show, as many others, the simplistic comparison between all vulnerabilities detected on Debian vs. separate Windows version? This doesn't make sense. It would be more fair to compare Debian to a total sum of all Windows version (possibly minus common vulnerabilities), and then Windows would be high on top. Also, what Linux desktop users should do in that case? How should they protect themselves? Is there such a need for desktop users?
Just the other day when i was researching Antiviruses for Linux, I said to myself, gosh I wonder why The PC Security Channel hasnt reviewed any of the Linux AV's. I would love if you cover more Linux topics and how to stay safe on Linux as well, including Linux AV's and Linux firewall options as well as how they work. I think it would be very helpful especially for Arch users who want to download everything in the AUR. Thanks!
Idk what to say about the AUR besides just don't. If you want app availability use debian, or an RPM based distro like OpenSUSE or Fedora, or Alma linux.
@@nou712for app availability you actually want Nixpkgs which is the largest repository (in terms of packages and up to date packages) in the Linux world (even beating the AUR)
The biggest threat to any system is, and will always be, the user. It's impossible to make a system 100% secure unless you unplug it from all networks. However, while Linux is not immune to malware, several factors make it more secure for end users compared to Windows: Market Share: Windows has a larger market share, making it a more attractive target for attackers. User Privileges: Windows typically gives users full administrator access by default, while Linux does not. Bloatware and Spyware: bloatware and spyware that often run in the background on Windows, not on Linux. Proprietary Software: Windows uses more proprietary software, whereas Linux's open-source nature makes it more secure because everyone has access to the source code. Package Management: Linux distributions have package managers that allow users to install software without needing to search online. These packages are maintained by the distribution and regularly updated. Sandboxing: Snap and Flatpak apps in Linux run in sandboxes with their own runtimes, enhancing security. While Windows prioritizes convenience, this often comes at the cost of security.
One error i should point out in this video is that: On Windows, You don't need to download extra package to run Malware, bloatware, AI surveillance-ware. Because Micro$oft already pre-installed for you
The problem with malware on linux is that, since there are things like package managers, a lot of the ways a basic desktop user would be compromised are gone.
@mcdazz2011 In the most overwhealming majority of cases it does require interaction. You browsing the website and getting code executed on your machine from a website required your interaction to begin with. If we talk about phones, in that case it is typically different. ISP's have full access to your phone anyway and can do anything with the IMEI code.
Got a question for you. Is there a need for antivirus on Linux, or are other security experts correct in saying it just creates another attack vector that can bypass the user authorization for install?
Antivirus on Linux could be useful in case where you store a lot of files. However, the most common vector for Linux malwares are misconfiguration and supply-chain attacks, so it isn't a big issue if you're just a normal user browsing, playing games, doing work. Maybe throw stuff in sandbox, like Flatpak does, and keep up with the news, but that's it.
I thought this video will show a common mistake that a linux user would do to get a malware or virus. This video is like saying iphone can get a malware too
Exactly, only by backdoors or jailbreaks ( xz or running wine malwares ) you would get malware, but by updating your system and running wine apps isolated (flatpack wine app) you arr mostly safe
how do u deal with virus and connectingg these pcs to the internet if u needed to do updates or install software? i given a x99 system and ive wiped it but i still dont trust plugging it into my network to reinstall all the driverrs?
Don’t need one on Linux. You don’t download random executables on Linux, you only download through trusted app repositories so you should be safe unlike windows where u run random executables to get your apps
I would imagine the same as on windows would echo true for linux but most providers only have some fairly expensive endpoint security suites,. If you want something free ClamAV/rkhunter/chkrootkit would be the combo on top of avoiding packages not from your distro maintainers and general caution when online.
1. How do you manage to get that when you use repos, then also giving it permissions and make it executable? 2. How do you even count the number of vulnerabilities on a closed source OS like Windows and MacOS? Great video nonetheless, thank you!
I've been using Linux for almost 15 years and have never experienced anything like viruses or malware. Althought you have opened my eyes. Thanks for such amazing content. Do you recommend installing an antivirus on Linux?
If it is a piece of enterprise equipment with a valid service license, then the manufacturer will often release tools that you can use to evaluate their devices and check for known vulnerabilities or exploits. If it is a consumer-grade device, then the best that the average person can do is keep the firmware up to date and cross their fingers. That's why so many of these devices get compromised.
@Just-Another_Channel Certain routers can have their firmwares flashed with custom code like OpenWRT. Somebody could rewrite the file and flash your router with it.
@Just-Another_Channel routers have vulnerabilities just like any other device, especially if they have a management interface exposed publicly. If you run a web server and look at the logs, you will regularly see requests trying to execute code that will download MIRAI.
The problem is always between keyboard and chair. That's why EVERYONE on the Linux stacks want to remove as much weakpoint where the user IS the issue - hence Wayland, portals, and sandbox in general. I may not like snaps and snapcraft, but it makes a lot of sense for business users who just want secure by default and a relatively strict repository (though recent snapcraft store issues shows that there needs more investment on their store). The average user should just use snaps and flatpak, because while they aren't perfect, they're so much better for most non-power user usecase in so many ways, security being one of them.
What do you think about Windows recall? As for now limited to AI chip no telling down the line it's uploaded to the cloud to do any offload AI work. Microsoft does have the things to do switch the toggle back on after a update. It's like Spyware dream looking for password leaks, bank details and so on.
The cornerstone of desktop malware is user error. And Linux, unlike Windows, does everything it can to reduce its probability. In a normally configured Linux system, malware cannot do anything significant without superuser privileges, and vulnerabilities that allow privilege escalation are rare and can be resolved quickly. So the only way to give malware access to do damage to your system is for the user to execute it via sudo, which would require them to enter their password. Whereas the vast majority of Windows machines have a single admin user, and that user only needs to press a single button to run a programme with admin privileges. Of course there are caveats to this, but in general, a properly configured and updated linux system is many times safer than a similar system on windows, simply because it won't let you do nonsense.
Elf vs exe is quite misleading : elf is used on both !inux and MAC. Same for debian (all versions, os+ applications) vs a specific version of windows (with minimal built-in tools) Or linux kernel total where you’ve got tens of various kernels (major reached 6 with several minor releases each) versus one version of windows. The are linux malwares... but they are still few and with a very limited impact... looks like the video was sponsored by Microsoft
Finally, someone has addressed it. Many Linux users believe their operating system is superior to Windows or macOS in terms of security and resistance to vulnerabilities like malware and viruses.
its security model is generally better especially in a multi user environment. Being overall better from a security standpoint does not in fact mean your impervious to attack which is a common misconception. Most experienced linux users would not simply claim linux is better but would ask you to quantify the question of "is linux better than windows for security,etc?" as the answer depends on threat model, the users of the system, the administrator of the system, etc.
it isnt, the users are smarter than windows user tho. And that's a fact. It's really easy to hack sum termux script kiddy with netcat or just delete their android/* and you can hack their accounts since they enter info or install apks using their adb in termux.
Linux (and MacOS) have certain architectural advantages over Windows that make them more resistant to certain types of malware. They have better process isolation, seperate exexutability from file names, tend to ship more secure defaults even if they break binary backwards compatibility etc. If run by a competent user, there isn't a huge difference in security between OSes through.
also virustotal dosent detect encrypted batch scripts so windows might not be as secure i encrypted a bat file with a simple encrypter and it got 99% clean only one ai antivirus detected it as encrypted maleware so i encrypted it again and it was 100% clean if you wouldnt look at the sandbox files you wouldn't know it was malicus.
Does Windows have anything like SELinux or fapolicyd built in? Hard to imagine how you can get malware with either of these enabled. IoT devices usually ship with all of the built in security turned off and then some dodgy cgi code installed to manage it. It's no wonder Mirai is a thing.
@@linux_for_noobs keep in mind that flatpak is a very weak sandbox on default and as long as an application has access to the X11 socket it can easily sandbox escape
if u use the AUR for example from arch, you should but not exacly needed once you look at PKGBUILD and the comments for instance. Just be a normal vigilant person, no need to be paranoid.
I am not a security expert so I can only make assumptions but isn't it the case that Debian as a GNU/Linux distribution is completely open source and therefore it is much easier to find security holes than in closed source systems like Windows where you can basically only try and error ? Also, in my experience, when security holes become public, they are fixed much faster with an update in GNU/Linux than in windows. But I also see it that as a normal desktop environment for standard users windows is safer because there is real virus protection software that prevents the user from running viruses. In GNU/Linux there is no such thing except to my knowledge ClamAV which has real time protection but even there installing it is less for standard users.
No, they stupidly split all Windows releases while still keeping something like Debian as one entity. Win 7 being 15th only shows that as more people get into programming, there is more malware being made for newer operating systems. It wasn't as common to know programming basics 15 years ago as it is today.
@@davehenderson6896 If it gets wide adoption and overtakes Windows 10 in market share then probably yes. If it flops then it might not be the case. Ultimately most malware for Win 10 can also affect Win 11 because under the hood these systems are very alike and Win 10 gets a lot of backports from Win 11 security anyways.
The reason you don't have to worry about malware as much on Linux is that Linux is much less used on the desktop, so the malwares for normal private people are usually only made for the much more lucrative platform of Window$. Only for servers and appliances does it make sense to make your malware for Linux.
