Microsoft says it is still trying to evict the elite Russian government hackers who broke into the email of senior company executives in November and have since been trying to breach customer networks with stolen access data.
Imagine for a moment that the business world transitioned to Linux, and now there’s enormous incentive for all adversaries from state sponsored to financially motivated criminals to spend all their time hunting through linux source code.
Do you think the ideas above stand up? (I’m not saying they dont)
Would linux vulnerabilities be found at a higher rate? I wonder if they aren’t now because there aren’t as many eyes on them. Sure there’s corporate side project efforts and volunteers, just curious how that stacks up against the amount of research happening to break Windows systems.
NSA would definitely want to keep some linux exploits around if their adversaries were using linux instead of windows. I think the result would be the same regarding eternal blue.
Linux is already used everywhere, from servers to satellites to phones to infrastructure. There’s already a huge incentive to find exploits, moreso than Windows devices.
I do think more desktop-oriented exploits would be found if more people used Linux desktop, but I think that’s more down to distro fragmentation and not every distro maker being as competent as others, or not having the manpower to keep up with development, as opposed to there intrinsically being danger in people seeing source code.
NSA would definitely want to keep some linux exploits around
And they’d be spotted in the source code and patched. If the code is proprietary, you can never trust that there aren’t backdoors.
The point is, they already did. 99% of webservers run Linux. They are all out in the open and hackers love to get their hand on them as they are likely to have mailservers on them and they have a public IP so they can always be reached.
And most of them do not get hacked. And those that do mostly get hacked due to bad passwords or bad website code. I administer one and see the thousands of attacks running up against it daily (most are just attempts to log in with basic credentials). And of course I see the daily influx of updates from Linux.
If a new security flaw is seen, its often quite difficult to use. And with Linux somebody makes a patch before simple tool for hackers are out.
With Microsoft products you wait till the next patch day, in the best case critical exploited bugs are patched in days.
Also security flaws in closed source products are often easier to exploit and tools to use them are available fast. (Such flaws are often already discovered in open source products by third eyes and testers before they make it to production systems.)
Of course there are exceptions to the rule, like heartbleed. This was an easy to exploit flaw in an often used Linux service and it caused a big turmoil because many where to slow to patch their systems.
Also of course if Linux gets more popular on the desktop more software will be an attractive target for malicious actors and some software may get popular before many people take a look at the source code. But the situation will still be much better compared to closed source systems.
(Also of course more closed source software will be made for Linux then)
Imagine for a moment that the business world transitioned to Linux, and now there’s enormous incentive for all adversaries from state sponsored to financially motivated criminals to spend all their time hunting through linux source code.
Do you think the ideas above stand up? (I’m not saying they dont)
Would linux vulnerabilities be found at a higher rate? I wonder if they aren’t now because there aren’t as many eyes on them. Sure there’s corporate side project efforts and volunteers, just curious how that stacks up against the amount of research happening to break Windows systems.
NSA would definitely want to keep some linux exploits around if their adversaries were using linux instead of windows. I think the result would be the same regarding eternal blue.
Linux is already used everywhere, from servers to satellites to phones to infrastructure. There’s already a huge incentive to find exploits, moreso than Windows devices.
I do think more desktop-oriented exploits would be found if more people used Linux desktop, but I think that’s more down to distro fragmentation and not every distro maker being as competent as others, or not having the manpower to keep up with development, as opposed to there intrinsically being danger in people seeing source code.
And they’d be spotted in the source code and patched. If the code is proprietary, you can never trust that there aren’t backdoors.
Governments of Russia China India use Linux, nsa definitely keeping exploits active to keep tabs
The point is, they already did. 99% of webservers run Linux. They are all out in the open and hackers love to get their hand on them as they are likely to have mailservers on them and they have a public IP so they can always be reached.
And most of them do not get hacked. And those that do mostly get hacked due to bad passwords or bad website code. I administer one and see the thousands of attacks running up against it daily (most are just attempts to log in with basic credentials). And of course I see the daily influx of updates from Linux.
If a new security flaw is seen, its often quite difficult to use. And with Linux somebody makes a patch before simple tool for hackers are out. With Microsoft products you wait till the next patch day, in the best case critical exploited bugs are patched in days. Also security flaws in closed source products are often easier to exploit and tools to use them are available fast. (Such flaws are often already discovered in open source products by third eyes and testers before they make it to production systems.)
Of course there are exceptions to the rule, like heartbleed. This was an easy to exploit flaw in an often used Linux service and it caused a big turmoil because many where to slow to patch their systems.
Also of course if Linux gets more popular on the desktop more software will be an attractive target for malicious actors and some software may get popular before many people take a look at the source code. But the situation will still be much better compared to closed source systems.
(Also of course more closed source software will be made for Linux then)