I think the most important fact is having many tech savvy guys using it.

im sure linux actually absolutely dominates the operating system market if we include servers and not just individual users

What makes Linux safer? The users.

Lol don't be silly. The most secure desktop operating system is obviously TempleOS.

You forgot to mention linux does not come with a built-in backdoor to your computer. Update: Well I guess XZ had proven me wrong.

Not to mention all the patches and possible compromises are CLEARLY listed in the updates unlike the dodgy language of windows and Mac "updates"

Temple OS is the only safe and secure OS. Just try mounting a usb device in it.

I'll swear by Linux's flexibility any day. It's just so much easier to execute on weird hacky ideas. I've had two overlapping Zoom classes at one point, and I'd create two virtual PulseAudio-JACK sinks where each class would go, and wire each class to the left and right channels of my headphones, separately, then use two instances of OBS to record each class into separate files and folders at the same time, so I could watch separately later, and I had a third instance of OBS streaming "the meme camera" into v4l2loopback, and into both Zoom sessions. All of that, while running a Windows 10 GPU passthrough VM in QEMU, where the VM's main virtual disk is a GPT-formatted _partition_ in my physical SSD, that QEMU accesses as a block device, for maximum performance. Less than 10% CPU usage running all of this with VAAPI (aside from Win10 occassionally taking up more), on a Core i7-6700k. It's madness. Windows just can't do that shit, definitely not nearly as efficiently, and definitely not without a ton of crappy trialwares downloaded from the Internet. And that doesn't even count all the times I made slight, trivial customizations to the software I ran at the sourcecode level, to hack around limitations or play with even weirder ideas.

If you have a hard time installing any package not made for your specific distro, imagine how hard it is for a dude to make a virus for Linux.

The biggest vulnerability is located between the chair and the keyboard. All jokes aside, not all malware uses vulnerabilities to work. Many of them may (and not limited to) give the attacker a reverse shell to the target. To mitigate this attack vector, a good firewall rule is needed.

gnu/linux safest? no gnu/linux safer than windows? yes

To be clear though Linux servers are well known targets. It doesn't get as much press as Windows vulnerabilities but they are still vulnerable because they run most of the web as we know it and not everyone updates their version of Linux.

Well by richard stallmans definition everyone is a hacker

1:30 "The script kiddie possibly hasn't even heard of Linux themselves." HAHAHAHAAHAHAHAHAHhahahahahaahaaaaaa..... I see you're unfamiliar with the ranks and armies of edgy 12 year olds who hear about Kali Linux and revere it like a holy grail of hacking, as if simply having it installed is a sign that you're an unstoppable force not to be deterred from your hacking goals. Then they wipe their Windows XP installation and install the thing so that they can escape from their cushy lifestyle into that of a runaway badass hacker who can't be stopped, and end up not only never figuring out how to hack anything, but also never figuring out how to get basic stuff done on Linux.

You've got me convinced, I'm switching to linux as soon as I graduate from my online school that does not support linux.

And then there is OpenBSD

I talked to my dad about open source software, he said that people back then tried to get him fired for pushing things like Linux.

OpenBSD...

Another reason for Linux being more secure than windows is that a lot of Linux libraries are dynamic which means every single package uses same system libraries so if that lib have bugs and they fix it in the newest version of kernel it will be fixed for every single package that uses that lib There as in the windows world lot of the applications uses static libraries which means that libraries are inside the package itself and each developer should include that bug fix inside of there application So instead of just updating once to fix the bug you need to update every single application that uses that lib to fix bug

BSDs are generally more secure.

Hi Mental Outlaw, thank you for your videos, they effectively add insight and real value to the discussed topics. You know, IMO, I think that another reason for Linux to be secure is because of its architectural design, because basically, it is designed in layers like an onion for example, being the most inner layer the kernel. From there "to the outside" you have the other layers like video, audio, the user space and so on. So, as you can see, for malware to make a real damage it has not only to get permission, but also it has to reach the innermost layer of the system, which is the kernel. If for example, a certain user in the system downloads a malware, it will affect this particular user and will not have effective damage over the inner layers of the system. So, in order to bring peace again it would be enough to at most delete the users profile and recreate it again or have it restored from a backup, using tools like rsync for example, if you previously did a backup of course.