While I was using Windows, I found myself thinking "Oh, so long as I keep everything updated, I should be fine with Windows Defender." I lasted from 2015 to early 2020 when SmartScreen (on MS Edge) caught exactly 1 infection some time in March. Whether it was from the malware or my computer's age, I started experiencing hard shut offs some months later whenever I played any game that wasn't Minecraft Bedrock or Minecraft Java. Even Roblox crashed me after like 10 minutes; Minecraft Dungeons and Cities: Skylines instantly crashed me before their main menus loaded. Anyway, I got a new computer that same year, and decided to put Linux on it last September. However, since modded Minecraft malware is becoming more mainstream, it's a bit disappointing that there aren't good antiviruses on Linux like there are on Windows. The few companies that I found that offered home desktop solutions no longer do so. The Prism Launcher Flatpak can only protect me so much right? Even though I plan on keeping Linux for the foreseeable future, the fact that there aren't good antiviruses here is adding to reasons of me switching back to Windows.
He is talking mainly about servers, supercomputers or IoT devices. Those are identical in setup and are often not updated properly. Desktop Linux is more differentiated, however, although some distros come with Apparmor installed and various security measures, many common distros (usually based on Arch) don't, and it's up to the user to take care of it, while average users run system as it is. For example, I run Manjaro, and it has apparmor, but it's not configured. In many ways, Manjaro is a low security distro, because it's not its main concern - again, it's user's responsibility to set it up properly. However, even then it's not 100% secure. Still, if your distro is rolling release, you need to have everything up to date, while on Windows it often takes more time to get the updates and many apps must be updated manually. Using Tails or Cube OS is not practical for an average user. Linux is becoming more and more popular, so with time, people will recognize it needs some additional security tools to be added, shipped, configured.
@@afriquelesud They can run at kernel level, some products are already using BPF LSM to get data directly from LSM hooks. One example that I can think of is Falco, used to analyse processes in containers on enterprise.
Debian Linux has 'the most vulnerabilities' because it 'comes with' more packages, more software than any other distro or operating system. The number of vulns includes everything that you could install, out of the box, with an 'apt install' command. Even if you included everything you can install out of the box with the Windows Store or Apple Store, you wouldn't even come CLOSE to the number of packages available for Debian, and which contribute to the number of vulnerabilities. So, to say that Debian 'has' the largest number of vulns is really really disingenuous and IMO misleading.
I don't understand how this was misleading. You said it yourself, the massive amount of packages available on Debian contributes to it's vulnerabilities. I use Linux too, but Leo was simply stating facts here.
The other thing to note is that Debian and Android and Fedora vulnerabilities are aggregated whilst Windows ones are segregated by version. If you were to distribute debian, fedora, and android into their versions, I would expect them to be much lower.
Could you please test security software on Linux which is best and how to use Linux safely. I want to switch to Linux, because I'm tired of windows especially the upcoming Ai update, that will record everything
The best security software on Linux is not running additional security software. You use Linux safely by keeping your system updated and not downloading software from websites.
Don't buy into this creator's fud. It's just to generate clicks and engagement and doesn't have much to do with the real world. If you download a mainstream Linux distro and only install software from the package manager you're almost guaranteed to be safe. It's best to regularly update the system as well, even tho there's no mechanism to force you to update. If you absolutely must install a package that's not available from your package manager, make sure to research the correct way to install it and don't just click on the first Google result
minimal privilege principle is widely considered as the main security rule. That's why linux means security. And antivirus means a breach in security because you delegate your rights to some unknown 3rd party agent
Whatever your OS, if you download software anywhere you are going to have problems... As for your vulnerability table @1:48 it is more than questionable. Debian 12 (Stable) does not contain 8755 security vulnerabilities !!! The figure of 8755 flaws that you put forward is the sum of all the flaws of all the variants of Debian and it counts the same flaws several times if they are present in several versions... Debian is made up of several branches, Debian Odl (11), Debian Stable (12), Deban Backports (manual update possible for Debian Stable), and development versions namely Debian Testing (future version 13), Debian Unstable (pre-testing) and Debian Experimental (pre-Unstable). However, it is completely normal that development versions like Debian Testing, Unstable and Experimental are more impacted by bugs and security vulnerabilities. If this table were honest, as for Debian it should group together all the vulnerabilities of all variants of the Windows OS's still in use, as well as flaws in development versions which are not public at Microsoft. And Fedora should also include all security bugs/flaws from Red Hat and Cent OS, since they belong to the same editor Red Hat. Fedora is a preview of what Cent OS will be in the future which is itself a preview of what RedHat will be in the future.
To be honest, I think Windows has much lower vulnerabilities because it is closed-source. That means only Microsoft devs can check for vulnerabilities, which are very few people compared to linux community. Also I want to add, that packages on Linux work differently than Windows. On Windows it is a lot easier to get viruses because you are downloading an executable from the internet, and you don't know if it is normal or virus. On Linux you need to install them via a package manager, which is being maintained by the community and stored in a strict environment. Packages are run in the first phase the CID on Debian which is checked by devs for any bugs or some vulnerabilities, such the recent .xz scandal. That had not been pushed to the stable Debian, so the majority of users weren't affected.
There is no such thing as exe equivalent in Linux, any file can be executable in Linux, if you you set it so. File extensions in Linux are just for fun.
So, for the average (not expert) home user, what are the real, viable options for malware protection in a Linux based system. It sounds like that a Linux malware infection is unlikely, but when it does happen you're screwed.
Hmmm............, Yes and no. First of all, you just can't do a "Linux vs Windows comparison" because there are several versions of windows, and hundreds of versions ["distros"] of Linux. Policies in windows "professional" are pretty easy to bypass. And there is a reason corporations use hardened versions of Linux [even Microsoft servers not behind a firewall] because it is inherently more secure. And more than that, it is more securable. But sure, you can get distributions of Linux that are more insecure than windows home. Some commercial versions of Linux have as much privacy compromises as windows does. Linux servers are attacked because they are usually involved in securing masses of important data and money, so of course regiments of hackers are going to try to break into them. An ordinary home user with a $1000 in the bank? Not so much. And since a home user is more likely to use M$ than Linux, the home linux user is statistically safer, all other things being equal. Social engineering attacks will always be a thing if the public is not technically savvy. So a "Linux vs Windows comparison" is going to always be a "comparing oranges to apples" fallacy. Unless you do specific comparisons. With any scientific test, you control for everything else. And you can't do a Microsoft OS install without connecting to the internet, which is pretty dumb when you think about it. The best way to clean a malware infected system is to boot into a change-rooted environment with a last known good OS, no matter what OS you use. Indeed, that is what many anti-malware rescue platforms do. And the other problem with Microsoft OS, is that you cannot reduce the attack surface easily. Linux is far more configurable, right "out of the box". If you don't like bloatware, you can trash all of it. The fewer programs running on a system, the fewer attack opportunities. And of course there is the eternal adage of: You can have convenience or security, but not both.
Месяц назад
The Vulnerabilities table is misleading, it is by default “all time” which mean all history of vulnerabilities including corrected ones and the ones still exists not a specific year. Debian in this year and month November 2024 have only 9 Vulnerabilities
1:58 Lol, win 10 + 8.1 + 8 + 7 alone already has way more vulnerabilities than "Debian Linux" which is all versions of it since 1993. Even excluding Windows Server, i'm sure all windows versions combined would be many many times above Debian
What the hell is an elf file and why have I never heard or seen them before? Can I peak inside it like a shell script? Do I need to chmod +x it to run it or does it need additional utils? My users don't have sudo so it sounds like blowing away their Home dir will clear it like any other local issue or dirty script. What is the way to overtake a Linux machine with elf automatically?
Based on the comments, this seems to be a pretty shit video that didn’t haven’t much research put into it and came across as more of a rant than anything
linux is a great way to avoid script kiddie malware, which is the most common type of malware kids, elderly, and non tech savvy people will encounter. so if someone use mainly the internet and some basic word processing moving them to a just works distro, and making sure they know not to install ANYTHING from the internet, or maybe even not allowing their user to install stuff from the internet, only from the app store, like they would do on a phone, would be very useful. do that with some "don't click any link you get on email, especially if they say its urgent, contact whoever sent you the email through another media like a phone call" and other useful tips to avoid malware, and your love ones will be way more protected against malware and other cyber attacks.
@@bobmauranne6829 its easier than ever to create malware to windows. you can follow a tutorial on youtube and get an AI that will write the malware for you. linux have security by obscurity, so the basic phishing emails that give you something you think is a .zip but actually its .exe or whatever don't really work on linux.
There is a big difference between carelessly executing dirty files and installing a pre-infected corporate operating system. Being on Windows since 1993 and enduring everything Microsoft has put us through, I'm finally throwing in the towel in the Windows 10 era and headed to Linux in search of higher ground. I'll take my experience and knowledge with me as I have learned much over the decades regarding these issues.
Runs something with sudo without checking the content of the file Linux is not secure guys i am a youtube cyber security expert trust me.. Btw, imagine how popular and widely used ELF is when i've been running linux for 20 years now and it's the first time hearing about this, people don't click we compile code from source, not sure what this guy is on about.
There is no need to stupid numbers When u have windows u don’t know what y r installing But when u have linux u know And have complete control over all prommisions Of course it is a completely different if u install malware yourself from the source and give them complete permission to do everything
Recently saw an huge demand for Linux guides especially for those switching from Wind0ws (more bloaty and creepy than ever) I've also been starting out my Linux journey in 2024 and I am loving it, learning new things.
All the comments about Linux on this video are completely missing the point: The average user idea of "malware being something you click on while browsing" is a very limited view of malware and largely obsolete in various fields of cybersecurity. Most cyber threat actors today don't think in terms of a specific OS, rather a specific target or target group and tailor their techniques to whatever platform is relevant.
Most viewers, seeing your video are convinced you are talking about Linux Desktop OS, especially that you show examples of running malware on it, which is unrealistic scenario in most cases. I'm afraid, you just confused people with this video, because there are too many generalizations and claims from the perspective that viewers won't understand at all.
