I’d love to not have to deal with Linux at work, but this really reads like someone who has never actually dealt with the realities of a corporate environment.
Yes, Linux is free, but staff time isn’t. Who cares if multi billion dollar companies spun up their own Ubuntu derivatives - there are maybe 100 companies in the world with the resources to make that make sense. Yes, AD and Intune suck but they are still miles faster and easier to get stood up than trying to build all the infrastructure yourself with Ansible or whatever, especially if you aren’t already a tech shop.
“Oh you can compile your own kernel” how is that going to make it easier for the accounting department to get their shit done?
“You don’t see viruses on Linux” is a semantic argument - Linux systems get hacked all the time.
The thing is a little simplistic: Linux is perfect if your job is coding, working with enterprise web UIs, sending mail and/or using Office Suites, which to be fair is like 90% of office jobs.
For the other 10% use cases, Linux isn’t just ready yet because, for example, the company that produces analytic equipment doesn’t even bother to acknowledge the existence of Linux for their data log software. And then there is Adobe. Adobe are just a bunch of cunts.
The problem we have were I work is that there is no company our company can buy the product to. Don’t lough, we have a very hard time to convince them that we can support the thing for this reason. We are a team dedicated to the Linux support in the company though, so we have that at least.
The biggest difficulty to use Linux in a company is how the company usually work: they have a centralised database to manage user accounts and they usually use proprietary softwares for about everything : office, windows authentification and file servers, mails, etc. And they make it hard to use their stuff with free software. Teams for example barely works on chrome, and straight up doesn’t on Firefox. You also need to setup your infrastructure for security and stupid vpn software the sales got sold on.
Economically I’m pretty sure it’s still worth it, because our team is smaller than the windows team and everything is made for the windows infrastructure that we must plug into.
Oh and try to have almost any user use something else than office shit for desktop work, good luck for that. This is the biggest barrier for Linux use right now.
Here is the thing, it can, it has been ready for most thing but… business is bussiness.
Companies like blame someone when things go wrong, if they chose open-source there’s isn’t someone to sue then;
Buying proprietary stuff means you’re outsourcing the risks of such product;
Corruption pushes for proprietary: they might be buying software that is made by someone that is close to the CTO, CEO or other decision marker in the company, an old friend, family or straight under the table corruption;
Most non-tech companies use services from consulting companies in order to get their software developed / running. Consulting companies often fall under the last point that besides that they have have large incentives from companies like Microsoft to push their proprietary services. For eg. Microsoft will easily provide all of a consulting companies employees with free Azure services, Office and other discounts if they enter in an exclusivity agreement to sell their tech stack. To make things worse consulting companies live of cheap developers (like interns) and Microsoft and their platform makes things easier for anyone to code and deploy;
Microsoft provider a cohesive ecosystem of products that integrate really well with each other and usually don’t require much effort to get things going - open-source however, usually requires custom development and a ton of work to work out the “sharp angles” between multiple solutions that aren’t related and might not be easily compatible with each other;
Open-source requires a level of expertise that more than half of the developers and IT professionals simply don’t have. This aspect reinforces the last point even more. Senior open-source experts are more expensive than simply buying proprietary solutions;
If we consider the price of a senior open-source expert + software costs (usually free) the cost of open-source is considerable lower than the cost of cheap developers + proprietary solutions, however consider we are talking about companies. Companies will always prefer to hire more less expensive and less proficient people because that means they’re easier to replace and you’ll pay less taxes;
Companies will prefer to hire services from other companies instead of employees thus making proprietary vendors more compelling. This happens because from an accounting / investors perspective employees are bad and subscriptions are cool (less taxes, no responsibilities etc);
The companies who build proprietary solutions work really hard to get vendors to sell their software, they provide commissions, support and the promises that if anything goes wrong they’ll be there. This increases the number of proprietary-only vendors which reinforces everything above. If you’re starting to sell software or networking services there’s little incentive for you to go pure “open-source”. With less companies, less visibility, less professionals (and more expensive), less margins and less positive market image, less customers and lesser profits.
