I’m just tired. On the last post about having Linux at our work, many people that seems to be an IT worker said there have been several issues with Linux that was not easy to manipulate or control like they do with Windows, but I think they just are lazy to find out ways to provide this support. Because Google forces all their workers to use Linux, and they have pretty much control on their OS as any other Windows system.

Linux is a valid system that can be used for work, just as many other companies do.

So my point is, the excuse of “Linux is not ready for workplaces” could be just a lack of knowledge of the IT team and/or a lack of intention to provide to developers the right tools to work.

    • rufus@discuss.tchncs.de
      link
      fedilink
      arrow-up
      8
      arrow-down
      20
      ·
      edit-2
      1 year ago

      But it’s kind of true in practical experience. Show me one Linux virus that spread and made its way through some network.

      I can show you more than i have fingers that have been affecting windows.

      • SkyeStarfall@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        47
        ·
        1 year ago

        When it comes to workplaces, you can expect people to deliberately craft a virus and/or try that break into your system specifically. A lot of the world runs on linux, a lot of hackers try to break in to this world.

        For personal use it may be true enough to be fine in practice, but it’s a very dangerous thing to believe for a professional setting with probably expensive equipment and valuable data.

        • rufus@discuss.tchncs.de
          link
          fedilink
          arrow-up
          4
          arrow-down
          3
          ·
          edit-2
          1 year ago

          Yeah. I know that. But that’s in theory. And it’s more hacking, not a virus.

          If that’s really true, it’s surely possible to find an example of a virus that did it’s thing (spread) and do a bit of damage somewhere. And not just say hypothetically it’s true.

          I know Linux can be hacked, because I had a webserver hacked. And i see all the logs and the hundreds of login attempts per second and automatic exploits in my logfiles. I have a good idea why most of the Linux boxes get hacked. And all I’ve ever seen were not updated server software resulting in rootkits. 0% is viruses in my experience. Rest is proper issues and maybe the bad guys have been quicker than you. But it’s mostly targeted and rare. And nothing compared to the stuff the windows guys had to deal with during the last year and switch off things until it had been patched properly. We mainly do our updates. And every few years there is a major screwup and you type in a few commands in the terminal to hotfix something. But that’s mainly it. And you can’t make it about any hypothetical issue. While there are supply chain attacks for example, my mom who is using Linux to write her letters and print forms is unlikely to need to learn about that. I told her she doesn’t need antivirus and viruses and trojans are more an academic thing with Linux. She doesn’t need to worry. I also talked about targeted attacks and being a valuable target. But that’s besides the point here. Hence my question and me wanting to stay on point.

          Please just prove me wrong. I’m serious. All I could find are some harmless viruses from 2003 that didn’t even spread enough to have reliable numbers. Ransomware that affected ‘tens of users’. And you got the easy position. I advocate for Linux on the desktop. And it’s impossible to prove something is secure. I always have to go into detail, explain viruses, architecture, package managers etc to get my point across. You got the easy position. All you need is to find one counterexample.

          And arguments are always the same. I do the whole talk and then say you don’t need antivirus because in real-life there are no viruses. And people ask me ‘but what if tomorrow there is one’. And sure. Nobody believes me when I say I’ve had a quick glance into the future with my crystal ball. But what kind of argument is that? What if I’m struck by lightning on the way home tomorrow if I take the bus instead of the car? I guess I’ll just die then. Many people have been under the influence of ‘windows-truths’ for too long and can’t imagine another world. Some people didn’t listen to the first part of my talk. And some just want the computer to work and a simple answer. I get all of that. But it doesn’t make something true or false.

          [Edit: Sorry, had to post this again. I deleted the previous comment by accident instead of editing it what I was trying to do… And Lemmy doesn’t seem to federate deletions that quickly. I’m still learning things here…]

        • rufus@discuss.tchncs.de
          link
          fedilink
          arrow-up
          2
          arrow-down
          6
          ·
          edit-2
          1 year ago

          Yeah. I know that. But that’s in theory. And it’s more hacking, not a virus.

          If that’s really true, it’s surely possible to find an example of a virus that did it’s thing (spread) and do a bit of damage somewhere. And not just say hypothetically it’s true.

