Future Security of Linux

[WildcatDan]

This is a subject I wonder about and so now I'm wondering if I'm the only one wondering about what I wonder about.  So here it is:
 
The great thing about Linux is that it's free and it's open source.  I remember reading an article on Cuba recently about how they wanted to rid themselves of their dependance on Windows for running their government computers.  The article suggested they planned on building their own Cuban OS from Linux.  This got me to wondering about how a government goes about keeping Linux truly secure. 
 
Right now Linux really doesn't have enough of the market to make it worth hacking.  Plus, Linux attracts a lot of programmers who seem to have a silent pact to not hack each other.  But, what happens when there is a lot more money to be made from hacking Linux?  Will the open-source nature of the software come back and bite them in the butt?  Does it have the potential for being less secure than a closed-source OS? 
 
If the Cuban government is smart, they'll close the source and make heavy modifications for security purposes.  But I wonder about the average user in this scenario.

[Black Viper]

Depends.
Linux and Unix have, for the most part, been server OS's. A big chunk of Linux is in the server market. Namely web servers and render farms. It is difficult, at best, to quantify an entity as far as use is concerned with a "free" OS.
MS has license sales metrics to fall back on... Linux does not have any of that.

With open source software, a lot of eyes can look at the code and determine lots of things, including security issues, with it. Closed software cannot do such a thing due to the nature of it.

Security issues also are mainly targeted to systems that are the most likely to contain them.
An issue that has a very small percent of people actually utilizing the portion that is vulnerable is likely not to cause any harm or be a target. Linux is, by default, much more secure in the way it handles user accounts and system wide permissions. This makes it "more" secure right out of the box.

Also, someone cannot "reroll" Linux and magically make it closed-source. It does not work that way.

The bottom line? No software and no system is "truly secure"... period.

[couttsj]

When the Internet was first rolled out, it was almost entirely run on Unix/Linux. Hacking was practically all done against these machines, because Windows simply wasn't a reality. When Microsoft introduced NT style computers for the home and office market, the situation changed dramatically. With a very large group of powerful computers left with everything enabled by default, hackers now had a much larger pool to choose from. At the same time Linux tightened up it's main security problem of unprotected root privileges. Microsoft now has the difficult task of tightening up its operating systems without alienating the users that have got used to the lax security.

J.A. Coutts

[trashy]

I agree with both points, especially BV's point that " no system is "truly secure"... period."  Is it harder to hack into a Linux/Unix type system?  Usually the answer is "no", but a lot depends on the Administrator of the system.

Just as an example.  At work we had an employee that was using a company laptop to do his work.  He was running Ubuntu, and had all of the "usual" security measures in place.  Without going into any detail, I was able to hack it in about 10 minutes, and have access to the whole system.

My point is, a system is only as secure as the owner makes it, no matter what Operating System that it's running.

As far as the Cuban Government (or anyone else for that matter) "closing" the source, it's not quite that easy.

[neon samurai]

I'd love to hear even general details about how to cracked the staffer's Ubuntu. (Ubuntu being part of the problem ) Anyhow, if your able to give the general entry point, this could be good information for other's that have not thought to protect that particular point of entry.

This kind of discovery and information sharing is what continues to make the platform more secure and improve user habbits so I wouldn't consider such discussion a "helping the badguys" kind of thing. Heck, it's unlikely but it may even result in something on my own Debian installs that needs to be corrected.

BV, can such details be discussed within the board's rules?

[Black Viper]

BV, can such details be discussed within the board's rules?

No.

[neon samurai]

Cheers, fair enough. I'll not press for details then.