Unfortunately things are really poised and rigged against open-source solutions and anyone who tries to push for them. The “experts” who work in consulting companies are part of this as they usually don’t even know how to do things without the property solutions. Let me give you an example, once I had to work with E&Y, one of those big consulting companies, and I realized some awkward things while having conversations with both low level employees and partners / middle management, they weren’t aware that there are alternatives most of the time. A manager of a digital transformation and cloud solutions team that started his career E&Y, wasn’t aware that there was open-source alternatives to Google Workplace and Microsoft 365 for e-mail. I probed a TON around that and the guy, a software engineer with an university degree, didn’t even know that was Postfix was and the history of email.
A caveat to the cost and expertise aspect: in Europe (or in France at least) for security reasons a company must have the servers secured for all data and authentification, which means any company that’s big enough will have its own Microsoft server infrastructure. It takes a big team with this specific expertise to run this infrastructure.
Microsoft does a good job at keeping old software working alongside new software and will take a bullet for their customers. Linux doesn’t have anyone with that rep.
In term of software compatibility, on Linux, you have the option of making chroots. Since the kernel devs makes a lot of effort to preserve compatibility, old software can still work fine. If I remember correctly, some kernel devs tested a while ago some really really old versions of bash, gcc, etc, and they still work fine with modern kernels.
I can’t even get installers designed for Windows 7/8.1 to run. It’s just a software to use the scan feature of a printer. No errors, no logs. Cups works perfectly with it.
It’s not even drivers really, printing works fine. The printer itself works fine without the software. It just needs an extra program to scan.
Now, a generic driver which adds support for scanning without third party software, so drivers which can interface directly with Windows’ scanning service, would probably solve that problem. But considering that the Software for the printer stopped at 7/8.1, it’s a pretty old printer even if they stopped support immediately after releasing it (which they didn’t). So I doubt M$ will be able to provide as much support for nearly as many printers as Linux got over the years by the community.
oh geez. I’ve done Windows desktop support for many years, and that is so VERY not true. Even if you discount the fact that win95 software would be written for 32-bit architectures, they don’t account for UAC or file permissions, often fail to let you move installation files to better locations, and universally have shitty automated installers. Often they depend on hardware, eg dongles that no longer exist or CDROMs that have long since gone to hell.
Usually we’ll airgap a machine and run Windows XP 32-bit, which is generally the highest you can reliably get a win95 program working with. Sometimes a VM will work. Sometimes you can mount an ISO and fake a CDROM. It’s a challenge.
Linux is so much easier. You have more options for getting old stuff to work, even if you have to do a lightweight VM with an old OS, you can sandbox it better.
Does Windows 11 allow Windows 95 compatible computer games? … It really depends on the game, you might get some working, some might not. It is really case by case basis unfortunately.
It appears that people may have to use virtual machines to run some Windows 95 software www.groovypost.com/…/run-old-apps-on-windows-11/ The article doesn’t mention using HyperV only 3rd party software.
I prefer Linux simply but it isn’t my tribe.
Took a couple of minutes to find the information above
Linux is ready for workplaces and has been for a very very long time. That is irrelevant if workplace IT support is not ready for Linux and has no budget or time to get ready for it. All your points are meaningless and have never been the problem. The problem is with management, policies and getting in house support for things and all the work involved in that. Depending on the size of the company it can take a lot of time effort and money to retrain IT staff to support Linux. And IT staff are already overworked, under-budgeted and don’t always have the time to support extra things.
I've got a Linux work server because VHDL simulations are hella expensive. I have to say that if your team isn't willing to RTF-Man pages, you end up with a lot of cargo cult CLI processes. No crystalized knowledge or training, it's hard to start up in it. It's enough that requiring explicit Linux experience for new hires is preferable. Windows sadly has the familiarity benefit. And don't get me started on the wacky custom solutions the IT set up circa 2002...
I mean yeah it’s possible, but the reality is that most people in the company will likely want Windows anyway, and use things like Microsoft Office and a heap of other Windows only software. Probably not the developers, but accounting, HR, and so on. There’s also sales but nowadays they demand MacBooks because of status symbol and apparently it sorta matters, at least according to sales.
