Yeah, would be nice to have some of the mitigations in Linux but in practice these are not needed when you don’t run malware on your system by default and keep the attack surface small. And if you do run malware or have the system full of crazy bloat (just look at the MSHTML exploit) then no amount of sandboxing or hardening is going to help you.
If the Linux desktop is used like Windows (downloading and running random malware from the internet as the default way to install apps) it is about as secure as Windows, meaning not at all…
Is this the fault of the Kernel developers and should they add a lot of security bloat that at best mitigates this issue a bit? I don’t think so.
Yes, I and hope the “the day of the Linux desktop” never comes due to this :D
Well, you can see what happens where this two does not hold with Linux, just looks at Android and ChromeOS.
Would the community jump on the mitigations/sandboxing side of things same way Google did?
Linux is secure thanks to they way it is used and developed. If you change the way it is used the whole security model changes and it would not be as secure as for example Android in the same use cases.
Yeah, would be nice to have some of the mitigations in Linux but in practice these are not needed when you don’t run malware on your system by default and keep the attack surface small. And if you do run malware or have the system full of crazy bloat (just look at the MSHTML exploit) then no amount of sandboxing or hardening is going to help you.
I think this has worked till now because:
Linux’s user base is small, so it isn’t a very attractive to malware developers.
Linux’s userbase is mostly tech savvy people, who don’t do stupid stuff.
But the question is, does it scale up if Linux became mainstream and popular among the tech illiterate?
If the Linux desktop is used like Windows (downloading and running random malware from the internet as the default way to install apps) it is about as secure as Windows, meaning not at all…
Is this the fault of the Kernel developers and should they add a lot of security bloat that at best mitigates this issue a bit? I don’t think so.
Yes, I and hope the “the day of the Linux desktop” never comes due to this :D Well, you can see what happens where this two does not hold with Linux, just looks at Android and ChromeOS. Would the community jump on the mitigations/sandboxing side of things same way Google did?
Linux is secure thanks to they way it is used and developed. If you change the way it is used the whole security model changes and it would not be as secure as for example Android in the same use cases.