Most modern Windows systems have file permissions (ACLs), but other than that you're 100% right

I think you touched in an important point when it comes to windows. That their security model is rather basic and only really got better since Vista/Windows 7. Furthermore most people want to run as admin on Windows when most users in Linux don't need to run as a admin (SU iirc) unless needed. This is further made worse with how often software on Windows needs to run on an admin account otherwise it just fails to work. If most windows based software can run well in a limited account and most users actually use the limited account windows would be much more secure OS. Not as secure as Linux though. You win there.

All of this open source stuff is only good if you have a fairly large audience. There are github repos that contain frameworks used by only a few developers but the projects using these frameworks have many users. And malicious people who may find those vulnerabilities and not choose to report them but abuse them this open sourcing helps them find the vulnerabilities much easier.

But can it survive my "sudo rm -rd /" virus?

This market share info is outdated. Linux is now at almost 3%

That pie chart at 2:00 could be updated given its 6 years old as at the time of this comment. Surely the data is no longer valid.

Windows has file permissions as well, In fact it is a huge part of most business domain servers. The truth is by default windows is awful with these permissions.

Why did you pick a operating system usage graph from 2014? It didn't even have Windows 10 on it, and a lot of people used Windows XP and Windows 7.

I am a fan of the channel. Would you be willing to do an interview for the KZbin show Linux Spotlight? The show tries to showcase the best thing about Linux, the community. In the show, each persons talks about their journey in Linux.

I think the point about execute-permissions is a bit weak compared to the other very very good points you make here - not just because those permission do, in some more hidden, harder to utilize form, exist in windows too, but because a considerable portion of hardware is not "executing when you didn't mean to execute anything" (a word document disguised as an executable), but instead "executes when you meant to execute something else" ("this is a self-extracting archive that contains your word document"). If I believe that I've downloaded a legitimate program requiring execute-permissions won't be a safeguard in any way. Still a very good video, showcasing how much of Linux' safety comes not from the OS itself, but actually its community & individual users.

The biggest thing that feels safer to me in Linux is that if you make a root user, it's not an accessible account, you have to switch to it using the terminal for everything you want to do, then you go back to your regular user

Although it's a good point about the execute permissions because as far as i know all browsers make downloaded files non executable on linux there's still the malware that works directly through browsers. There has been multiple bugs especially in chromium where script running on a page could escape the sandbox and actually affect the host operating system. Another thing i find a big problem on windows is cscript.exe because it's configured to run files such as .js by default and i've seen numerous cases where attackers sent javascript ransomware through email and in outlook just one click on the attached file and windows just run the javascript code without any prompting. Remember what is run by cscript is full javascript *including filesystem functions* not the sandboxed browser javascript allowing ransomware to encrypt the harddrive

Linux = AMT conduits baked right in. Linux: Hi NSA, have some data! FreeBSD = What's AMT? IME: Can I has your data? FreeBSD: OK, but it's encrypted. IME: Can you decrypt it? FreeBSD: Nope :3

I love the running joke that 4Chan is an elite hacker group

One thing you kinda glossed over that servers are actually running on Linux (20 to 90 percent, depending on which source you consult) and actually are a good target.

To be fair.. Windows uses ACL for file permission, which isn't worse than Linux File Permission System. Yes, it gets undermined, if the user is an Administrator, but that is also the case, with the linux root user or just about any user which has access to sudo. If a malware gets past the UAC (which isn't trivial, as long as the UAC is protected with the account password (which really should be the default)), it gains full system access. But on the other side, if a malware gets past sudo, it also has full system access. No file permission system can help you in that case. But as long as we are talking about limited users without access to root/administrator, the file permission system from Windows isn't worse than the Linux permission system. And yes, Windows has a "Read & execute" permission in its acl and if you disable that for a specific user.. well.. in that case the user can't run the application. And yes, this also works for administrators (but obviously they can reenable this permission for themselves but again.. this is also the case for linux), and yes you can inherit this permission through an entire folder structure.. so you can make any application in for example the user folder not executable by default.