          I know Linux can be hacked, because I had a webserver hacked. And i see all the logs and the hundreds of login attempts per second and automatic exploits in my logfiles. I have a good idea why most of the Linux boxes get hacked. And all I’ve ever seen were not updated server software resulting in rootkits. 0% is viruses in my experience. Rest is proper issues and maybe the bad guys have been quicker than you. But it’s mostly targeted and rare. And nothing compared to the stuff the windows guys had to deal with during the last year and switch off things until it had been patched properly. We mainly do our updates. And every few years there is a major screwup and you type in a few commands in the terminal to hotfix something. But that’s mainly it. And you can’t make it about any hypothetical issue. While there are supply chain attacks for example, my mom who is using Linux to write her letters and print forms is unlikely to need to learn about that. I told her she doesn’t need antivirus and viruses and trojans are more an academic thing with Linux. She doesn’t need to worry. I also talked about targeted attacks and being a valuable target. But that’s besides the point here. Hence my question and me wanting to stay on point.

          Please just prove me wrong. I’m serious. All I could find are some harmless viruses from 2003 that didn’t even spread enough to have reliable numbers. Ransomware that affected ‘tens of users’. And you got the easy position. I advocate for Linux on the desktop. And it’s impossible to prove something is secure. I always have to go into detail, explain viruses, architecture, package managers etc to get my point across. You got the easy position. All you need is to find one counterexample.

          And arguments are always the same. I do the whole talk and then say you don’t need antivirus because in real-life there are no viruses. And people ask me ‘but what if tomorrow there is one’. And sure. Nobody believes me when I say I’ve had a quick glance into the future with my crystal ball. But what kind of argument is that? What if I’m struck by lightning on the way home tomorrow if I take the bus instead of the car? I guess I’ll just die then. Many people have been under the influence of ‘windows-truths’ for too long and can’t imagine another world. Some people didn’t listen to the first part of my talk. And some just want the computer to work and a simple answer. I get all of that. But it doesn’t make something true or false.

          • SkyeStarfall@lemmy.blahaj.zone
            link
            fedilink
            arrow-up
            10
            arrow-down
            1
            ·
            edit-2
            1 year ago

            Here you go https://www.cynet.com/ransomware/linux-ransomware-attack-anatomy-examples-and-protection/ literally top of the results from googling “Linux ransomware”

            Cybersecurity is all about preventative measures. It’s extremely irresponsible to go “yeah, it’s fine, nothing bad has happened so far!”. But even then that’s not quite true, since you yourself have written that your servers are being attacked all the time. And privilege escalation exploits are found all the time.

            When you are advocating for putting a system in a workplace, you need to do more due diligence and preparation than what you would for a personal system. Linux can be great for security! But you don’t just go “yeah it never gets viruses”.

            Thinking about security in this manner is how all these companies have their vital data leaked all the time.

            Edit: another thing, when you hear about companies hacked and all that, how often do they run Windows, and not Linux? Often that information isn’t shared, and so we don’t really know. But nearly all web infrastructure runs on linux, including a majority of the cloud. I’m sure a significant part of those hacks are targeted at linux systems.

            And again, let me clarify, I’m talking about workplaces, companies, not personal use. Because for personal use I do agree that Linux with the defaults for most distributions is plenty safe.

            • rufus@discuss.tchncs.de
              link
              fedilink
              arrow-up
              1
              arrow-down
              4
              ·
              edit-2
              1 year ago

              Here you go

              And yet another article containing 0 viruses. And only targeted attacks which we’ve kind of excluded because it’s another topic. I’m kinda halfway willing to count something like ‘QNAPCrypt’. But it’s mainly the fault of a single manufacturer having bad security in place. And it’s not really Linux at fault. Also something like QNAP will most likely affect consumers and small companies. I’m not sure… I’d like to see some actual numbers about how that played out.

              I know about security. The main question is always: “What are you trying to protect against?”, “What’s YOUR attack scenario.” And that’ll vary a great amount. It’s different for companies and consumers. It’s different for servers and desktop computers. It’s even different for parts of infrastructure of the same company. I know about that. And I happily admit there are other kinds of attacks on Linux infrastructure. Only thing is, they’re kinda rare and viruses aren’t involved.

              Regarding how often companies that get attacked also run Linux: That’s true. But you gotta look at the case individually. If Microsoft loses an authentication key that allows access to their cloud and AWS (or something like that). Sure. It’s potentially a severe attack on their infrastructure. They have been compromised. And they also run Linux servers. But how does that relate to the existence of Linux viruses?

              • SkyeStarfall@lemmy.blahaj.zone
                link
                fedilink
                arrow-up
                6
                ·
                edit-2
                1 year ago

                Yes, they’re targeted attacks. That’s the point. That’s what you will be facing when putting Linux in your workplace. The main threat for workplaces will be targeted attacks.

                So saying that putting Linux in your workplace because it has no viruses is irresponsible. Or at the very least it’s lying by omission.