Just consider the title alone: Windows vs. Linux. Windows is a desktop OS mainly. It is used on servers, but most people in the world use it as a desktop system, so people are automatically assume Windows Desktop OS vs. Linux Desktop OS, because that is what they see or what is tangible. Servers are too esoteric for users, although they dominate.
A great idea for the video would be: what are the common attack vectors or methods to get malware on desktop platforms (excluding phishing, because you don't need malware to get someone's credentials), so for example, what an average user on Windows does that infects PC and if there is a comparable situation on Linux.
The real problem I expect will bite linux in the ass sooner than later is targeting repositories that gain trust - unverified flatpaks/snaps etc, ppas, compromising the supply chain particularly in frequently updated cases where the average user has no idea who the maintainer behind a given port or even from the source are. This is a vector that can take place directly in the end user software manager for whichever distro. You need only compromise any of these points and you hit a significant part of the market and just because source often can be read doesn't mean someone will necessarily read or understand, in time. This surface certainly isn't better than what can happen on Windows. The xz issue is just a sliver of what could happen on this track and greater attention on linux will multiply the vigilance required at all levels.
@@ShadowOfTheSPQR Yes, that comes with the territory of being popular, so in a way, that is a good thing, because it will mean that Linux reached the certain threshold. With malware, companies' interest start to grow, more money, better quality apps ported, etc. So maybe we get serious antivirus apps for desktop Linux - not that I would miss it, but that's the possible future.
@@michadybczak4862 I'd rather the OS be configured sanely than put my trust in a third party, which is really the problem on windows - defender, good practice and some hardening go miles ahead of any of its av offerings. But hey. When linux is large enough for this to be a serious conversation it'll be interesting times indeed. I'd look forward to other porting for sure...
@@michadybczak4862 Even the available ones of av i won't use. And because the malware game is ever changing. Its more about your data online than whats on your local device. I mean sure, that too, but bad actors targets where there is valuable data. Gone are the day where clicking file destroys your system. Its more of ransomware give money or else its leaked or erased or whatever. Look at android and ios. your life is practically on these devices so these bad actors would want of piece of that data pie too. Google is not doing a good of a job of curbing malicious apps from its play store. Apple is a hit or miss but its been compromised too.
One thing that has always stuck with me in my career in IT is that "the issue lies between the chair and the keyboard." Human error is the biggest cause of malware infection going. It should be compulsory to teach kids and even adults the importance of staying safe online.
When I used to be an Avionics Technician, many moons ago. We called the pilots the SeatCyclic Sloppy Link. for much the same reason, most problems start with the user.
"The issue lies between chair and keyboard." Thats an effective way to tell someone they're the problem.👌🏻
@@OGruurd Pebkac is the old school way of saying it.
Where I work, we call it an ID-10-T error.
@@nadtz or PICNIC - Problem In Chair, Not In Computer.
You should cover Linux malware more - show newbie, and intermediate, nix users how to listen for, spot and remove issues.
nix users as in nixos?
@@NeptuneSega It might also be short for Unix, which i heard Linux is based on (I am not a Linux professional don't take my word at face value, also I heard Mac OS is also based on Unix)
@@celestialsylveon6453 the right things to say about is, is Linux *was* based on unix.
In fact it was greatly *inspired* by unix, then unix became a standard in some ways, that Linux still fufills.
@@rizkyadiyanto7922no he’s being a smartass saying every distro or a package manager other than NixOS is inferior. These NixOS worshippers are getting more annoying day by day
@@celestialsylveon6453 Linux is "UNIX-like" and not "UNIX based" since it doesn't share the same source code
Debian the most vulnerability? That site put all Debian release from 1993 up to today in the same basket which is stupid. There is 12 release of Debian so if they split the vulnerability on each release, it still way much less vulnerability than Windows 10.
There are more than 12 debians as far as i know, it didn't start from version 1.
And 5 versions of kernel? 5.0.6 current iirc
@@farpurple Kernel is v6.9.3 currently, 6.10 soon.
@@farpurple 6.9 is the currnet
@@imadam thank you!
1:54 This ranking list is SO misleading. Debian Linux is a huge project which ships tens of thousands of software packages including Firefox and Chrome browsers, LibreOffice, server stuff like Apache web server, SQL databases etc. -- of course it will have more vulnerabilities *in total* compared to just bare Windows without any 3rd-party software.
If you want valid comparison you should install both in a similar configuration, and then do weighted sum of discovered vulnerabilities in installed software for both for e.g. one year, where weight will be severity of that vulnerability.
A default windows installation comes with all that too! OK, some of it has to be added via Add/Remove Windows Features, but it all still exists and contains vulnerabilities that need patching.
That's not even the point. That list is showing "generic" Debian, or Android (mixing up all versions). For windows, they are separating Win10, Win11, Win8, Win7... If you were to add all the numbers for different versions of windows, it would be much higher number than any other OS on the list
@@davidadams421No. A default Windows does not come with all that. Windows comes with MS Edge; debian repos contain many browsers. Windows has cmd prompt and powershell; debian repos have many many shells available. Windows does not come with Office; debian repos have a few office suites. Windows does not come with DB servers, a variety of web servers, a LaTeX system, compilers for dozens of programming languages, 1000s of command line tools. Windows may have a few 100 dlls, debian repos probably have 1000s of libraries. If some rare 3rd party graph editor has some vulnerability, and it gets patched, also the Debian package will get a "security fix"; on Windows it would just be an unrelated external tool on some 3rd party site, irrelevant to the Windows security statistics. So, no, they don't compare.
@@leonardo.muricy Exactly!
@mcdazz2011 It ships with Edge, Microsoft Office (time limited demo), IIS and various flavours of SQL Server e.g. windows search - all comparable features, all of which have vulnerabilities.
I really expected better... But here we go:
- 00:51 Nobody on Linux downloads random executables, we have Software Repositories.
- 00:51 Server/IOT virus, much harder to come by as a desktop user with a functioning brain.
- 01:38 We also have Flatpaks, which make ransomware completely powerless ;)
- 01:58 List sums up Linux, but seperates Windows. In total, Windows has more vulnerabilities.
- 01:58 Linux is Open Source, so people find vulnerabilities by just browsing its code, not by exploiting it.
You didn't give a comparison, you gave a rant.
Here's something this video should've been:
- Windows users get viruses by just trying to download a web browser, Linux users need a global scale data breach.
Yeah an accurate summary for a response on constructive criticism on this video 👍
Yeah, none of us would ever be silly enough to just run `curl ... | bash `!
No Windows user downloads a random exe either. Its called social Engineering
@@tsukuyomin Mind the "Random" in "Random Executables".
Only time I run a command like that was to install a PiHole DNS server. If PiHole was not trustworthy, the world would implode.
Also, Bash scripts are a bit easier to read than .exe's you know.
@@TakumoZero Yeah they do bro. It's almost a necessity on windows. I assure you the average user has never heard of winget. It's gonna be a lot harder to convince a linux user to run some random executable than a windows user.
but Windows itself IS malware!
Thats fax
For real, they have a build in Keylogger and now also soon screen remote monitor. But it is microsoft and they say your data is safe.
fr
Just like Chrome.
@@emil871w3 No, it's a computer
2:15 kind of a bad point... "debian linux" and "android" include years and years of versions of those operating systems, while windows is split up into aaaall its many different versions.
also worth taking into account is that Debian, Fedora and the Linux Kernel are under constant scrutiny by the millions of companies that rely on these systems to survive
said scrutiny is comparatively smaller for consumer OSs
you can even see this in Windows too; notice how Windows Server is higher up on the list than most other Windows releases
Also, Windows is closed source, and as a result many vulnerabilities will not be found. Additionally, how can we be sure that all will be disclosed when they are found internally?
@@LimonSqueeZexactly.. You hit the nail on the head here and many ppl aren't able to think that thoroughly or logically. When the code is wide open there's always gonna be issues found at times cuz of human error and unlike Windows.. Linux patches it nearly immediately.. But as in the case of Windows.. You can't fix what you can't see lol there are 10000x more eyes on Linux code and M$ isn't gonna make much of anything public as it's closed source and a money making business. Nevermind the telemetry data collection and recordings of everything you do is sent up stream and the backdoors they have purposely implemented for certain 3 letter agencies to use "for security" reasons and don't think they can't be found and exploited by ppl. All of this surveillance running 24/7 that windows does has an impact on performance even before you install an antivirus. But fanboys don't think objectively and they wear a blindfold to the one they are biased towards and defend the one that they favor even if they have to skew facts to support their own beliefs.
Came here to comment these things lol. Especially on Windows being closed source.
Windows 10 comes in many versions too. Like more than ten of them...
Most people who use desktop Linux aren't worried about being targeted by malware, they want a clean operating system that isn't loaded with Windows pre-shipped spyware. The attack surface of Windows is simply larger when it comes to all of the unknown proprietary processes and telemetry running in the background. Especially after the Copilot+PCs start ending up in everyone's hands. You can defend your spyware box all you want, it doesn't change the fact you have no idea what all is actually running on your computer.
You can uninstall everything from windows if you are a good I.T and keep the o.s clean, fast and secure.
many linux disrtos come with bloat too.
@@johnnyxp64 That's not true. You don't even know what 'everything' is. There's a bunch of processes that run in the background you know nothing about. There's no info available about what these do, when they communicate with MS or whomever the com is encrypted. You may try analyzing binaries, but good luck with that.
@@johnnyxp64even if you uninstall all the crap, you can't uninstall spyware that are essential part of the Windows OS.
@@nakedeye44 don't want a bloatware? Install Arch so you'll have only those apps/functionalities that you choose to install..