Just had my first full day of Linux (Mint), loving the control and it not doing whatever it wants

Hey, would you consider also hosting your videos on LBRY?

Bro that 25% windows XP market share is insane to me. Even in 2014. That’s still a lot for back then.

mental outlaw really swag !

Some guys in my school made a desktop shortcut to the shutdown script for our computers. caused chaos when people clicked on it thinking it was chrome or files etc...

Did you record this audio on a loading dock? Love the vids, thanky brain bandit.

Let me start by saying I am a fan of your show and I like all the content geared towards educating people about Linux and open source. Having said that I feel I need to correct/clarify a couple points you mentioned. And just so no one thinks I don't know what I am talking about. I have used and tested MANY flavors of Linux for over 20 years, since the Red hat 8 days. I have also worked in IT for most of that time, 10 years of which I did IT security for a number of private companies as well as for the Department of Health and Human Services. So the first point is, when you said there isn't a lot of malware for Linux. There is actually quite a bit of malware for Linux. I agree, not as much as for Windows but, still quite a lot. The reason has to do with my second clarification/correction. This one is one I wish more content creators would read up on and mention in their videos but, they don't. The issue is, while yes, only about 2% of the desktop market uses Linux, that is not the whole picture. The fact of the matter is that 76%+ of the internet is run on Linux servers and a huge number of companies also use Linux servers. For example, the financial industry relies heavily on Linux because it is so secure. Another one is Disney and Pixar that converted almost all of there graphic design and rendering servers over to Linux back in 2003 I believe, just to name some examples. Hackers know this, so a lot of malware has been developed for Linux. However, a significant portion of the malware for Linux in the wild requires user interaction in order to gain root permissions so it can actually do anything on a Linux system. In addition, some of the malware out there is just beta software that was developed by hackers and companies that wanted to see what was possible on Linux and a lot of these were eventually abandoned because the way Linux is setup prevented them from actually successfully infecting any Linux systems and being able to execute their payload. This is also the reason many anti-malware companies actually have versions of there software for Linux. Companies and governments need it to help keep their systems secure. The only reason most of these companies, like Norton and McAfee, don't sell the Linux versions of their software to the general public is because there isn't enough of a profit incentive to do so.

Every Cinnamon GTK theme being like "execute this random Python script to change the options menu" and I'm like "I'm gonna be reading that script before I let it anywhere near execution"

linux might have a smaller desktop share, but a MUCH MUCH higher server share, and servers are where the real money is, so it kinda evens out

most malware samples I've looked at do not use any Kernel level exploits, very very few do, and when they do, it's usually nor a massive issue as you'd have to run them as administrator, many people regard the admin to system security boundary as unimportant. to encrypt all files on your drives doesn't take kernel, ring0 cpl. still I agree with most other points.

- smaller marketshare -> less people to hack - has a standard secure way to install applications and packages - open source kernel, so the bugs and abuses can also be found and fixed by the community there

The concept of Linux as being the most secure OS is a huge fallacy based on the assumption that having open-source code means experts have actually bothered to test it exhaustively. Only a very few Linux libraries used by big corporate sponsors are tested exhaustively; everything else is slapped together. The advantage of open-source code is not security, but reusability -- anyone can build a new widget without having to start from scratch or include separate copies of libraries in the installer, which makes it easier to slap together quick-and-dirty apps to solve immediate needs.

It's not the most secure OS. That's OpenBSD.

Linux is way more secure than Windows & MacOS. But even more secure is BSD. However, I'm still primarily a Linux user, & in my opinion, Slackware is the most secure. I avoid popular distros such as Red Hat mainly because they're likely to have as many backdoors as Windows does. If the Government is using a particular Linux distro, you can almost be sure the Government can intrude on privacy.

