What makes GNU/Linux so secure?
August 21st, 2010 | 
Author: I have been using Linux for a while now and I have always wanted to know what makes Linux so secure. Is it because most distros are open source developed and the kernel is always being changed? Is the kernel always being changed? Why is Linux so secure?
PS- I love GNU/Linux!
Thank you everyone, all of the answers have answered my question. I don’t know who to pick as best answer, so I’m going to let you guys decide. Thanks =-)
Posted in 
Tags:
Linux itself is secure because Linux itself is open source, so any bugs are quickly found and fixed. (Microsoft couldn’t afford to hire all the people who are working on Linux.)
Linux isn’t virus-proof, though – one of the most destructive viruses to get out on the internet attacked *nux computers.
And a web site, regardless of the platform it runs on, can be written so poorly that it’s completely vulnerable to hacking.
@Jonathan:
Macs run Linux.
It’s security comes from it’s lack of users. A lack of users means a lack of hackers that breach security. Look at Apple, they used to be a lot less popular and a virus on a Mac was unheard of. However, as Macs are becoming more popular, so are Mac viruses.
@ colanth: Lol, Macs can run almost anything.
@ joe.attaboy:
Bunk? I beg to differ. Linux is relatively unpopular in areas other than web servers. Linux is a great web server, but so are Sun and Apache.
Do you own an Apache system to use as a home computer? Most likely not. Likewise, If a hacker wanted to infect as many people as he or she could, wouldn’t you think they would create the virus or hack for a computer that is most commonly used by common computer owners? Like say, Windows?
Windows is the operating system with the most viruses. The reason why is because it is the most popular OS and is the most commonly used OS at home and in work places. An easy target is the one most attacked. Not as many hacks/viruses/worms/etc are found in Linux because it is not as common as the larger targets.
If someone were attempting to hack or infect a server, then they would have a good chance it would be a Linux OS, so they would create something that would infect Linuxes, not a Windows and not a Mac.
In addition, a person who is good at hacking Windows might not be as good at cracking Linux since Linux is processed differently than Windows, and would have to learn how to hack a Linux before being able to do so. This shows again that less popularity does in fact, mean less hackers.
My theory is not, as you say "bunk", perhaps you just misunderstood what I was saying.
Linux’s kernel design (and the design of nearly all applications that run on it) are based on a different security model than Windows. Basically, you can’t run anything on the system as root unless you are specifically logged in as root, or that program allows you to explicitly run it with elevated privileges (like when you sudo to run a program).
Programs for *nix tend to be modular and free-standing, which means that if a program on a *nix box goes awry for some reason, it won’t take the rest of the system down with it because it’s not tightly integrated into the base system itself. Yes, those apps use system libraries, but their control is more self-contained. This is combined with the authentication requirements to provide a save system.
Open source doesn’t get attacked for the very reason it exists…it’s open. The maintainers of open source projects follow strict rules as to who can change and update projects on development sites. If someone were to try to inject something malicious into a public FOSS project, they probably wouldn’t get it past the code maintainers. if some project is breached, it will be discovered so quickly by the community that it would never have a chance to do any damage.
The upside to OSS is that you might find something in the code that’s created a vulnerability, offer a fix, and see that patch incorporated into the main tree.
The changes to the kernel are generally to keep it abreast of the latest changes in hardware and desired user functionality. Security is certainly a major part of that, and it works well because smart developers include security concepts into their code and as part of the development process, instead of adding it on after the fire has burned everything down.
Uh, Jonathan, that theory is bunk. A large majority of the world’s web sites are run on boxes using Linux, Apache, PHP, Perl and MySQL…all open source. Windows IIS has been hacked and broken thousands of times, but you rarely, if ever, heard of a FOSS server being compromised. Windows gets attacked because it’s easy to attack it. Trust me, as someone who ran Linux on critical servers for a number of years in very sensitive environments, if it was crackable, they’d crack it.
Theres a whole load of Bunk,Hogwash, whatever you want to call it going on in these answers !!!!!
Taken from http://www.whylinuxisbetter.net/items/viruses/index.php?lang=
Linux hardly has any viruses. And that’s not like "Oh well, not very often, you know". That’s like "If you’ve ever heard of a real Linux virus, please tell me". Of course, a Linux virus is not impossible to get. However, Linux makes it very hard for this to happen, for several reasons:
Most people use Microsoft Windows, and pirates want to do as much damage (or control) as possible: therefore, they target Windows. But that’s not the only reason; the Apache web server (a web server is a program located on a remote computer that sends web pages to your browser when you ask for them), which is open source software, has the biggest market share (against Microsoft’s IIS server), but it still suffers from much fewer attacks/flaws than the Microsoft one.
Linux uses smart authorization management. In Windows you (and any program you install) usually have the right to do pretty much anything to the system. If you feel like punishing your PC because it just let your precious work disappear, you can go inside the system folder and delete whatever you want: Windows won’t complain. Of course, the next time you reboot, trouble begins. But imagine that if you can delete this system stuff, other programs can, too, or just mess it up. Linux doesn’t allow that. Every time you request to do something that has to do with the system, an administrator password is required (and if you’re not an administrator on this system, you simply can’t do it). Viruses can’t just go around and delete or modify what they want in the system; they don’t have the authorization for that.
More eyes make fewer security flaws. Linux is Open source software, which means that any programmer in the world can have a look at the code (the "recipe" of any program), and help out, or just tell other developers "Hey, what if blah blah, isn’t this a security flaw?".
Be sure you know what you are talking about before declaring war.
Here endith the first lesson !!!!
LUg.