No offense but the cvedetails is misleading!
Example Debian:
Debian leads the charts because 114 versions are grouped under "Debian Linux", while Windows 10 is only Windows 10 and it's updates.
Also do security holes in 3rd party software count as Debian vulnerabilities, because they are in the repository.
Example Debian --> Debian Linux ---> 10.0 ---> CVE-2024-20952: Oracle Java SE, Oracle GraalVM for JDK.
If cvedetails would group all Windows versions from Windows for Workgroups till Windows 11 together including all updates and 3rd party software, then Windows would be the leader.
Windows XP SP2 had finally a firewall but the default user was still admin, so insecure.
Meanwhile Linux/Unix had proper multi-user with ACL, ASLR, MAC (SELinux, AppArmor, TOYOMO), grsecurity etc
Microsoft started the whole UAC, ASLR, MIC stuff with Vista.
IMHO malware is still rare under Linux compare to Windows.
Another example: Why do all Linux kernel vulnerabilities from 1991 to now count as one entry
I honestly thought people were just being funny with the video because he was insulting their OS of choice, but this comment gives a ton of insight. Linux really should have been split up at some point, because virtually no CVE from 20 years ago will apply today
huh very detailed explanation )
and a stone thrown into this video )
which looks more like a manipulation of facts
Another couple of additions to your point. Ubuntu, Linux Mint and a number of other distros are derivatives of Debian, so there are likely CVEs that mention those under multiple flavors. And if every distro listed has CVEs for the Linux Kernel, every one is listed multiple times in the database. All of the code used in most of these distros, especially Debian, is open for anyone to read and analyze, not so for Windows.
People, you really, really need to listen semetimes. Our guest did'nt say Debian was less secure than Windows. Listen again: he doesn't.
He was trying to make a point. To show that being on Linux is not a failsafe security in and by itself and that user shouldn't feel they are safe whatever they do, just because they run a linux system.
On any computer, on any OS, the worst vulnerabilty is always in the chair/keyboard interface.
Theoretically, no OS is secure, as malware can target any system. However, despite statistics showing that malware can be successful on Linux, we rarely hear complaints or see much drama and victims from Linux users. This discrepancy suggests a gap between statistical data and real-world experience.
It's probably because most computers run Windows, and most Linux users aren't that likely to get malware from the usual sources (phishing, bad links).
Definitely. A better way to judge is to see statistics on attacks not on malwares made targeting a specific platform. You can program infinite malwares but if they didn't do much damage in the desktop scene it shouldn't count. I've used both systems for years and I got infected 3 times on Windows and 0 times on Linux.
Or.. Linux users which by themselves already hate comfort by being such terminal geek, are more aware of potential cyber security than normal joe people
@@urip_zukoharjo terminal saves you a lot of time, you can automate a lot of clicks and manual labor. so they work smarter not harder. unlike most windows users.
@@greypsyche5255 True but windows users makes the technology of computers more accessible to the public which ofc have some downsides and that major downside is that hackers targets windows more due to that OS vulnerabilities and the amoung of people who are using Windows.
My (sysadmin for several schools) real-world experience says: For non-technical users (desktop) Linux is a solution to the malware problem, which includes not only malware but also malware protection software. Linux servers have open ports that make them vulnerable to attacks. The usual way of getting malware (clicking on, or installing something) simply is a no concern on Linux, at least for now.
One school even decided to give the students full access to the laptops, and while some managed to break the OS (mostly by deleting some file/package or misconfiguration), we never had an issue with malware so far.
How did your dept. and users handle the transition? I work in K-12 IT. I've always been curious how the transition from Windows to linux would be for our staff. We have over 1000 staff members. A good chunk of them are tech illiterate and others will adapt fairly easy. But others would struggle so hard with moving to a radically different looking computer system.
Wine could help a lot in this case
I am a noob on Linux here, but my intuition would say maybe Mint would make windows users more comfortable transitioning?
@@JJFlores197 The teachers are just happy that the computers are working reliable and without regular messages about malware and promotions. They are only using the Web browser and Libreoffice. Luckily Libreoffice's compatibility with MS documents got very good lately. It's just important to have all the MS fonts installed. The teachers felt more comfortable with a taskbar like in Windows. So I installed the extension dash-to-panel in Gnome.
In the administration, we cannot switch entirely to Linux because we have a tailored DB (Linear) which requires MS-Office to export data in a table. It only does so as XLSX file and before doing so, it checks the registry if MS-Office is installed. When I asked the developer why this is necessary, he just referred to the contract we signed when we purchased their product. I believe they have some contract with MS that forces them to do it.
The students don't care to much except when they have to work with Libreoffice. They absolutely don't like the default GUI, but are very happy with the tabbed view (ribbons). One just has to show them how to switch.
@@rice5817 In my experience, a taskbar is enough for most Windows users to feel comfortable. For that, I'm installing the extension dash-to-panel in Gnome.
It make sense to see more vulnerabilities reported on linux, it's opensource, more eyes on the code = more reports... I do not trust close source OS no more, especially corporation distributed OS...
Another thing, the world runs on linux, all the servers and most home devices are linux based, so ofc it makes sense to have a linux bot net... Linux users are more tech literate than windows on average making infection less likely to happen.
@@AesaraB try telling a plumber they're just as likely to cause a leak as you because human error happens no matter what and see what they tell u
@@BirbIrl LMAO good answer
@@AesaraB if you take part of a quote out of context, you can make most anything sound bad or ridiculous... but you are correct that complacency that will get you.
@@AesaraB "p..e..n..i..s" with the p from "happens", the e from "happens", the n from "and", the i from "if", and the s from "gets".
see? i can make you say ANYTHING given enough text.
Don't cherrypick.
1:55 Why are different versions of Windows separate entries? Other operating systems aren't grouped by major versions and it's not like they develop new major versions of Windows from scratch. What I want to see is all of the Windows versions grouped together and removing duplicate vulnerabilities that affected multiple versions.
because old versions get no updates. Windows 7's support was ended, so if a vulnerability is found it never gets fixed but lots of people still use that version of windows. Windows 7 and Windows 10 are COMPLETELY different. The reason the list does not include all updates is because youd have to also list every single update ever to a singular windows version to be fair to the thousands of debian linux versions. Windows 7 is practically a separate OS.
Listing different versions of Windows seems like a nice way to minimize the totality of Windows issues. Which of the 19 versions of Debian is being addressed in the chart, or is it all of them, going back to 1996?
@renpnal229 I'd assume it's due to the end of life support on those versions that means that don't get security patches past that date leaving "newer" vulnerabilities unaddressed. For Linux, it's worth mentioning that it's a all different "beast" as security patches is somewhat "harder" to address, specially for production servers, as security patches that could update/change the kernel of the OS could impact all dependencies and brake everything (same applies to Windows but it's somewhat less impactful). @rgavel The specific vulnerability is usually specified with the impacted version. I'm assuming that having multiple flavors of Debian on the wild does bring this number to be as high as it is.
@@Dim.inished only the interface of windows 7 and windows 10 are completly different, the system apis are pretty similar, unless you count the amount of added layers for stupid devs in windows 10 or microsoft dick sucking services apis as a change of the system. It's only added mandatory bloat and background services, the core working of the OS is not that different. And it still have to retain most of its architecture, like the NT file system.
@@amarodsvokay, fair enough. What about macOS being grouped together then? They have like 22 different versions by now, pretty sure if they were split up, not a single one of them would even make it to top 25.
Yes, Linux malware exists and yes, Linux users need to be worried about it but it's not as prevalent and it generally requires more interference to get it to work.
Desktop Linux is largely a harder target to hit than desktop Windows. Especially with more and more distributions shipping with app armor policies or modern SE Linux policies which help prevent unauthorized access to critical parts of the system. Desktop Linux distributions are also often now requiring passwords to be put on the super user account which used to not be required and would result in a fairly easy privilege escalation as long as you knew what you were doing. And in general we have seen a push from both canonical and red hat to start shipping distributions in a baseline secure mode with some flexibility to increase the amount of hardening that can be done.
Essentially, the current best practice is to ship a distribution in a state that is hardened but not inconvenient so the distribution shouldn't get too in the way of the user, but it should also not allow excessively dangerous operations.
Also, a major point on the lack of variety for Linux malware is just the smaller attack surface. There's not as many users on Linux that can be directly attacked which is why we see the botnets that target iot devices which are often not as secure as the desktop distributions. I am curious as to how anyrun setup their Ubuntu VM because at worst an encrypt and wipe program should only be able to hit the home folder.
not to mention, the general Linux user is tech savvier compared to the average Windows bob, so raised suspicion from the end user is very critical in such an assessment. And this suspicion already starts at the "allow notifications from corn site" level, which is non-existent in elder folk especially.
I'd like to also mention that because of the very nature of Linux being FOSS, not only less malwares gets released on repos but we also have a quicker response when a CVE is discovered.
- XZ backdoor wasn't even released yet that it got patched.
- Log4J took less than a week before it got patched.
Windows on the other hand... Not only you have to wait for Microsoft to release the security update, it might not even patch your system's vulnerability nor the latest windows CVE discovered.
@@Ryuuzaki145 Added that the XZ backdoor was found because a Microsoft employee and developer of PostgreSQL regularly monitored performance on his Debian Sid system.
This is extremely misleading, you can't just compare CVE counts of entire package ecosystems like Debian to only Windows
Maybe he wants to keep people away from Linux...
@@DoltonI This channel OP is a troll compare to Britec09 he turn new leaf even they're both the same. Something like this Britec09 already say long ago This OP is just yet another Linux hater channel but Britec09 is far better he make linux tutorial vdo and neutral at least.
