Wednesday, November 19, 2014

Running a Linux Desktop Does Not Equal Security

Update Thursday, November 20, 2014
Part 2 is available.
November 11, 2014 update:
Part 3 is available.

For years, there have been a lot of silly things written by 'fans'. The Microsoft people versus the Mac people, etc. It took years to get the Mac people to shut up, and it may take more years to get the Linux crowd to similarly STFU.

Much of this is about Security by Obscurity. When Macs were rare, they were seldom attacked. Arguments were mounted about the inherent superiority of the BSD-derived OS, etc. These days, both operating systems are being hacked left and right, so the point is moot.

Still, the Linux fans persist, in some circles, with that same inherent superiority argument. There are valid reasons to favor Linux, but this is not one of them. Linux is being being hacked left and right as well, and 'fan' behavior is just random Internet Drama. Otherwise known as noise.

Security by Obscurity is often derided by the clueless as something to be avoided at all costs. Let's put that to rest straight off. It's an entirely valid defense, as evidenced, for example, by the well documented reductions of attacks resulting from the running of SSH servers on ports other than 22.

Security by Obscurity becomes a problem when it constitutes the majority of a defense strategy. If it is your sole defense, I am very glad that I am not you.

So What is Obscure?

The Linux desktop is, of course, fragmented. For years, Gnome ruled. Some of this was due to freakish historic accident: Linux taking market share from commercial UNIX, etc. At one point HP announced that HP-UX would feature Gnome as their replacement for CDE. Later this was quietly withdrawn.

The KDE desktop has a long history as well, with a surge in popularity in about 2000, with KDE 2. However, Red Hat chose Gnome.. They had to bottom out on something, as they were all about support, and Gnome had more mind-share.

KDE is not obscure, but to this day it does not have the mind-share that Gnome does. Which is a shame, in some respects, but not in others, precisely because it was less popular.

Even a Less-Popular Desktop, on a Less-Popular OS, Does Not Equal Security

KDE used to be a great work-station trade-off. Technologically advanced, easy to work with, yet almost never exploited. So, similar to the way Mac fans thought of their OS, but with a slightly better grounding in fact.

That sweet spot, such that it was, is now over. This post is already dry, and boring. I'll post a Part 2 tomorrow.

Update Thursday, November 20, 2014
Part 2 is available.
November 11, 2014 update:
Part 3 is available.

No comments:

Post a Comment

Thanks for your comment; communities are not built without you.

But note than comments on older posts usually go into a modertion queue. It keeps out a lot of blog spam. Weird links to Web sites hosting malware, marketing nonsense, etc.

I really want to be quick about approving comments in the moderation queue. When I think I won't manage that, I will turn moderation off, and sweep up the mess as soon as possible.

If you find comments that look like blog spam, they likely are. As always, be careful of what you click on. I may have had moderation off, and not yet swept up the mess.