As an IT department, if you can get away with supporting only one platform and even one model/brand of computer, it’s much easier. Maybe two so sales and devs get their MacBooks. Adding a third is asking a fair bit from the IT department, and it starts adding up to a really rare skillset. I know very few that are absolutely proficient in all three main OSes.
There’s also the compliance aspect. The reason my current company can’t support Linux users is InfoSec/compliance. Not because Linux is insecure, but because all the standards are written for Windows. You can argue all you want about how Linux doesn’t need an antivirus, tough luck, SOC2, ISO and also insurance policies all explcitly require “controls against malware” and firewalls with every OS held to the swiss cheese security of Windows. So each OS basically requires the InfoSec and IT department to write out unnecessarily detailed procedures and policies about all the security measures, for every OS in use. What antivirus runs, is it a reputable brand, how do you validate that it runs, how do you test that it detects malware, how do you validate and ensures that the incident gets reported, what tooling does the software gives you to establish the root cause and entry point, what exact user action happened that led to the exploit chain, what was the exploit chain, how you’re going to mitigate and clean up after exploitation, how do you know exactly what data was compromised, and so on and on and on.
Right now most vendors support barely support the current version of Windows and macOS (especially macOS, I swear the AV software is always holding back major updates for several months every release). Very few support Linux. So either you have an entirely separate policy and audit for Linux, or you just don’t support Linux.
We’ll see companies open up to Linux when all the vendors also start supporting Linux, and even then, with those that do, it’s a shitshow of only supporting the last version of Ubuntu or RHEL with pinned kernel versions and blatant GPL violations and GPL condoms and binary only kernel modules with no hope of recompiling/adapting them to the current version. The ClamAV trick no longer works, auditors now want real AV software with the whole exploit chain tracking I described. Which is also why those company computers are so damn slow, much slower than you’d expect. They scanning everything and tracking everything, every process tree, what spawned it, what user action led to it. My MacBook started feeling like a Dell Latitude from 7 years ago once they loaded up all the crapware on it. We had to reserve a whole bunch of extra capacity on the Linux servers just for AV to exist and do nothing because it’s all locked up in containers and SELinux policies and it takes a pretty bad 0day to pwn those.
If I was the IT guy, I would also struggle to even begin to make a case for supporting Linux and justifying the time and cost. I don’t like my OS, but I do my work on it, cash my paycheck and move on to enjoy my Linux machines off work.
What about enterprise user and permissions management? AD is a draconic thicket of confusing spaghetti, but once setup it works. What’s the Linux alternative?
but I think they just are lazy to find out ways to provide this support
It’s not that they’re lazy, it’s a combination of not getting paid enough, and not having a reason to care.
If you were a high-level executive, I can bet you they’d at least make an effort to deliver something. Believe it or not, most people only do what’s needed of them as per their job description (and that too, the bare minimum to meet the quota/standards), unless their boss tells them otherwise, or some exec shouts at them, or that they’re actually passionate about something. If no one in IT is passionate about Linux, you’ll never get them to accept it, regardless of how technically superior it is on paper.
Point 2 is a reason it’s not used or used for very specific use cases within a company. Companies don’t want to make a custom distro that they have to support themselves, that costs money.
The final point you made yourself the IT guys don’t have Linux knowledge but they do have Windows knowledge. Easier and safer to stick with what you know than what you don’t.
About the point 2, it says that Windows cost much more than making your own distro which can be made by 1 single person if you know enough of Linux.
About the final point, that is the excuse, “stick with what you know” so they aren’t really doing their job providing us our needed tools to work with… That’s what I blame, get some Linux IT expert and give support.
Do you know how much cost is involved in developing a peace of software?
Get what you need > a lot of time and good view of the company is needed.
Then either get a company to do it > expensive + no control on the software.
Or/
Make it yourself > extremely expensive + control on the software.
Get the right people > hiring campaign > expensive
Then these hired people represent more people to pay each month > expensive.
If there aren’t right people, you need to teach the devs how to work on it > expensive formations and it’s done on the working time, so double expensive.
Then time invested in creating the Linux distro adapted to the company > time, testing, mistakes, redo, undo… expensive.
(let’s not forget about taxes and obligations towards the new workers).