This. He describes as if we got all packages installed in our system and not as if Linux distros were modular, he treats it entirely monolithic like Windows is, and also as if Windows don't keep most of their vulnerabilites confidential
Debian 1? 3? 11? 12? Oh just the entire history of the OS
Vs Windows 10 and not combined
Very heavily biased
@@hopelessdecoy That's a fair point
These are prevalent because Linux is prevalent on every other type of system other than desktop PCs
Try finding a supercomputer running Windows
@Just-Another_Channel touche🤣
@Just-Another_Channel my Debian + i3wm use 600mb
Honestly, the main security advantage of Linux that I see is that you aren't encouraged to go and download apps from random websites. The system itself is of course vulnerable, it's not like no one make mistakes writing code (or just doesn't realize the security implications of something) just because they write Linux software.
I think one of the best way an OS can keep you safe is by just making it as convenient as possible to do the secure thing, and by being vigilant when it comes to vulnerabilities. The reason I think it's important that being secure is convenient is because otherwise, some people will start to circumvent the security because it's inconvenient. If it's convenient, fewer will probably do that.
obviously Linux has its own share of Malware , Viruses and Vulnerabilities , but the reason why i trust it more than Windows is because i trust the developers and the community to take feedback and patch things ASAP (this platform gets updates every 2 weeks or so). where as Windows is trying to actively Spy on me themselves. (not to say there aren't Linux distros that don't do spying and ads *cough* Ubuntu *cough*)
also with Desktop Linux there's less chances of getting your apps from shady sites , you get them mostly from trusted repositories. (be it from developers or things like flatpak)
overall this is precisely why i plan on being mainly a Linux user. especially with the newer rig i have in mind given Gaming has gotten so much better on it as well... once more apps and compatibility comes to Linux , i'll say goodbye to Dualbooting.
I'm curious, why Linux users don't like Ubuntu? Where I can know more about the reason why it is so disliked?
Generally speaking, the larger the FOSS community, the quicker they can patch the vulnerabilities. Unfortunately, many communities that grew big fell into the spiral of ens*ittification, whether it's doing the spying (Audacity comes into mind) or devs being hostile (GIMP). Make no mistake, I still trusted FOSS more than proprietary software in most cases, but there's a trap out there that makes a community loses its touch in the delicate balance between privacy, security, and outreach/helpfulness.
Should I use Linux Mint if I'm a new Linux user?
@@maxk109 snap not only proprietary it's updates automatically, bloat lsblk output (because it's using loop devices to work and keep old versions of packages installed). But canonical also forces all ubuntu flavours to use snaps also deleted same packages like firefox from repos and added so called transition packages that install snap versions of such applications.
@@GeorgeG-is6ov Depends what you want, if you have very new hardware, make sure to nab the edge ISO. KDE neon, or debian desktop are also good choices, though debian isn't the easiest to download due to poor website design
In default, baseline configuration Linux is still going to be more secure but I get your point. I have yet to come across a home user whose single windows account is NOT a local adminstrator (root).
It's funny how many things never change since windows xp, still root accounts by default and hide file extensions from users. perfect recipe.
@@balsalmalberto8086 not to mention Chrome and Edge hide parts of URLs
it must be since almost all servers are run on Linux
Whataboutism. Linux, Unix and BSD where all made for networks and multiple users. DOS and Windows was not. A lot of the issues with Windows comes from the single user "if it compiles, sell it" background. The open source products will have a lot more vulnerabilities discovered and fixed than closed source. We cannot really know how many vulnerabilities are even exploited daily in closed source products. No system is immune, and since Linux is so much more common there will of course be a huge number of unpatched, unmanaged vulnerable systems. But as a system developer, if I was tasked with setting up any critical system, I would definitely go for something other than Windows every time. For gaming though, windows is still king.
Well the gaming thing is not a Windows vs Linux thing persee......It's just that game devs want the most amount of money and they taget Windows for that, and in the case of AC wich is the biggest hurde for Linux in gaming today is because game devs can install rootkits on windows computers without fuss, that's not as easy to do on Linux since security triumph greedycorp rootkit spread.
Yes, cyber security is not a Windows problem but I have some comments I want to make:
1- when you show the all time leaders you forgot to mention Windows Server 2016, which is at #6 on the list, although in this case the comment you made was not malware related but vulnerabilities related
2- Mirai is a worm that uses brute force and password spray attacks, when it finds a device with user and password by default it gets root level control over the device so it isn't directed at desktop users, the main focus of this channel, because desktop users' passwords should represent a bigger challenge
3- when you execute the linux ransomeware example you either had to give execution permisions or it was using an PrivEsc exploit, if you execute a an ELF file the shell won't do anything unless you use 'chmod +x file' first
I'm not a security or system admin, but the guys in my firm that do that work say that Windows keeps them up at night. There are a lot of places for malware to hide in Windows like task scheduler, services, RunOnce, etc... But, they say Linux is easier to audit and lockdown with things like systemd and selinux.
I don't know about systemd being easier to lock down or audit lol, that's what people have had an issue with in comparison to other init systems, though systemd is much much more than just an init system. Convenience comes with a cost attached.
Nah malware detection and removal on Windows (manually( is way easier than on Linux.
you and your friends works at a zimbabwe company located. Because if they need to stay up at night, they work and live in a lawless country
@@forbidden-cyrillic-handle as i said before. Lawless countries buddy. Thanks Putin for this
@@nou712 SystemD has journalctl in it.
That's why I use TempleOS, I'm safe
are u also writing emails to the CIA?
@@Pepo.. its been three weeks, he probably does write emails to CIA
there's people in suits walking outside my porch at night misplacing my gardening equipment
Not joking, TempleOS is pretty interesting to me, especially because everything runs directly in it's kernel. Terry was a chad.
Never seen or used an elf file. Using ubuntu for more than a decade. Where do they come from?
dunno
You use them every day. Linux just doesn't have the concept of file extensions as file types. You can find out the type of a file using "file", e.g. "file /bin/bash"
ELF is format for binary executables on linux. You didn't know this because on linux executable files doesn't need to have any extension.
You can use file command to check it out. For example
$ file /usr/bin/ping
/usr/bin/ping: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=d9e8ab66f132133ffd715a85a18a9f7883773a2f, for GNU/Linux 3.2.0, stripped
Or check file header with hexdump
$ hexdump -C /usr/bin/ping | head -n 1
00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
I almost going to say this. Linux systems uses ELF files but they didn't run ELF file directly from terminal. They get from mails generally.
You have, just they don't usually end in .elf. Here's some examples of ELF files that you do have: bash, sudo, cat, ls, grep, sed, xorg, man, and ping. I bet you have all of these, and all of them are ELF files.
But most commonly people get infected from downloading software from exe's. Does it not make it 1000x safer by using package managers?
depends on the distro and the package maintainers. If your using a niche distro with much more loose rules on packaging/security not really but if you use something like debian/fedora/opensuse where the repos tend to fall under much closer scrutiny and they have well defined packaging guidelines and the bar for being a maintainer is higher then yes
But how do you know that the maintainer reviwed the code in the packages?
Just remember XZ
@@tablettablete186 and the ssh backdoor almost got impamented simply bc the community trust a guy's friend
@@GBR9794Exactly, there is no code review.
I mean, how cloud they: in Debain, one mainteiner maintains thousands of packages.
Depends how hard it is to get malware into the package manager, the XZ exploit was really close to backdooring a whole lot of systems. I've recently run into Ren'Py visual novels and games being used to spread malware on both Windows and Linux, so it's not like there aren't avenues outside of package managers as well.
This video is kinda missing the point tbh. The reason Linux is so much more secure than Windows is not because it doesn't have malware (as you've illustrated, it does). The reason is that Linux very heavily encourages you to install software from trusted sources only (the distro's package repos, flathub, etc.) as opposed to downloading & running random executables from the web.
Simply the act of "getting in" on Linux is much more difficult than on Windows, because Linux users aren't conditioned to executing random files. On SELinux-enabled distros like Fedora, even hijacked programs are very much limited in what they can do (e.g. you opened a malicious document in your text editor), due to the way the rules are set up there.
But.... Windows wants to lock you down to using their store now, but apparently can't be trusted to even check the submitted software carefully. Apple has the same problem, as does Google.
Moral of the story: don't download random shit of the internet, always look for official and trusted source which linux always does better and makes easy to do.
The Ranking List is missleading. Linux Kernel is not a OS btw.
Count Every Windows together and the List is looking very different.
and every linux together.
@@pantarei. no
@@karmaspcs 🤣
@@pantarei. shut up
I spoke to a friend the other day who said no one makes malware for Linux Systems and didn't want to protect his file server, it got infected with a ransomware type virus about a day later.
The number of vulnerabilities listed here 1:52 is not really comparable at all.
First of all, open source projects such as Linux, Chrome and Firefox (all in top 15) are pretty much always reporting security fixes. Microsoft does not, they're developing their OS and software behind the curtain and only report issues when they have to. So the number of vulnerabilities is completely meaningless and only makes sense for comparing the popularity and complexity of open source projects, not proprietary software like Windows. I mean, Chrome seems to be 10% more vulnerable to exploits than Windows 10, but we all know that's not true. One is a web browser which runs on user-level, one is an entire operating system. And Debian linux having 9000 reported issues compared to Fedora's 5000 doesn't mean that Fedora is more secure. It just shows that Debian is by far the most popular distribution.
Secondly, "Debian", "Fedora", "Linux kernel" and other Linux entires represent all versions of those systems, while Windows is split between "Server 2016", "10", "11", "XP", "Vista" etc. Debian 9 is by far the most vulnerable version and it has 4000 vulnerabilities, not 9000. So it's pretty much like Windows 10, except it's not underreporting security issues. If you group all Windows versions you get over 20'000 vulnerabilities.
