Linux totally and utterly safe?

Some thoughts have popped into my head about the security of linux. So I decided ask them here.

Is any vulnerabilities of Firefox also apply under linux? Say tracking cookies? Malicious/hijacked extensions/themes?

Open wifi connection with a tracker on the other end of the router? Can they track your web surfing even if you're using linux? (I don't know to much about this subject so sorry if I really don't know any terms) Say if you connect to a hacker rather then a legit connection at say... starbucks.

Also is it a concern about malicious packages? The synaptic package manager had me wondering when it displays those warning messages.

 

Of course. Cookies, themes, the wifi thing, malicious packages. All of the things you mentioned are potential security risks on Linux as much as anywhere else. There's nothing magically securer about Linux vs other operating systems, besides the source code being available and the fixes being fast (and to an extent, it being a smaller target, like os x). Then again, the things you mentioned aren't the kinds of security issues that are caused by vulnerabilities (mostly). They're in the domain of the user's responsibility -- if you install a malicious program, you're hosed. If you connect to an untrusted internet connection, you can't trust it. You can ameliorate the "risk" of tracking cookies by turning off third party cookies in the firefox preferences.

I'm not concerned about malicious packages, personally. Someone could slip one in, I guess. There's hashes for packages and/or source code if you feel like being extra paranoid.

 

Along with the fact that Linux doesn't even know what to do with a Windows executable, or that any malicious software would need authorization from the user in order to make system changes. Linux is more secure than Windows by design, but any design can be exploited in some way, shape or form. I still practice precautions when I'm using a Linux system.

 

All that plus the fact that Ubuntu doesn't allow you run as full time root, by default, makes it fairly secure. Like l33t_c0w mentioned, nothing is going to be 100% secure, but you can make great strides in reducing your risk. Just don't go running random things as root and you'll probably stay safe

 

Yes, use the root account only for system administration.

 

NO. Nothing is totally and utterly safe.

Linux is just about the same vulnerable as WinOS. People just favor of hacking down the WinOS. The open source takes hacking fun away. Come on, whoever want to hack a thing that is just listed? People like to hack unknown stuff. That is human nature.

 

I in this world, nothing is totally and utterly safe.

 

I'm sorry, this just isn't true. Please don't go spreading falsities. Here is an example of the technical aspects, but a quick Google search will reveal much more.

That being said, Linux is not fail proof; nothing is. You're asking for certainties in a world where virtually none exist. But Linux does help increase your security and makes it easier for you to have a higher sense of security than Windows. But the question doesn't just come down to Linux vs. Windows vs. OS X. You also have other options such as BSD and Solaris, which have even lower usage than Linux, and have proven to be very solid and dependable systems, provided you have compatible hardware.

 

Maybe I got a bit carried away with the title of the thread

Anyways thanks for the clarification on the security. I wasn't sure how far the "alternative os" foolproof propaganda went. Since from what I've heard it sounded like you can't do much wrong when you're not using windows.

 

myth. You can do just as much wrong.

 

You just have to do it do it deliberately.

 

not necessarily. The main difference between a typical linux setup and a typical Windows setup is that by default, we don't use 'root' on linux but 'admin' on Windows.

Though I have made the following mistakes before :

su --> because I need root access for something
<do the stuff I want>
<forgot that I am still root then>
rm -rf * <at the wrong directory>

Some may say, why not 'sudo' but the issue is sometimes the tasks are not very adhoc and not some simple one liner that fit in the sudo style.

On my Windows, I kind of adopted the same policy as linux and only create limited right users for my family members. For their accounts, it is just as safe as they are using linux(any virus would affect their own stuff but cannot slip into the machine).

 

But see, you told the machine to do that.

 

I bring up an Eterm with the foreground set to red and use the -e switch to su to root - that gives me a nice visual cue that I'm working as root.

Code:

 Eterm -f red --geometry 125x33+0+24 -T Root -e su - &