Do you know how much money Google has? It’s enough to do whatever with that, even just keep the people away from competition.
Why Google did that or if it’s even true? Not sure.
However Google is a big tech which develops software for a multitude of platforms, even Linux. They work on their own Linux mod : Android.
So they have all the people already in the company to do whatever they want on Linux.
They also have specific needs which may not need windows.
We however use excel and the advanced feature Power query and power Bi. So as long as a Foss alternative doesn’t get to the level of the current insanely powerful excel and power bi, we’ll be stuck on windows.
So because it’s Google means they waste their money? Nope, they just know why they are using Linux, and I’m sure they are spending less money than what they should if they used Microsoft/Apple technologies.
Sure. But google does waste money if it brings them profit. It would be rather called an investment.
However the example of Google is extremely bad, because it can only be applied to very large tech companies who already have people developing for Linux.
But other companies can do the same as Google did, I saw distributions maintained by 1 single person, what stops companies to do the same? I think that is the lack of knowledge of how Linux works. Google is a good example and could work for many big companies, small companies normally allows already to work with Linux or I have been lucky to find dev job positions on small companies that work with Linux already.
They can’t really do that, mostly because it’s not “just 1 person”.
There are a lot of costs going into maintaining the os, apps, custom software, and training for the employees.
Google is giant, and has a huge amount of money. They can afford to spend the costs of training, modifying software, or developing other software for their needs if it reduces their future costs.
A smaller company don’t have all those funds, they wouldn’t be able to invest as much into switching to Linux and maintaining the custom software or finding new software and training.
When people switch to another software, there is also a period of low productivity, when these same people are still discovering the software, and cannot do everything as fast as before. That is also creating additional costs.
They can’t really do that, mostly because it’s not “just 1 person”.
I said you can, but for companies that really wants to do it, 3 - 4 persons could be better to make sure everything works 7/24. For smaller companies they probably neither have IT, if they have, then they can manage Linux. If they hire people that don’t know how to use Linux, then they are hiring people not prepared to provide to their workers the tools they need, and they will need to “stick with what they know” which is Windows.
There are a lot of costs going into maintaining the os, apps, custom software, and training for the employees.
Yup, right now I am having issues with Mac and Windows, issues like arch dependent tools (M2 is ARM) or Windows that can’t deal with docker properly. All systems have their own costs.
Google is giant, and has a huge amount of money. They can afford to spend the costs of training, modifying software, or developing other software for their needs if it reduces their future costs.
If they had any issues they would undo it and go back with Windows, they didn’t probably because the cost to “into maintaining the OS, apps, custom software, and training for the employees” isn’t that expensive as running all desktops with Windows.
A smaller company don’t have all those funds, they wouldn’t be able to invest as much into switching to Linux and maintaining the custom software or finding new software and training.
The tools exist, they just need to hire people that actually knows how Linux works, still will be cheaper than paying Windows licenses and support stuff.
When people switch to another software, there is also a period of low productivity, when these same people are still discovering the software, and cannot do everything as fast as before. That is also creating additional costs.
Is that an argument for not giving support to Linux users? Every Linux user needs to lean how Windows or Apple works right now, and Windows and Apple is already an option to choice (normally), I don’t know who would request to work with Linux if they don’t know how it works…
The article only talks about deployment costs. What about the rest?
For you a company should just throw away it’s employees to hire inexistent Linux experts or people using Linux software or whatever?
There is the server side. There I agree that using Linux is great.
On the client side it can be more complicated. A lot of schools in various domains teach the students how to use the software on windows. Not Linux.
Furthermore, a company doesn’t pop into existence the moment where it thinks it needs to switch to Linux.
The company already exists, providing work to the employees, trained on windows. So switching on Linux may change the software if it cannot be used on Linux (not everything is a saas). And that can be a time consuming process for the employees too because they don’t know how to use it efficiently.
For you a company should just throw away it’s employees to hire inexistent Linux experts or people using Linux software or whatever?
There are Linux experts.
There is the server side. There I agree that using Linux is great.
Not only great… xD
The company already exists, providing work to the employees, trained on windows. So switching on Linux may change the software if it cannot be used on Linux (not everything is a saas). And that can be a time consuming process for the employees too because they don’t know how to use it efficiently.