The main reasons why Linux is thought to be more secure (for an average user):
- Windows users historically always used admin accounts instead of separate non-admin accs, while Linux users would be given a non-root account by default. You'll get severely infected a lot easier if you have admin/root access.
- Linux updates will update everything. The system itself, system software, drivers, and all your user software. Windows only updates the system and not your applications (and often not even your drivers). So the user is left to manually update each app, which users usually won't do. Often it's not the Windows OS that's vulnerable, it's a 3rd party program which the user assumed to be safe even though it hasn't been updated in months or years.
- Linux has always had a concept of "App stores" aka repositories so the users are not forced to hunt down executables/installers on the internet. Meanwhile Windows users Google "VLC installer", "CCleaner download" or "OBS installer" and are often tricked into clicking a link to a malicious version of the app they're searching for (happened for all 3 of these programs, not so long ago). This pitfall is almost entirely eliminated on Linux as you're always using software provided directly by your distribution maintainers (which you trust since you're using their OS), or you're using software provided by directly by developers or trusted parties if using Flatpak/Flathub.
No matter which system you use, be it Linux, Windows or Mac, you will only be secure if you keep your system and software up-to-date. This is why routers and IoT devices are most vulnerable, they almost never apply updates unless they're specifically running a Linux distro like Fedora or Ubuntu which have versions with forced automatic updates which don't need user interaction at all.
For desktop users, as long as you keep applying updates and don't manually run malicious software/scripts you'll be fine. Windows just gives users more pitfalls to fall into when it comes to this. If you're using Windows 10/11, never turn off Windows Defender, it's probably the best thing Microsoft has done for security on Windows since the Firewall and UAC (and always install security updates ofc).
Windows has become the malware.
Spoiler alert, except that it suprised exactly no one.
Absolute power corrupts absolutely, and there is no bigger crook & mad man than Bill Gates.
always has been
Boring meme.
Having a built in software installed by sponsors of an unknown entity makes a malware. Of course its Linux.
What was that website, showing Debian as the top vulnerable os? Any source?
I hate to disagree those numbers seem a bit suspect to me mainly because I'm not sure what versions they are talking about I mean if you go from Windows 95 to 11 Windows will be much higher than anyone else I'd bet. On top of that the OS that's the most popular will be the biggest target for malware and windows for now is still the one. So while Linux isn't perfect it's still way better than windows when it comes to this sort of thing.
The numbers are missleading. Every Linux Distro has different Version. Si the numbers are higher BUT comparing to Windows still low
After 30 years using Linux, i have never EVER had a problem with malware in Linux.
Same here and I visit many questionable websites. Linux is bullet proof.
You never know
imna start targeting u to get u to download malware
Prove it. Find 1,000 Linux malware samples and execute them as a normal user on a desktop Linux distribution like you do in your Windows videos. Make it a fair like for like comparison between Windows and Linux desktop. I've never seen or heard of anyone doing that before.
I think it's worth noting too that most linux users wont need to download many apps from 3rd party websites, as most software are available in official repos and flatpaks (Which are very secure due to sandboxing) It is simply a lot harder to get a malware onto something within the official distro's repos, though it is still possible (As we saw with the XZ backdoor)
@@user-ks1oh2wx6o That's true, but there are malware delivery methods that don't involve the user intentionally downloading and installing programs from random websites - e.g. emailing malicious attachments or drive-by download attacks.
I second this. I was hoping this would actually be the video.
The author is biased as he is selling a product. Video not worth the time it wasted.
Is the number of vulnerabilities for Debian a total for the last 30 years?
TempleOS is hands down the most secure OS out there. Its simple, 100,000-line codebase and operation in 64-bit ring-0 make it nearly impossible to hack. Plus, with no network support, it's immune to remote attacks. Your data has never been safer!
Every OS is capable of running malware but WINDOWS is malware. Linux uses file permissions and user permissions so it is more secure. I have never seen linux malware in the wild.
Never worked in a datacenter then. And Windows also has file and user permissions, that's not what makes it more secure than Windows.
@@nadtz Windows has it but it is not enforced. You can download any file from anywhere and run it. I don't get the datacenter jibe. Windows OS is designed to spy and keylog you, enjoy. When I download stuff on Linux I have to change its permissions to run it. Crap may get on my machine but it cannot run. There is superusr at the top level. The REAL superuser on windows is owned and controlled by M$. It has the highest privilege. You do not fully control a windows machine.
@@tiomkinnyborg2289 "Windows has it but it is not enforced. "
This is incorrect. Yes a user can download an exe from anywhere, that is not the same as windows not having/using user and file permissions. The problem is your average home user is using an admin account because a standard user wouldn't be able to get anything done.
"I don't get the datacenter jibe."
I'm sure.
I'm not saying windows is somehow better or more secure, but when you make incorrect claims expect to be corrected.
@@nadtz So a person is infected by a virus on windows and the virus stops dead because it cannot infect every file on that machine? I have seen a virus tag every file in the system. But hey, you keep 'correcting me'. Ransomware is a myth. Enjoy your secure and non spyware windows. Thanks for the correction dad. I'll stick with linux. Why defend a trash OS you sheep.
Great video, but why do you show, as many others, the simplistic comparison between all vulnerabilities detected on Debian vs. separate Windows version? This doesn't make sense. It would be more fair to compare Debian to a total sum of all Windows version (possibly minus common vulnerabilities), and then Windows would be high on top.
Also, what Linux desktop users should do in that case? How should they protect themselves? Is there such a need for desktop users?
Just the other day when i was researching Antiviruses for Linux, I said to myself, gosh I wonder why The PC Security Channel hasnt reviewed any of the Linux AV's. I would love if you cover more Linux topics and how to stay safe on Linux as well, including Linux AV's and Linux firewall options as well as how they work. I think it would be very helpful especially for Arch users who want to download everything in the AUR. Thanks!
Idk what to say about the AUR besides just don't. If you want app availability use debian, or an RPM based distro like OpenSUSE or Fedora, or Alma linux.
@@nou712for app availability you actually want Nixpkgs which is the largest repository (in terms of packages and up to date packages) in the Linux world (even beating the AUR)
The biggest threat to any system is, and will always be, the user. It's impossible to make a system 100% secure unless you unplug it from all networks. However, while Linux is not immune to malware, several factors make it more secure for end users compared to Windows:
Market Share: Windows has a larger market share, making it a more attractive target for attackers.
User Privileges: Windows typically gives users full administrator access by default, while Linux does not.
Bloatware and Spyware: bloatware and spyware that often run in the background on Windows, not on Linux.
Proprietary Software: Windows uses more proprietary software, whereas Linux's open-source nature makes it more secure because everyone has access to the source code.
Package Management: Linux distributions have package managers that allow users to install software without needing to search online. These packages are maintained by the distribution and regularly updated.
Sandboxing: Snap and Flatpak apps in Linux run in sandboxes with their own runtimes, enhancing security.
While Windows prioritizes convenience, this often comes at the cost of security.
my roooter has been infected 💀
Roto-Rooter
🤣🤣🤣🤣 Hey, tuh may toe, tuh mah toe
well atleast ur data aint going to your ISP lol
One error i should point out in this video is that: On Windows, You don't need to download extra package to run Malware, bloatware, AI surveillance-ware. Because Micro$oft already pre-installed for you
The problem with malware on linux is that, since there are things like package managers, a lot of the ways a basic desktop user would be compromised are gone.
Until you install a malicious package. Those are actually surprisingly rare though.
@@chri-k Ive only ever really seen snaps and aur packages compromised, and rarely too.
I expect devious packages to have a massive uptick corresponding with any major adoption of linux in the consumer market.
@mcdazz2011 In the most overwhealming majority of cases it does require interaction. You browsing the website and getting code executed on your machine from a website required your interaction to begin with. If we talk about phones, in that case it is typically different. ISP's have full access to your phone anyway and can do anything with the IMEI code.
Got a question for you. Is there a need for antivirus on Linux, or are other security experts correct in saying it just creates another attack vector that can bypass the user authorization for install?
Antivirus on Linux could be useful in case where you store a lot of files. However, the most common vector for Linux malwares are misconfiguration and supply-chain attacks, so it isn't a big issue if you're just a normal user browsing, playing games, doing work. Maybe throw stuff in sandbox, like Flatpak does, and keep up with the news, but that's it.
I thought this video will show a common mistake that a linux user would do to get a malware or virus. This video is like saying iphone can get a malware too
Exactly, only by backdoors or jailbreaks ( xz or running wine malwares ) you would get malware, but by updating your system and running wine apps isolated (flatpack wine app) you arr mostly safe
how do u deal with virus and connectingg these pcs to the internet if u needed to do updates or install software? i given a x99 system and ive wiped it but i still dont trust plugging it into my network to reinstall all the driverrs?
What is the best AVP for Linux?
Don’t need one on Linux. You don’t download random executables on Linux, you only download through trusted app repositories so you should be safe unlike windows where u run random executables to get your apps
I would imagine the same as on windows would echo true for linux but most providers only have some fairly expensive endpoint security suites,. If you want something free ClamAV/rkhunter/chkrootkit would be the combo on top of avoiding packages not from your distro maintainers and general caution when online.
AVP (Anti Virus Protection)?
common sense
@@GBR9794and healthy scepticism
1. How do you manage to get that when you use repos, then also giving it permissions and make it executable?
2. How do you even count the number of vulnerabilities on a closed source OS like Windows and MacOS?
Great video nonetheless, thank you!