I don't know if you purposely do this, and when you think about it, it's not weird at all, but I kinda get a kick out of you calling it "The macOS" instead of just macOS.

Windows also has a file permission system, it's just unknown and/or inaccessible to most users.

GNU/Linux is safer because not any human could hurt a cute penguin like Tux

8:40 You can hear the pots and pans banging upstairs. he definitely lives in his parents basement.

Haven't watched yet, but I'm going to say that there's multiple reasons. 1. The fact you have to keep entering your password to grant permission to make almost any changes to the system. 2. The fact so few people use desktop linux means it's not a very tempting target for bad actors, unlike server linux which is /heavily/ targeted. 3. Since most software is installed through repositories, unless the repository is compromised there's less vectors for viruses to infect you by chance, though you could still fall for a targeted attack if they know your're on linux. I'm sure there's probably a way for them to infect you through an email attachment or something, though far harder than it would be on windows since it would take more than just opening the attachment since it would need execute permission. 4. On the subject, files need a specific execute permission that's /not/ granted by default in order to actually run programs. 5. The general state that for most of the time it's been around and even to some extent now, you need to have at least some technical know-how to do more than the basics on desktop linux, and thus might be less likely to fall for shady stuff. All of this makes it much more unlikely for malware to be successfully executed on your system, but not impossible. Motivated hackers though could probably still get in through some exploit, but unless you're a big target like a business or like a celebrity, or just somebody who pissed off some hackers or something it's less likely to happen.

9:54 “he doesn’t exist, he’s just an extension of your mind”

When you are connected to some device as 'group' or 'other' user and you have 'r' permission, just cat the file to your own and execute. That might be a flaw.

Thank you for articulating this topic brilliantly. Many people, including an information technology professor I know, believe Linux has next to no malware because it's a small target and Windoze is a giant target. They do not believe Linux is inherently less vulnerable than Windoze. Baloney.

forgetting OpenBSD?

1:59 May, 2014. lazy... one more problem at 6:21 . no further explanation on what software repositories are. from the context it is understood they are deployed by someone who has this authority and they are being kept online by a p2p network.(i dont know how repository works) but you never explain in in this video

Yeah, it might be the most secure, but it's still NOT 100% secure. You know what they say, pretty much no man-made software is impenetrable and almost always has bugs. If it takes user input, it can be hacked. If it's connected to the internet and accepts data from there, it can be hacked.

The biggest problems with MacOS and Windows is that they are already compromised before you even buy them because their respective vendors have full control over the systems. GNU/Linux has a similar problem but due to being open source to a lesser extend.

I don't know if secure is the word I'd use. According to several security websites, Linux can actually be a hassle to harden in regards to the kernel and so forth.

@2:01 that sure is an old graph, windows 10 didn't even exist yet

But the same logic can apply for advance Windows users who know what they are doing and check the software they install. To install software on WIndows it must have valid certificate or the SmartScreen will inform you about the mistake you are about to make. Any app that require more Administrative permissions will ask you to give such. Also there is Memory integrity feature for the code running in the kernel. It's mostly the user that makes it vulnerable. Of course you must trust MS nowadays that they patch it right on time and that won't break the system. The real beauty of Linux is control and privacy.

This is all true, but there definitely are people who write malware for Linux, they aren't aiming that malware at the masses though, they target server farms and cloud services which almost all run on a Linux backend.

there is also selinux to make permission better

I thought you shouldn't use 3rd-party repositories, because they can cause many problems?

the popularity argument for malware on linux holds no weight. yes microsoft has a majority of desktop but linux has a majority pretty much everywhere else. and there is definitely more other things then there are desktop users. so if you think of it. it would actually be more beneficially to attack linux for popularity reasons. and also linux controls more important things like servers specifically. if they attack those then they effect literally everybody instead of just a hand full of desktop users going about their normal day. only thing reasonably sound reason is perhaps they attack windows users because they are less technically inclined and it takes less effort. 'grabbing the low hanging fruit' i think the saying goes.

linux is the most secure environment because nothing works not even the viruses not the scripts nothing sometimes not even the sys calls work so no need to worry about it BUT in case you suspect anything just change the distro or kernel it wont work for sure if it still budges try pulling out some of the modules like kvm and you set

the most secure OS by far is openBSD

It's ironic that one of the reasons desktop linux is more secure might be reduced or go away if desktop linux ever became as widely used as many linux enthusiasts would like, that being the fact that most bad-actors aren't targeting it because it's a very narrow target compared to mac/windows.