I never said all them needs to switch, I just said to provide support for people that never uses Windows or Mac, so we can keep working properly with our Linux tool and all our environment.
If they want to switch all from Windows to Linux, then it’s a huge decision… because of Microsoft monopoly, everyone buys PC with Windows licenses and that’s the only reason I see why companies uses Windows, the monopoly.
I won’t comment on point 2 as I think that has been answered suffiently. On the final point Linux support is more expensive. First line Linux support pays better than first line windows support because well. It is still nieche so workers can command better pay.
You will also have to go through your whole application library and make sure it works, if it doesn’t can you get it to work or do you have to move applications? That will be expensive and time consuming, more than likely someone does something once a year which is really really important who gets missed and you swapped over 6 months ago and now you have to hack a way for this process to work in 2 weeks to meet the deliverable.
This isn’t including training your staff. You have to retrain everyone which is going to be expensive. To be blunt a lot of regular users barely know how Windows works and any change to their way of working is going to be hell. Then you have the cost of retraining the whole IT department which is going to cost more than the regular users.
Sticking with what you know may not be the right thing to do but it usually is the safest option.
Don’t get me wrong I would love Linux to take over the office space but I can’t see that happeing in the next 20 years. Maybe in a startup it’ll work but, moving from something so entrenched in your company is a very big and very scary ask.
Well, there are virus as any kind of device that runs any logic, the thing here is that is harder to get hacked than with this kind of tools that Windows uses.
So yeah, I don’t need many apps that my Mac has and could be used to hack me with 0 click interaction or with valid Windows certified programs. Still, the “no virus” is not the only reason, updating a Linux system is just a few seconds and your work could have their own repository mirrored and monitored.
In other comment you said something along the lines of “just hire an expert”. They charge way more by the hour.
Maintaining a distro for this very reason will never look ‘cheaper’ for executives. Trust me. They rather pay you to see stuff that has CLEAR and FAST deliverables, that’s what they do what they do, make/save money; take shortcuts.
Well, I think they are expensive because they are actually experts, not like random IT hired personal that (in my case) couldn’t even understand how OAuth works.
“no virus” is because it’s literal extracted from the text, not my words. I explain then what I understand with saying “no virus”, as any device can have virus, JavaScript runs on Linux, Windows and Apple. It’s common sense. No need explanation.
I know about this issue, I have read about it already. No one uses this unless noobs watching YouTube tutorials.
Cannot be compared to the vulnerabilities I pasted (0 click exploit). Any system can be hacked, Linux is the most used OS and still have fewer viruses issues as others, but it still has as any system has.
I said distro instead OS, Linux is the most used OS, many people behind working in secure the Linux environment. The example of this exploit also exists on Mac and Windows for years, and it will always happen.
An admin user will know what they are doing, and I doubt they will install a package from an external source downloaded randomly on internet, for the non-admin users, without sudo they can’t install/infect that malware on your Linux.
I said distro instead OS, Linux is the most used OS,
Wrong, Linux totals 3% of the desktop market which is what’s being discussed in the original post.
many people behind working in secure the Linux environment.
Many people work on securing Windows so your point is…?
The example of this exploit also exists on Mac and Windows for years, and it will always happen.
Whataboutism.
An admin user will know what they are doing, and I doubt they will install a package from an external source downloaded randomly on internet, for the non-admin users, without sudo they can’t install/infect that malware on your Linux.
Wrong. This is so wrong. The most common and effective attacks start with phishing people who think they know better. A user downloading a zip or rar file is enough, they don’t need to be an admin or have sudo rights.
Seriously just stop talking about a topic you have zero knowledge on. I suggest you do a SANS course if you’re actually interested in learning.
WTF, you look like having a bad day, because of my lack of English knowledge doesn’t give you freedom to insult me.
EDIT: I think you are just insulting me, but if Linux is the most used OS means the support should be awesome… worldwide support… while this malware could happen on Linux but also on Apple and of course on Windows, there will be always malware… so at least let’s make one really good as it is right now Linux (with support for old computers, means it’s not forcing users to keep upgrading their hardware), and that’s the reason it is the most used, fits everywhere. Windows only have the monopoly and Apple the “think different” thing (and they give special focus for designers and is Unix, sadly docker is still virtualized).