You can do way more than just basic browsing on Linux these days. lol
Haha lol
I've been using Linux for almost 15 years and have never experienced anything like viruses or malware. Althought you have opened my eyes. Thanks for such amazing content. Do you recommend installing an antivirus on Linux?
I wish one existed in the first place...
Not on a desktop no. They'll make your system less secure.
@@BarafuAlbino They do exist, but only for enterprise (aka expensive). Just search for Linux EDRs
@@BarafuAlbino ClamAV?
@@nou712 Is for detecting Windows malware in files passed through the Linux server, and is worse at it than HitMan Pro in Wine.
How do you check a router for malware?
If it is a piece of enterprise equipment with a valid service license, then the manufacturer will often release tools that you can use to evaluate their devices and check for known vulnerabilities or exploits. If it is a consumer-grade device, then the best that the average person can do is keep the firmware up to date and cross their fingers. That's why so many of these devices get compromised.
@Just-Another_Channel Certain routers can have their firmwares flashed with custom code like OpenWRT. Somebody could rewrite the file and flash your router with it.
@Just-Another_Channel routers have vulnerabilities just like any other device, especially if they have a management interface exposed publicly. If you run a web server and look at the logs, you will regularly see requests trying to execute code that will download MIRAI.
where can we find the table visible in the video in 2:01 "the vulnerabilities by year" ? Thx
I am a C programmer and the only applications I run are open source ones that I compile myself or mostly write them from scratch.
I would but I hate setting up dependancies also cmake
The problem is always between keyboard and chair. That's why EVERYONE on the Linux stacks want to remove as much weakpoint where the user IS the issue - hence Wayland, portals, and sandbox in general. I may not like snaps and snapcraft, but it makes a lot of sense for business users who just want secure by default and a relatively strict repository (though recent snapcraft store issues shows that there needs more investment on their store). The average user should just use snaps and flatpak, because while they aren't perfect, they're so much better for most non-power user usecase in so many ways, security being one of them.
What do you think about Windows recall? As for now limited to AI chip no telling down the line it's uploaded to the cloud to do any offload AI work. Microsoft does have the things to do switch the toggle back on after a update. It's like Spyware dream looking for password leaks, bank details and so on.
The cornerstone of desktop malware is user error. And Linux, unlike Windows, does everything it can to reduce its probability. In a normally configured Linux system, malware cannot do anything significant without superuser privileges, and vulnerabilities that allow privilege escalation are rare and can be resolved quickly. So the only way to give malware access to do damage to your system is for the user to execute it via sudo, which would require them to enter their password.
Whereas the vast majority of Windows machines have a single admin user, and that user only needs to press a single button to run a programme with admin privileges.
Of course there are caveats to this, but in general, a properly configured and updated linux system is many times safer than a similar system on windows, simply because it won't let you do nonsense.
Is fun how some Linux users don’t even have firewall installed since they don’t really know how Linux works
any plans to create a video regarding resource utilization comparison of AVs like Kaspersky and Bitdefender?
Tbh I've seen more Linux users falling for the rm -rf /* prank than for any sort of malware xD
So how does one secure Linux in terms of great anti malware software?
U dont need anti malware on linux, cause u simply dont download malwares!
Appreciate the Linux security content
Elf vs exe is quite misleading : elf is used on both !inux and MAC.
Same for debian (all versions, os+ applications) vs a specific version of windows (with minimal built-in tools)
Or linux kernel total where you’ve got tens of various kernels (major reached 6 with several minor releases each) versus one version of windows.
The are linux malwares... but they are still few and with a very limited impact... looks like the video was sponsored by Microsoft
They generally target Linux servers not normal Linux users.
thats more serious
@@kadircelikYT Wow you are everywhere
Can you share the website which shows the vulnerability ranking of OSes? thank you
Finally, someone has addressed it. Many Linux users believe their operating system is superior to Windows or macOS in terms of security and resistance to vulnerabilities like malware and viruses.
its security model is generally better especially in a multi user environment. Being overall better from a security standpoint does not in fact mean your impervious to attack which is a common misconception. Most experienced linux users would not simply claim linux is better but would ask you to quantify the question of "is linux better than windows for security,etc?" as the answer depends on threat model, the users of the system, the administrator of the system, etc.
it isnt, the users are smarter than windows user tho. And that's a fact. It's really easy to hack sum termux script kiddy with netcat or just delete their android/* and you can hack their accounts since they enter info or install apks using their adb in termux.
Linux (and MacOS) have certain architectural advantages over Windows that make them more resistant to certain types of malware. They have better process isolation, seperate exexutability from file names, tend to ship more secure defaults even if they break binary backwards compatibility etc.
If run by a competent user, there isn't a huge difference in security between OSes through.
Well said
also virustotal dosent detect encrypted batch scripts so windows might not be as secure i encrypted a bat file with a simple encrypter and it got 99% clean only one ai antivirus detected it as encrypted maleware so i encrypted it again and it was 100% clean if you wouldnt look at the sandbox files you wouldn't know it was malicus.
Does Windows have anything like SELinux or fapolicyd built in? Hard to imagine how you can get malware with either of these enabled. IoT devices usually ship with all of the built in security turned off and then some dodgy cgi code installed to manage it. It's no wonder Mirai is a thing.
As a linux user only using software from repos, should I worry though?
No, unless there is somehow a package with a backdoor etc. I have switched to flatpaks for gui apps whenever it's possible
You don't really have to worry much
@@linux_for_noobs keep in mind that flatpak is a very weak sandbox on default and as long as an application has access to the X11 socket it can easily sandbox escape
@@linux_for_noobsXZ in a nuttshell
if u use the AUR for example from arch, you should but not exacly needed once you look at PKGBUILD and the comments for instance.
Just be a normal vigilant person, no need to be paranoid.
I am not a security expert so I can only make assumptions but isn't it the case that Debian as a GNU/Linux distribution is completely open source and therefore it is much easier to find security holes than in closed source systems like Windows where you can basically only try and error ? Also, in my experience, when security holes become public, they are fixed much faster with an update in GNU/Linux than in windows.
But I also see it that as a normal desktop environment for standard users windows is safer because there is real virus protection software that prevents the user from running viruses. In GNU/Linux there is no such thing except to my knowledge ClamAV which has real time protection but even there installing it is less for standard users.
Win 7 is number 15, is that telling us something?
No, they stupidly split all Windows releases while still keeping something like Debian as one entity. Win 7 being 15th only shows that as more people get into programming, there is more malware being made for newer operating systems. It wasn't as common to know programming basics 15 years ago as it is today.
@@Cavi587 So Win 11 will get the most malware?
@@davehenderson6896 If it gets wide adoption and overtakes Windows 10 in market share then probably yes. If it flops then it might not be the case. Ultimately most malware for Win 10 can also affect Win 11 because under the hood these systems are very alike and Win 10 gets a lot of backports from Win 11 security anyways.
@@Cavi587 Yes Win 11 is Win 10 with a new paint job, I think both will be targeted because of that.
The reason you don't have to worry about malware as much on Linux is that Linux is much less used on the desktop, so the malwares for normal private people are usually only made for the much more lucrative platform of Window$. Only for servers and appliances does it make sense to make your malware for Linux.
Bro is seriously been misinformed Windows 10 has 8659 Vulnerbilities
I’m making the switch from Windows 10 to Kubuntu. How do I defend from malware/virus?
Simply only download from apt and you will be good 👍
why do I feel some bias here?
Sounds like you don't know your stuff well enough
@@ravebourg and you don't know linux well enough either
@@vegetotownley That sounds like a yes. I however use Linux nearly every day.
@@ravebourg no you don't.
@@vegetotownley Haha... I have been using Linux distros for over 7 years. And I can confirm that neither OS is very resistant to malware.
While I was using Windows, I found myself thinking "Oh, so long as I keep everything updated, I should be fine with Windows Defender."
I lasted from 2015 to early 2020 when SmartScreen (on MS Edge) caught exactly 1 infection some time in March. Whether it was from the malware or my computer's age, I started experiencing hard shut offs some months later whenever I played any game that wasn't Minecraft Bedrock or Minecraft Java. Even Roblox crashed me after like 10 minutes; Minecraft Dungeons and Cities: Skylines instantly crashed me before their main menus loaded.
Anyway, I got a new computer that same year, and decided to put Linux on it last September. However, since modded Minecraft malware is becoming more mainstream, it's a bit disappointing that there aren't good antiviruses on Linux like there are on Windows. The few companies that I found that offered home desktop solutions no longer do so. The Prism Launcher Flatpak can only protect me so much right? Even though I plan on keeping Linux for the foreseeable future, the fact that there aren't good antiviruses here is adding to reasons of me switching back to Windows.
Lack of antiviruses isn't the issue, it's human error. Just look for mods or modpacks from reliable sources man
How will Linux AV's even access sandboxed processes?
He is talking mainly about servers, supercomputers or IoT devices. Those are identical in setup and are often not updated properly. Desktop Linux is more differentiated, however, although some distros come with Apparmor installed and various security measures, many common distros (usually based on Arch) don't, and it's up to the user to take care of it, while average users run system as it is. For example, I run Manjaro, and it has apparmor, but it's not configured. In many ways, Manjaro is a low security distro, because it's not its main concern - again, it's user's responsibility to set it up properly. However, even then it's not 100% secure. Still, if your distro is rolling release, you need to have everything up to date, while on Windows it often takes more time to get the updates and many apps must be updated manually. Using Tails or Cube OS is not practical for an average user.
Linux is becoming more and more popular, so with time, people will recognize it needs some additional security tools to be added, shipped, configured.