                The text in the post’s image literally says “just set it and forget it”.

                • rufus@discuss.tchncs.de
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  4
                  ·
                  edit-2
                  1 year ago

                  I think I get it now. You’re using the word ‘virus’ as a synonym for an attack on computers. I’m using the word in the sense of a computer program that replicates on it’s own and in practice also spreads and does some kind of damage. I get why we cannot agree. But the distinction has vastly different implications.

                  I read that quote in the context it was written in. And I’d partly agree. If you’re talking with someone who has a small/moderately sized company and they’re thinking about renewing their Sophos subscription. Hot-glue the USB-ports and protect their samba-share against being encrypted by some ransomware… You can’t lump in highly targeted attacks on the top 5 companies in the world and every hypothetical scenario. Without any regards of statistical likelihood… If you want to condense it into a simple truth (which I think was the main point of that post), it’s: There are no Linux viruses. And there probably won’t be.

                  I think this is technically false. But practically true in the context it was written. And for most people anyways. If you want to talk about cybersecurity as a whole, your webserver and 150 PCs for your employers, I wouldn’t recommend paying a 14 yo $50 to set it up Linux and fire and forget.

                  I agree. “just set it and forget it” is just bad, bad advice. I think I know where that comes from. I’ve seen >10 years old RHEL servers that hadn’t been touched for quite some time. And a ridiculous hundreds and hundreds of days of uptime. They’re kind of “just set it and forget it”… But… You gotta do it right. Do updates. Have it set up properly and with security in mind. Put in the effort. Lock it down. Don’t expose them to the internet. Pay for longterm support and someone backporting patches and have them installed automatically etc… You can’t do it with any other OS (except for BSD and some specialized stuff). But you can’t say “set it and forget it”. I agree. That’s more than misleading. It’s just false.

        • rufus@discuss.tchncs.de
          link
          fedilink
          arrow-up
          3
          arrow-down
          9
          ·
          edit-2
          1 year ago

          I’ve read that list. There’s not a single name that rings a bell. Which one of those had any consequences in real life and is more than an academic study?

          (And besides that: Sure. It’s funny to make every program output your name. But it’s pretty harmless and not on the same level with viruses that do proper damage to a computer infrastructure. I wouldn’t lump all that together. That’s not right, either. And misleading.)

          • Cypher@lemmy.world
            link
            fedilink
            arrow-up
            9
            ·
            1 year ago

            Your ignorance on the topic does not make the claim that there are “No viruses” on Linux any less absurd and inaccurate.

            You have multiple cyber security experts in this thread telling you that you’re wrong. It is not on us to disprove the claim, or to educate you.

            • rufus@discuss.tchncs.de
              link
              fedilink
              arrow-up
              1
              arrow-down
              4
              ·
              edit-2
              1 year ago

              I don’t understand. You made the claim Linux viruses exist. Why is it now my job to disprove their existence?

              It’s like with God, Vishnu, Thor, … You claim existence, you show me.

              If there are that many experts around. Why can’t they do more than link a Wikipedia article that doesn’t (yet) contain the information I’ve specifically asked for? Shouldn’t they know at least something themselves? At least know 1 name from the worst offender? Why does the other half of experts not know the distinction between virus and other forms of malware? And that it makes a difference here?

              I see that people disagree with me. But I seriously doubt that there is a single expert around.

              I swear I’m not trolling. If you’re an expert, just give me the name. I’ll even try to look it up myself and if it’s a virus and spread across a few hundred computers around the world and maybe more than 2 or 3 companies and I can find maybe a newspaper article that says it did some harm, I promise I’ll accept that and change my opinion. At least tell me you’ve learned in uni that Linux viruses definitely exist in the wild, but no studies have been done because of X or Y. And we have no numbers. I would think that’s very curious because there are so many linux servers out there, but I’d at least have something to work with. (And don’t take things out of context.)

              • Cypher@lemmy.world
                link
                fedilink
                arrow-up
                5
                ·
                1 year ago

                The original post made the claim, I merely stated fact that Linux can be vulnerable to viruses like any other OS.

                Want a straight forward answer?

                https://www.linux.com/training-tutorials/myth-busting-linux-immune-viruses/

                A virus is a specific type of malware but for the general public is broadly synonymous with malware. Ask the average user, and the commenter in the OP screenshot, what the difference is without looking it up and they can’t tell you.

                A virus doesn’t need to be spread broadly for it to be concerning, impactful or dangerous. Often these attacks are very carefully targeted at the victims.