The linux kernel is not completely secure by default, neither is any specific distribution. No internet connected device could possibly be “set and forget”. Security can not be taken lightly
When it comes to workplaces, you can expect people to deliberately craft a virus and/or try that break into your system specifically. A lot of the world runs on linux, a lot of hackers try to break in to this world.
For personal use it may be true enough to be fine in practice, but it’s a very dangerous thing to believe for a professional setting with probably expensive equipment and valuable data.
Yeah. I know that. But that’s in theory. And it’s more hacking, not a virus.
If that’s really true, it’s surely possible to find an example of a virus that did it’s thing (spread) and do a bit of damage somewhere. And not just say hypothetically it’s true.
I know Linux can be hacked, because I had a webserver hacked. And i see all the logs and the hundreds of login attempts per second and automatic exploits in my logfiles. I have a good idea why most of the Linux boxes get hacked. And all I’ve ever seen were not updated server software resulting in rootkits. 0% is viruses in my experience. Rest is proper issues and maybe the bad guys have been quicker than you. But it’s mostly targeted and rare. And nothing compared to the stuff the windows guys had to deal with during the last year and switch off things until it had been patched properly. We mainly do our updates. And every few years there is a major screwup and you type in a few commands in the terminal to hotfix something. But that’s mainly it. And you can’t make it about any hypothetical issue. While there are supply chain attacks for example, my mom who is using Linux to write her letters and print forms is unlikely to need to learn about that. I told her she doesn’t need antivirus and viruses and trojans are more an academic thing with Linux. She doesn’t need to worry. I also talked about targeted attacks and being a valuable target. But that’s besides the point here. Hence my question and me wanting to stay on point.
Please just prove me wrong. I’m serious. All I could find are some harmless viruses from 2003 that didn’t even spread enough to have reliable numbers. Ransomware that affected ‘tens of users’. And you got the easy position. I advocate for Linux on the desktop. And it’s impossible to prove something is secure. I always have to go into detail, explain viruses, architecture, package managers etc to get my point across. You got the easy position. All you need is to find one counterexample.
And arguments are always the same. I do the whole talk and then say you don’t need antivirus because in real-life there are no viruses. And people ask me ‘but what if tomorrow there is one’. And sure. Nobody believes me when I say I’ve had a quick glance into the future with my crystal ball. But what kind of argument is that? What if I’m struck by lightning on the way home tomorrow if I take the bus instead of the car? I guess I’ll just die then. Many people have been under the influence of ‘windows-truths’ for too long and can’t imagine another world. Some people didn’t listen to the first part of my talk. And some just want the computer to work and a simple answer. I get all of that. But it doesn’t make something true or false.
[Edit: Sorry, had to post this again. I deleted the previous comment by accident instead of editing it what I was trying to do… And Lemmy doesn’t seem to federate deletions that quickly. I’m still learning things here…]
I’ve read that list. There’s not a single name that rings a bell. Which one of those had any consequences in real life and is more than an academic study?
(And besides that: Sure. It’s funny to make every program output your name. But it’s pretty harmless and not on the same level with viruses that do proper damage to a computer infrastructure. I wouldn’t lump all that together. That’s not right, either. And misleading.)
I don’t understand. You made the claim Linux viruses exist. Why is it now my job to disprove their existence?
It’s like with God, Vishnu, Thor, … You claim existence, you show me.
If there are that many experts around. Why can’t they do more than link a Wikipedia article that doesn’t (yet) contain the information I’ve specifically asked for? Shouldn’t they know at least something themselves? At least know 1 name from the worst offender? Why does the other half of experts not know the distinction between virus and other forms of malware? And that it makes a difference here?
I see that people disagree with me. But I seriously doubt that there is a single expert around.