@@afriquelesud They can run at kernel level, some products are already using BPF LSM to get data directly from LSM hooks. One example that I can think of is Falco, used to analyse processes in containers on enterprise.
Debian Linux has 'the most vulnerabilities' because it 'comes with' more packages, more software than any other distro or operating system. The number of vulns includes everything that you could install, out of the box, with an 'apt install' command.
Even if you included everything you can install out of the box with the Windows Store or Apple Store, you wouldn't even come CLOSE to the number of packages available for Debian, and which contribute to the number of vulnerabilities.
So, to say that Debian 'has' the largest number of vulns is really really disingenuous and IMO misleading.
I don't understand how this was misleading. You said it yourself, the massive amount of packages available on Debian contributes to it's vulnerabilities. I use Linux too, but Leo was simply stating facts here.
The other thing to note is that Debian and Android and Fedora vulnerabilities are aggregated whilst Windows ones are segregated by version. If you were to distribute debian, fedora, and android into their versions, I would expect them to be much lower.
They put all Debian release from 1993 up to today, pretty much normal there is over 8000 vulnerability, yeah you right, this is misleading.
Could you please test security software on Linux which is best and how to use Linux safely.
I want to switch to Linux, because I'm tired of windows especially the upcoming Ai update, that will record everything
The best security software on Linux is not running additional security software. You use Linux safely by keeping your system updated and not downloading software from websites.
@@notjustforhackers4252 you can also stay safe by staying in your home and never doing anything
but that is kind of ridiculous to expect
Don't buy into this creator's fud. It's just to generate clicks and engagement and doesn't have much to do with the real world.
If you download a mainstream Linux distro and only install software from the package manager you're almost guaranteed to be safe. It's best to regularly update the system as well, even tho there's no mechanism to force you to update.
If you absolutely must install a package that's not available from your package manager, make sure to research the correct way to install it and don't just click on the first Google result
minimal privilege principle is widely considered as the main security rule. That's why linux means security. And antivirus means a breach in security because you delegate your rights to some unknown 3rd party agent
Where did you gather that much of false info? Usually I like your channel but this STINKS like a paid advertisement from micro$.
Whatever your OS, if you download software anywhere you are going to have problems... As for your vulnerability table @1:48 it is more than questionable.
Debian 12 (Stable) does not contain 8755 security vulnerabilities !!! The figure of 8755 flaws that you put forward is the sum of all the flaws of all the variants of Debian and it counts the same flaws several times if they are present in several versions...
Debian is made up of several branches, Debian Odl (11), Debian Stable (12), Deban Backports (manual update possible for Debian Stable), and development versions namely Debian Testing (future version 13), Debian Unstable (pre-testing) and Debian Experimental (pre-Unstable).
However, it is completely normal that development versions like Debian Testing, Unstable and Experimental are more impacted by bugs and security vulnerabilities.
If this table were honest, as for Debian it should group together all the vulnerabilities of all variants of the Windows OS's still in use, as well as flaws in development versions which are not public at Microsoft.
And Fedora should also include all security bugs/flaws from Red Hat and Cent OS, since they belong to the same editor Red Hat. Fedora is a preview of what Cent OS will be in the future which is itself a preview of what RedHat will be in the future.
To be honest, I think Windows has much lower vulnerabilities because it is closed-source. That means only Microsoft devs can check for vulnerabilities, which are very few people compared to linux community. Also I want to add, that packages on Linux work differently than Windows. On Windows it is a lot easier to get viruses because you are downloading an executable from the internet, and you don't know if it is normal or virus. On Linux you need to install them via a package manager, which is being maintained by the community and stored in a strict environment. Packages are run in the first phase the CID on Debian which is checked by devs for any bugs or some vulnerabilities, such the recent .xz scandal. That had not been pushed to the stable Debian, so the majority of users weren't affected.
@Eskom_SA CORRECT!
There is no such thing as exe equivalent in Linux, any file can be executable in Linux, if you you set it so. File extensions in Linux are just for fun.
ELF is the executable format used in Linux not an extension.
@@samega7cattac Doesn't matter, if the file is set to non-executable, it won't execute regardless of the format.
@@jarekzawadzki that's a permissions thing, not executable format thing.
OMG just switch to Linux
Least desperate Linux user
bill gates has crammed his meat on your back
What about those phishing SMS messages? I get them all the time. Could you do a video on that?
they are just scams, ignore them
"Legolas! What do your ELF eyes see?"
What the hell that elf file is? Lol...
It is the executable format on Linux. Windows used PE, Linux elf.
@Just-Another_Channel lol
ELF is an abbreviation for "Executable and Linkable Format", and they are linux's equivalent of a .exe file on Windows.
@@IcedragonofSolitudenerd!
So, for the average (not expert) home user, what are the real, viable options for malware protection in a Linux based system. It sounds like that a Linux malware infection is unlikely, but when it does happen you're screwed.
Hmmm............, Yes and no. First of all, you just can't do a "Linux vs Windows comparison" because there are several versions of windows, and hundreds of versions ["distros"] of Linux. Policies in windows "professional" are pretty easy to bypass. And there is a reason corporations use hardened versions of Linux [even Microsoft servers not behind a firewall] because it is inherently more secure. And more than that, it is more securable. But sure, you can get distributions of Linux that are more insecure than windows home. Some commercial versions of Linux have as much privacy compromises as windows does.
Linux servers are attacked because they are usually involved in securing masses of important data and money, so of course regiments of hackers are going to try to break into them.
An ordinary home user with a $1000 in the bank? Not so much. And since a home user is more likely to use M$ than Linux, the home linux user is statistically safer, all other things being equal. Social engineering attacks will always be a thing if the public is not technically savvy.
So a "Linux vs Windows comparison" is going to always be a "comparing oranges to apples" fallacy. Unless you do specific comparisons. With any scientific test, you control for everything else.
And you can't do a Microsoft OS install without connecting to the internet, which is pretty dumb when you think about it.
The best way to clean a malware infected system is to boot into a change-rooted environment with a last known good OS, no matter what OS you use. Indeed, that is what many anti-malware rescue platforms do.
And the other problem with Microsoft OS, is that you cannot reduce the attack surface easily. Linux is far more configurable, right "out of the box". If you don't like bloatware, you can trash all of it. The fewer programs running on a system, the fewer attack opportunities.
And of course there is the eternal adage of: You can have convenience or security, but not both.
The Vulnerabilities table is misleading, it is by default “all time” which mean all history of vulnerabilities including corrected ones and the ones still exists not a specific year. Debian in this year and month November 2024 have only 9 Vulnerabilities
This video was sponsorised by Microsoft...
No
Pretty much
1:58 Lol, win 10 + 8.1 + 8 + 7 alone already has way more vulnerabilities than "Debian Linux" which is all versions of it since 1993. Even excluding Windows Server, i'm sure all windows versions combined would be many many times above Debian
Arch doesnt get malware 😂 good luck using mainstream linux
The aur has been compromised on a handful of occasions. But the community is very quick to root them out.
What the hell is an elf file and why have I never heard or seen them before?
Can I peak inside it like a shell script?
Do I need to chmod +x it to run it or does it need additional utils?
My users don't have sudo so it sounds like blowing away their Home dir will clear it like any other local issue or dirty script.
What is the way to overtake a Linux machine with elf automatically?
Elf files are everywhere in your system, they just dont end in .elf
Based on the comments, this seems to be a pretty shit video that didn’t haven’t much research put into it and came across as more of a rant than anything
linux is a great way to avoid script kiddie malware, which is the most common type of malware kids, elderly, and non tech savvy people will encounter. so if someone use mainly the internet and some basic word processing moving them to a just works distro, and making sure they know not to install ANYTHING from the internet, or maybe even not allowing their user to install stuff from the internet, only from the app store, like they would do on a phone, would be very useful.
do that with some "don't click any link you get on email, especially if they say its urgent, contact whoever sent you the email through another media like a phone call" and other useful tips to avoid malware, and your love ones will be way more protected against malware and other cyber attacks.
Skiddie malwares will mostly be stopped by AV.
Windows nowadays have included AV by default.
Not Linux.
@@bobmauranne6829 its easier than ever to create malware to windows. you can follow a tutorial on youtube and get an AI that will write the malware for you. linux have security by obscurity, so the basic phishing emails that give you something you think is a .zip but actually its .exe or whatever don't really work on linux.
There is a big difference between carelessly executing dirty files and installing a pre-infected corporate operating system. Being on Windows since 1993 and enduring everything Microsoft has put us through, I'm finally throwing in the towel in the Windows 10 era and headed to Linux in search of higher ground. I'll take my experience and knowledge with me as I have learned much over the decades regarding these issues.
Gotta make sure to always validate the checksum and make sure that iso is legit
Runs something with sudo without checking the content of the file
Linux is not secure guys i am a youtube cyber security expert trust me..
Btw, imagine how popular and widely used ELF is when i've been running linux for 20 years now and it's the first time hearing about this, people don't click we compile code from source, not sure what this guy is on about.
This is a sells video for a software product that he sponsored by.
People mad he said linux is not completly immune to malware
There is no need to stupid numbers
When u have windows u don’t know what y r installing
But when u have linux u know
And have complete control over all prommisions
Of course it is a completely different if u install malware yourself from the source and give them complete permission to do everything
Recently saw an huge demand for Linux guides especially for those switching from Wind0ws (more bloaty and creepy than ever)
I've also been starting out my Linux journey in 2024 and I am loving it, learning new things.
Welcome to the penguin club mate.
Happy to welcome new users! I hope your stay is lengthy and full of open source contributions!
Hey Leo! Can you test Microsoft new security feature “Smart App Control”? With maximum windows defender settings?