this post was submitted on 09 Mar 2024
337 points (97.2% liked)

Technology

58135 readers
5032 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
337
Microsoft says it hasn't been able to shake Russian state hackers (apnews.com)
submitted 6 months ago* (last edited 6 months ago) by dominiquec@lemmy.world to c/technology@lemmy.world
43 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] TheRealKuni@lemmy.world 14 points 6 months ago (16 children)

Linux anyone ?

I don’t want to sound dismissive, this is a genuine question and not an attack on Linux.

Other than security by obscurity, how is it possible that an operating system whose entire source code is available to hackers to peruse at will could be more secure than a closed source one?

[–] mlg@lemmy.world 17 points 6 months ago (10 children)

Because if a vuln gets found or exploited, it gets immediately patched, often with some big backing by OEMs that run on Linux.

Open source also reduces the likelihood of exploitable bugs going unnoticed because everyone can see and play with the source code by themselves.

There is a risk of malicious merge requests, but so far that hasn't been a problem besides a university getting banned for pointing out the issue with a live test without telling the devs.

Much of linux is also designed to be hardened by default because it's used on so much infara. SELinux by itself is a great example because it was essentially created by RedHat and now is a major standard for MAC.

Windows on the other hand needs Microsoft alone to solve the problem. No one can patch it themselves, and there's no guarantee the patches will work, which has happened several times. I believe print spooler basically had to be disabled because there was no good solution due to implementation.

The amount of Windows OS specific exploits vs Linux specific exploits kind of shows the results of closed source vs open source.

The worst vuln I can think of for Linux is dirty cow which is a local priv esc on basically Linux kernels 2.x-4.x which was a big deal when it was discovered because of the range of versions

Meanwhile windows had eternal blue, a whole remote code execution that existed on every version of windows since win95 that the NSA kept for probably a decade before it was leaked.

[–] redfox@infosec.pub 7 points 6 months ago (9 children)

Imagine for a moment that the business world transitioned to Linux, and now there's enormous incentive for all adversaries from state sponsored to financially motivated criminals to spend all their time hunting through linux source code.

  • Do you think the ideas above stand up? (I'm not saying they dont)

  • Would linux vulnerabilities be found at a higher rate? I wonder if they aren't now because there aren't as many eyes on them. Sure there's corporate side project efforts and volunteers, just curious how that stacks up against the amount of research happening to break Windows systems.

  • NSA would definitely want to keep some linux exploits around if their adversaries were using linux instead of windows. I think the result would be the same regarding eternal blue.

[–] Random_internet_user@lemmy.today 3 points 6 months ago (1 children)

If that happeninux will also recieve more contributions and donations from that structers also linux devs also doesn't have to worry about building blobs, ads, tracking, making UI prettierso they can worry about real stuff and aolve those issues . The security of linux isn't because of the low amount of users its simply because it is what it is an OS build and used by nerds who whether you like it or not are some of the most tech savy people you can find and they have their heart in it because they are not doing it for corpos or salary . Also linux is the OS used by most (and best ) hackers and proggrammers and often recieve contributions from (only sometimes from the hackers but as the linux users are naturally paranoid they often review code and PR for vulnabilities instead of the need to add extra features cause jomo)

Also spelling, grammer etc.

[–] TheRealKuni@lemmy.world 6 points 6 months ago (2 children)

proggrammers

Also spelling, grammer [sic] etc.

There is a great t-shirt that says:

~~I’m a programar~~
~~I’m a programmar~~
~~I’m a programer~~
I write code

I love this shirt. So many programmers are awful at spelling. I do not, personally, suffer this malady, so I don’t own the shirt, but I still love it.

[–] Cort@lemmy.world 7 points 6 months ago (1 children)

I do not, personally, suffer this malady

Um actually it's spelled m'lady. /s

[–] RGB3x3@lemmy.world 3 points 6 months ago* (last edited 6 months ago)

Perfektion

[–] Random_internet_user@lemmy.today 3 points 6 months ago

I proggram for hobby and i am really really bad at it like if a legitamate programmer sees my life's work in it they will beat me to death with bare hands bad . And the grammer and spellings is because english isn'ty first language.

load more comments (7 replies)
load more comments (7 replies)
load more comments (12 replies)