Over the last few days I’ve been following a thread on the Fedoraproject Users mailing list. The thread was centered on the idea that Linux is uncrackable. Fortunately, logic prevailed and most everyone on the list agreed that no computer, so long as it is connected to a network, is uncrackable. From my experience, that is a universal statement — regardless of platform. But beyond that, some interesting thoughts came about and inspired the question to peek out from the recesses of my mind:
As Linux desktop popularity continues to rise, will Linux viruses also begin rising?
The common opinion is based on saturation. Most feel the reason that there are so many viruses for the Windows operating system is simply because it is so popular — therefore, the viruses are more easily propagated. That argument has never settled well with me. Why? I’ve been using Linux as my only desktop platform since the mid-nineties and I have yet to deal with a virus. Not only that, but all the Linux users I know (as well as all of those global Linux users that contact me daily) have never reported a virus. Add to that, the proliferation of Linux servers without the proportional proliferation of Linux server viruses, and you might see why I doubt the “Linux desktop popularity correlation”.
Since birth, the source of the Linux operating system has been open to the public. For this very fact hackers can scour through the code to locate vulnerabilities to exploit. The door is wide open. Linux says, “Hey hackers, here’s my immune system! Find my weaknesses and use them to your advantage.” And yet, they don’t.
Is it possible that the weaknesses simply aren’t there (or at least not in the abundance found in Windows)? Is it at all possible that Linux is simply, by design, a much less vulnerable operating system? My answer? Yes. Absolutely.
From within the Windows operating system, the desktop can be completely taken down (to the point of having to re-install the OS) by simply clicking on an email attachment. In Linux you would AT LEAST have to enter the root (or sudo) password for anything like this to happen. And certainly any user of Linux would know if an email attachment asked for an administrative-level password, shenanigans were afoot.
There’s another issue that was brought up in the original thread. It was, from my perspective, a very telling thought that illustrated something unique to the open source development community. Let me try to summarize it simply.
- A vulnerability is found in a package.
- The developers of the package quickly fix the vulnerability — even though they know it will break dependencies of other packages.
- The developers of said package release their fix and the source code along with the fix.
- All broken packages are now responsible to make their packages work again.
The above example happens within the open source community. Instead of leaving the vulnerability in their package (and avoiding an inconvenience to other developers and end users), the developers know it’s their responsibility to fix their package. This “fix” happens quickly and is released into the wild immediately. All affected packages must then be fixed or wind up broken.
It’s not a perfect model from the convenience perspective, but it’s a model I’d rather follow than to know weaknesses remain within the code just to prevent an inconvenience. That is why (and how) open source packages are patched so quickly — developers know they are directly responsible for not allowing their product to remain vulnerable. The open source community fully embraces their culpability, when it comes to vulnerabilities and bugs.
This immediacy in the patching of flaws keeps viruses at bay and always will.
Will we see a rise in Linux viruses?
Nothing is perfect. No system is immune. But when push comes to shove, I’d much rather rely on the Linux desktop for my work than a more vulnerable, weak platform. And with the continued rise in acceptance that the Linux desktop is finding, I feel confident a rise in Linux viruses will not follow. And even if they do start popping up, the vulnerabilities they exploit will be immediately fixed.
What do you think? Will the growth of the Linux desktop bring about an equal growth in viruses?