                A vulnerability is generally exploited by a virus to inject code by either modifying memory or files the target program relies on. One such vulnerability was

                https://arstechnica.com/information-technology/2022/03/linux-has-been-bitten-by-its-most-high-severity-vulnerability-in-years/

                With this vulnerability it was possible to modify any file on a Linux device, meaning viruses would be simple to implement and deploy. Many android devices are still vulnerable.

                To think that all possible vulnerabilities have been fixed, or are known to linux developers, would be extremely naive.

                Furthermore a virus is often targeting a specific application and while OS level controls restrict the avenues of attack it doesn’t prevent flaws being introduced by developers.

                You’ve already been given a list of viruses for Linux, if you’re genuinely so concerned with defining them by impact you can look them up. You have the information needed to do this yourself, and it is not my responsibility to educate you, though I do seek to counter misinformation where possible.

                • rufus@discuss.tchncs.de
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  3
                  ·
                  edit-2
                  1 year ago

                  Well, the first article pretty much says what I’m saying. In theory there can be viruses. In the real world they have pretty much no effect. They are more a curiosity than something that really exists and has had consequences. It even says you’re installing antivirus because of the windows clients, not because there were linux viruses.

                  The second article also is about a security vulnerability and talking about potential consequences. Not a virus that uses this as means to infect people. Not actual consequences.

                  We’re going in circles. I’m sorry.

                  And a virus and a vulnerability in some software (or kernel) that can you get hacked are two entirely different things:

                  • They affect different parts of your infrastructure. It is unlikely that someone executes random binaries on your webserver. It is very likely that someone wants to listen to Spotify while editing 150 excel spreadsheeds. So it’s likely your employers execute stuff on their workstations. Also you wouldn’t install a browser in an AWS cloud instance to look at lewd websites. You’re going to use Chrome on your workstation. Viruses affect other and distinct parts of your infrastructure.
                  • You protect for them by different means. Antivirus helps with viruses. For targeted attacks on your webserver, you have firewalls, filter requests, keep your software updated. And don’t do silly stuff. I’ll admit rootkit detection is kind of similar to antivirus. There is some overlap, for example you should also keep Chrome updated on your employers workstation. But updates won’t help you against a virus editing a file on the network share to replicate. You do vastly different things to protect against the different security threats that your company faces.
                  • All the threats have different consequences. Some things just try to wreack havock in your company. Some things you’ll barely notice but hackers are stealing information. Some things try to extort you. Either by blackmailing you to pay to get your data back, or so it doesn’t get leaked. The next few workdays after that happened will be very different, depending on which of those possibilities happened.

                  So while talking about cybersecurity. Why would I lump all that together and strip the words of their meaning? And in this case on top: One thing is something that actually happened. The other things are just words about something hypethetical. I’m aware you have to protect against potential threats. Nonetheless both things are something different.

                  Regarding your advice: Yes. I’ve looked it up. I found no viruses that had any significant real-world impact. Hence me insisting on it. I said in my first comment I want to see impact. Not an academic study. Because context matters. We’re talking about someone advertising Linux to an undetermined group of people. These people are concerned with implications for them. If they need to worry. Not if in theory anything can happen. That doesn’t help you choose between two options. And we’re talking about ‘simple truths’. They’re kinda always false. But people want to hear them. They want it condensed into one sentence. Because they own a company that manufactures car tires and they don’t want to get a 20 minute lecture about computer attack vectors. They want to hear if they need to worry about their Linux server. Is it safe or not, do I need to pay someone to install Sophos? And be done with it.

                  You’re twisting my words so they lose meaning. And change the context. And then posting articles about something related but not the thing.

                  • Cypher@lemmy.world
                    link
                    fedilink
                    arrow-up
                    3
                    ·
                    1 year ago

                    I found no viruses that had any significant real-world impact.

                    So you found viruses, which debunks the claim in the OP, yet you remain skeptical they exist.

                    We’re done here.

    • blkpws@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      30
      ·
      edit-2
      1 year ago

      Well, there are virus as any kind of device that runs any logic, the thing here is that is harder to get hacked than with this kind of tools that Windows uses.

      And I mean getting viruses like this:

      So yeah, I don’t need many apps that my Mac has and could be used to hack me with 0 click interaction or with valid Windows certified programs. Still, the “no virus” is not the only reason, updating a Linux system is just a few seconds and your work could have their own repository mirrored and monitored.

      • 3laws@lemmy.world
        link
        fedilink
        arrow-up
        32
        ·
        1 year ago

        hack me with 0 click interaction

        That’s very doable on Linux too.

