Why Linux is still more Secure than Windows?
The penguin is tough!
On the 9th of March 2020, multiple articles started popping up on the web that Linux is not secure. Most of the data is accurate but is wrongly scaled. “Linux is the world’s most vulnerable operating system” quoted by Fudzilla, “Debian Linux Was the Most Vulnerable Operating System in the Last 20 Years” quoted by Softpedia news, etc are few of the articles in the web telling Linux/Debian is not secure and is the most vulnerable Operating System in the world. It seems according to their reports Windows is a much more secure Operating System than Linux.
Lets say these data are correct,
Now, let us take all these data into perspective. In the above image, it is clearly shown statistically that Debian Linux is the most insecure operating system in the world. But is it, let us see where the x-axis (time) for each of the projects start, mainly Debian Linux, Windows 7, Windows 10. According to Wikipedia Debian Linux started on June 17, 1996, Windows 10 pre-release was on July 29, 2015, and Windows 7 was introduced on July 22, 2009. Now you could see the perspective.
Analysis of Windows 7
Windows 7 was released on July 22, 2009, which makes it around 10 years old give or take few months. Let’s divide this data shown here, that is 1283 with 10 years, which will yield several 128.3 vulnerabilities per year in average, now let’s compare the same with Debian, Debian is 24 years old give or take few months. If we divide 3067 with 24, we are left with 127.79 vulnerabilities per year. This makes Debian exactly equally vulnerable as windows 7.
Analysis of Windows 10
Windows 10 was released on July 29, 2015, which makes it 5 years old, give or take few months. Now if we do the same analysis again by dividing 1111 with 5, we are left with 222.2 vulnerabilities a year, this is considering the pre-release period. This number is clearly way higher than Windows 7 as well as Debian. This is because when a new closed source product is released, the chance of findings vulnerabilities is really high at the infant stage. But still, the numbers are high.
Analysis of Windows 7 and 10 combined
Let’s say from 2009 to 2014 127.79 vulnerabilities a year due to the fact that Windows 7 only existed, if we calculate, its 5 years * 127.79, which gives an answer of 638.97 vulnerabilities until 2014, now from 2015 to 2020, another 5 year period 127.79+222.2 vulnerability a year because Windows 7 and 10 coexist in this time period for 5 years, so 5*(127.79+222.2) which will give an answer of staggering 1749.95 vulnerabilities for 5 years combined. Now the total of these two values will equate to the sum of total vulnerabilities of Windows 7 and Windows 10, which is 2388.9 vulnerabilities for 10 years combined. This means its value is 238.89 vulnerabilities a year!. This is far greater than what Debian has.
Why is Windows Vulnerabilities more serious than Linux ones
Windows is as you all know, a closed source. It has been around for a while and is still able to support 16-bit windows applications on a modern Windows 10 operating system, this means it’s having all legacy support built-in. When a vulnerability is found in Windows 10, it may work for all the windows versions ever released, this makes a lot of users at risk unless Microsoft puts up an official patch, people and companies have to pray to God not to become a target to a botnet. One thing you might have caught in the above sentence is that Windows vulnerabilities are normally discovered by bad actors first, then Microsoft after some time comes with a patch. Linux doesn’t work like that, there are a lot of eyes on the code all the time. Most of the vulnerabilities and bug reports are filed with a possible fix to the source code as the source code is freely available for everyone to download and inspect. This means Linux vulnerabilities are short-lived and are normally found by the security researchers who do good for the community. This means a patch is fast and people with malicious indent has a very small window of opportunity to exploit.
Android is not Linux ( in a security level )
Android has a peculiar way of updating. It updates mainly contain the whole system or a patch to already existing binary files called incremental updates. Even if android has a Linux kernel, the update system is so broken that, each manufacturer has to push updates for each phone separately, this is mainly due to the fact that android HAL and vendor code are proprietary and need to be used while building. So I won’t count Android vulnerabilities in this. Android even if it uses Selinux, is more vulnerable because so many people use very obsolete software due to no updates to the system are available. Even for custom ROMs, updates and bug fixes to the kernel and OS is slow.
Cooperates are using Linux
Enterprises use a different flavor of Linux called enterprise Linux. Some examples of these OS are, RHEL, CentOS, SUSE, etc. These operating systems use SELINUX or some other sort of kernel hardening and live patching which will help kernel to update and patch without rebooting the system. These features are still unavailable in Linux. Enterprise Linux has less than 1000 vulnerabilities overall over 20 years of existence. SUSE is the oldest Linux distribution. Most of the servers in the world run Linux as the host OS. All people choose to work with Linux because Linux has so many similarities with UNIX, UNIX was manageable with a terminal like Linux. Server administrators do not have time to use windows and fiddle with GUI. Cooperates using Linux as their server OS proves that they trust it. And they trust it more than they trust Windows.
In general security of the computer a person is using more depends on what is running on it. Even if Windows is vulnerable than Linux, 3rd party software like Adobe Reader, Microsoft Office suite are more vulnerable to get exploited. If you are a person who is privacy concerned and need to secure your computer then use a hardened Linux distribution like CentOS or Fedora. At last, hackers are not going to hack you unless you are a great target, and investing in a great firewall and thinking twice or thrice before running a binary downloaded from the Internet should keep you safe enough from attacks. So if you are using Windows keep it updated, even Linux users need to update frequently, Stop downloading and installing pirated software as it may contain malware or a keylogger.