Image by via Flickr
One question for Linux gurus: Why is it that Linux/Ubuntu is said to be so secure..? (to the point you almost don't need AV)
Is it because simply no viruses are programmed for Linux (like Macs), or is there something special about Linux architecture/core that makes it less vulnerable to attacks..?
I'm not a guru, though with twelve years' experience, I feel I am qualified to answer.
The most important part involves the history of Unix (Linux is a Unix-alike), Which is forty years old. Unix has had privilege separation and emphasized multi-user environments for over thirty years, While the system for privilege separation is rather simple by today's standards, every program on any modern Unix (or Linux) grew out of the Unix multi-user culture. Programs respect it. They don't require Root (Admin) privileges to run. They don't expect a single user environment.
Like I said, this user/group/all privilege system is too simple to be comprehensively secure with all the sophisticated attack methods people use these days. SELinux and AppArmor are additional systems which sit on top of the old u-g-a system and which sandbox processes. Ubuntu uses AppArmor for a lot of applications.
On the other hand, desktop systems like Windows and Mac come from a single-user culture. Sure, the NT kernel and kernel (part of Darwin) used by modern versions of Windows and Mac both have privelege separation (and in fact, Mac is a certified Unix, unlike Linux), but the cultures have long been single-user, and applications written on top of the kernels express that. It's difficult to secure a system when the applications are fighting you. In fact, Windows' security model is probably more advanced than Ubuntu's now, but some poor programming practices and the single-user culture shoot Windows' security in the foot. Mac, too, makes extreme compromises in the name of user-friendliness and sets itself up as the first to be the first to go down in all the Pwn2Own competitions.
Secondly, we have diversity and heterogeneity. Microsoft makes great effort to retain backward compatibility between releases. In other words, the ABI is stable. Binary programs which worked in version N-1 are expected to work in version N. The Linux kernel promises nothing of the sort, and indeed, seems to take great pride in changing the ABI as often as possible. Binary applications break randomly and no one makes an effort to stop that. Imagine being a Trojan or virus trying to keep up with the latest version. At any one time, there are tens of kernel versions in the wild, and in truth, each distribution generally has a slightly customized version.
Why doesn't that lack of ABI stabiliuty destroy the Linux ecosystem? Well, because few programs are binary. Linux has a relatively stable API, so applications can be easily re-compiled (by Debian and Ubuntu, in this case) to use the new kernel headers.
When you look on top of the kernel layer, you see even more heterogeneity, Not only do you have desktops for GNOME and KDE, but XFCE, ROX and LXDE. You have window managers like OpenBox, FluxBox, and RatPoison. You have two different print systems. You have three major word processors. i don't even want to count the number of browsers, file managers, and text editors. In a diverse system like this, what attack can be automated? Non-automated attacks are costly. Heck, you can even run Debian on the FreeBSD kernel if you want to.
Compare Linux's situation with Windows':
- ABI stability
- IE used in at least 60% of cases
- MS Office installed on most systems.
Finally, you have the market share factor. It's real. Windows is a large target with that homogeneity that Linux lacks. Not only does Linux have 1-2% of the installed base, that 1-2% is misleading ... because each distro is in actuality a different OS which likely needs different automated scans to be penetrated. How is all that work worth the effort?
Is Linux impenetrable? No, of course not. Red Hat 5 and 6 were especially vulnerable to some automated attacks, and one of my boxes even got owned back in 2000 or so. These days, there's not so much to worry about, but you are unlikely to stop a dedicated and talented individual from breaking in unless you know a good deal about system hardening. Then there's the user issue. Create a nice trojan. Package it as a .deb. Advertise it as a great new screensaver. Get users to install the .deb. Bang! The users are owned.
The weakest link is always the user. Once Linux gets an install base outside of techies, I expect we'll see some trojans.