        In other comment you said something along the lines of “just hire an expert”. They charge way more by the hour.

        Maintaining a distro for this very reason will never look ‘cheaper’ for executives. Trust me. They rather pay you to see stuff that has CLEAR and FAST deliverables, that’s what they do what they do, make/save money; take shortcuts.

        • blkpws@lemmy.mlOP
          link
          fedilink
          arrow-up
          2
          arrow-down
          11
          ·
          1 year ago

          Well, I think they are expensive because they are actually experts, not like random IT hired personal that (in my case) couldn’t even understand how OAuth works.

        • blkpws@lemmy.mlOP
          link
          fedilink
          arrow-up
          2
          arrow-down
          18
          ·
          edit-2
          1 year ago

          I know about this issue, I have read about it already. No one uses this unless noobs watching YouTube tutorials.

          Cannot be compared to the vulnerabilities I pasted (0 click exploit). Any system can be hacked, Linux is the most used OS and still have fewer viruses issues as others, but it still has as any system has.

          • Superb@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            19
            ·
            1 year ago

            The linux kernel is not completely secure by default, neither is any specific distribution. No internet connected device could possibly be “set and forget”. Security can not be taken lightly

          • Tibert@compuverse.uk
            link
            fedilink
            arrow-up
            14
            ·
            1 year ago

            Wtf are you talking about. Linux isn’t a distro.

            And the example isn’t a “only noobs use it”.

            It’s an example of an exploit existing since many years. And which could have appeared in a random package, while staying invisible.

            • blkpws@lemmy.mlOP
              link
              fedilink
              arrow-up
              1
              arrow-down
              6
              ·
              1 year ago

              I said distro instead OS, Linux is the most used OS, many people behind working in secure the Linux environment. The example of this exploit also exists on Mac and Windows for years, and it will always happen.

              An admin user will know what they are doing, and I doubt they will install a package from an external source downloaded randomly on internet, for the non-admin users, without sudo they can’t install/infect that malware on your Linux.

              • Cypher@lemmy.world
                link
                fedilink
                arrow-up
                3
                arrow-down
                1
                ·
                1 year ago

                I said distro instead OS, Linux is the most used OS,

                Wrong, Linux totals 3% of the desktop market which is what’s being discussed in the original post.

                many people behind working in secure the Linux environment.

                Many people work on securing Windows so your point is…?

                The example of this exploit also exists on Mac and Windows for years, and it will always happen.

                Whataboutism.

                An admin user will know what they are doing, and I doubt they will install a package from an external source downloaded randomly on internet, for the non-admin users, without sudo they can’t install/infect that malware on your Linux.

                Wrong. This is so wrong. The most common and effective attacks start with phishing people who think they know better. A user downloading a zip or rar file is enough, they don’t need to be an admin or have sudo rights.

                Seriously just stop talking about a topic you have zero knowledge on. I suggest you do a SANS course if you’re actually interested in learning.

                • blkpws@lemmy.mlOP
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  1 year ago

                  Wrong, Linux totals 3% of the desktop market which is what’s being discussed in the original post.

                  There are more servers than users in this world, even your car runs Linux.

                  • Cypher@lemmy.world
                    link
                    fedilink
                    arrow-up
                    2
                    arrow-down
                    1
                    ·
                    1 year ago

                    Linux can be used at your workplaces

                    Yea given that Linux servers are already commonplace it is clear you were referring to Desktops.

                    You’re garbage at this, the worst kind of advocate Linux could have.

      • Cypher@lemmy.world
        link
        fedilink
        arrow-up
        20
        ·
        1 year ago

        These sort of vulnerabilities exist on Linux and the software deployed on Linux.

        You are spreading dangerous misinformation with claims that Linux doesn’t have “viruses”.

          • Cypher@lemmy.world
            link
            fedilink
            arrow-up
            10
            ·
            edit-2
            1 year ago

            You linked the screenshot, defended the claim with whataboutism and then dissembled with this.

            Still, the “no virus” is not the only reason

            You could have simply said

            Yes the claim that Linux has “no viruses” is wrong but other points are still valid.

            Though I would seriously question any points made by someone claiming there’s no malicious software targeting Linux.

            • blkpws@lemmy.mlOP
              link
              fedilink
              arrow-up
              1
              arrow-down
              4
              ·
              1 year ago

              “no virus” is because it’s literal extracted from the text, not my words. I explain then what I understand with saying “no virus”, as any device can have virus, JavaScript runs on Linux, Windows and Apple. It’s common sense. No need explanation.