Tux in armor makes me happy!

MacOS and Windows10 appear to have per-app folder access permissions. i.e. program X has access to Documents/. (Mac: Privacy and Security > Privacy > Files and Folders, Win10 Privacy > App Permissions > Documents). Is this a drawback for Linux? If I install somehow install a malicious program, or install a bad Python package, or install a bad npm package (i.e. via typosquatting), does Linux offer much protection for my personal files?

The difference between Linux and Windows is Linux shines and Windows glows

hummm thing is you could find some malware for Linux since MOST servers run Linux. Also, even with only bash and Linux kernel, you could get sources from git and get every thing else then :3

oh ye thats a classy one i remember loading fraps waaaaaay back in 2009 on windows xp from a sketchy site and got trojan it triggered when i was playing warhammer online something something reckoning i was unable to switch keyboard layout i rebooted, and realized that my PC is bricked but i did had an antivirus software that was able to neutralize this thing so nothing was lost i just rebooted one more time and all was good

It is always very interesting to listen to you, please keep going!

Bravo!

Open source means more eyes on the code.

great information

Just because something is open source does NOT make it secure. In fact, there generally are far fewer eyes on the software because everyone just assumes the software is secure. And the vast majority of open source projects are maintained by 1-3 core developers with the occasional patch here and there from others. Whereas most commercial software is maintained by a team of well-paid devs (not to say that is a better model). Bugs lurk for years to decades in projects until a fresh set of eyes shows up and goes, "Hey...I think I spotted something suspicious here." The one lead dev never noticed it because they've stared at the code for the entire time and no one else noticed. When it is a critical system service, it usually makes the news but Linux applications have new vulnerabilities discovered all the time. They get patched, everyone updates, but the vulnerabilities exist.

Winux is a special breed, it can infect both Windows and Linux (a Winux on a Windows system also tries to infect ELFs that they have on the system for some reason aside from EXEs and vice versa).

What the, around 8 minutes into this there is a lot of background pan / scrap metal rattling that can be heard :D

The successful hacks attack people, not operating systems. What we understand by viruses has long since ceased to play a role. It makes more sense to use vulnerabilities, bugs and there are plenty of them. Even in Linux distributions

Thoughts on BSD?

Except that it is not. OpenBSD is far more secure, at least as a base system with default settings.

Its secure because not a lot of people use it

I think Linux is safer because mostly software developers use it. Android devices, also based on Linux kernel, get hacked often.

Thanks brother 👍

I know Richard stahlman would be very happy you always say gnu/Linux giving them credit bc Linux was just the kernel

Java is out of date, please click to update.

While i late for party i still cant agree with file permission part. On Windows you can have much more granular file permission control, including execution. Its requires some tinkering, true, but its very possible.

updated graphics. *Desktop Operating System Market Share Worldwide - January 2021* Windows 76.26% OS X 16.91% Unknown 3% Chrome OS 1.91% Linux 1.91% FreeBSD 0%

4:50 - I wish there was FOSS windows store / package manager, allowing in only FOSS

Oh man, speaking of script kiddies, remember Back Orifice from Cult of the Dead Cow? I used it swipe login and PW for the school internet back in 99. Good shit.

The giant hole in the video ... Android and the Play store malwares. That's linuxish enough.

FreeBSD, and especially OpenBSS, have statistically been more secure than Linux distrobutions. :)

Could you please do a video about hardening gentoo on 2020?