I swear I’m not trolling. If you’re an expert, just give me the name. I’ll even try to look it up myself and if it’s a virus and spread across a few hundred computers around the world and maybe more than 2 or 3 companies and I can find maybe a newspaper article that says it did some harm, I promise I’ll accept that and change my opinion. At least tell me you’ve learned in uni that Linux viruses definitely exist in the wild, but no studies have been done because of X or Y. And we have no numbers. I would think that’s very curious because there are so many linux servers out there, but I’d at least have something to work with. (And don’t take things out of context.)
A virus is a specific type of malware but for the general public is broadly synonymous with malware. Ask the average user, and the commenter in the OP screenshot, what the difference is without looking it up and they can’t tell you.
A virus doesn’t need to be spread broadly for it to be concerning, impactful or dangerous. Often these attacks are very carefully targeted at the victims.
A vulnerability is generally exploited by a virus to inject code by either modifying memory or files the target program relies on. One such vulnerability was
With this vulnerability it was possible to modify any file on a Linux device, meaning viruses would be simple to implement and deploy. Many android devices are still vulnerable.
To think that all possible vulnerabilities have been fixed, or are known to linux developers, would be extremely naive.
Furthermore a virus is often targeting a specific application and while OS level controls restrict the avenues of attack it doesn’t prevent flaws being introduced by developers.
You’ve already been given a list of viruses for Linux, if you’re genuinely so concerned with defining them by impact you can look them up. You have the information needed to do this yourself, and it is not my responsibility to educate you, though I do seek to counter misinformation where possible.
Well, the first article pretty much says what I’m saying. In theory there can be viruses. In the real world they have pretty much no effect. They are more a curiosity than something that really exists and has had consequences. It even says you’re installing antivirus because of the windows clients, not because there were linux viruses.
The second article also is about a security vulnerability and talking about potential consequences. Not a virus that uses this as means to infect people. Not actual consequences.
We’re going in circles. I’m sorry.
And a virus and a vulnerability in some software (or kernel) that can you get hacked are two entirely different things:
They affect different parts of your infrastructure. It is unlikely that someone executes random binaries on your webserver. It is very likely that someone wants to listen to Spotify while editing 150 excel spreadsheeds. So it’s likely your employers execute stuff on their workstations. Also you wouldn’t install a browser in an AWS cloud instance to look at lewd websites. You’re going to use Chrome on your workstation. Viruses affect other and distinct parts of your infrastructure.
You protect for them by different means. Antivirus helps with viruses. For targeted attacks on your webserver, you have firewalls, filter requests, keep your software updated. And don’t do silly stuff. I’ll admit rootkit detection is kind of similar to antivirus. There is some overlap, for example you should also keep Chrome updated on your employers workstation. But updates won’t help you against a virus editing a file on the network share to replicate. You do vastly different things to protect against the different security threats that your company faces.
All the threats have different consequences. Some things just try to wreack havock in your company. Some things you’ll barely notice but hackers are stealing information. Some things try to extort you. Either by blackmailing you to pay to get your data back, or so it doesn’t get leaked. The next few workdays after that happened will be very different, depending on which of those possibilities happened.
So while talking about cybersecurity. Why would I lump all that together and strip the words of their meaning? And in this case on top: One thing is something that actually happened. The other things are just words about something hypethetical. I’m aware you have to protect against potential threats. Nonetheless both things are something different.
Regarding your advice: Yes. I’ve looked it up. I found no viruses that had any significant real-world impact. Hence me insisting on it. I said in my first comment I want to see impact. Not an academic study. Because context matters. We’re talking about someone advertising Linux to an undetermined group of people. These people are concerned with implications for them. If they need to worry. Not if in theory anything can happen. That doesn’t help you choose between two options. And we’re talking about ‘simple truths’. They’re kinda always false. But people want to hear them. They want it condensed into one sentence. Because they own a company that manufactures car tires and they don’t want to get a 20 minute lecture about computer attack vectors. They want to hear if they need to worry about their Linux server. Is it safe or not, do I need to pay someone to install Sophos? And be done with it.
You’re twisting my words so they lose meaning. And change the context. And then posting articles about something related but not the thing.
Please read my first few comments. I’ve talked about it and that’s not what I said. I have found no viruses conforming to what I’ve clarified in my very first comment. I’ve also explained why it’s important to differentiate. I have found things alike. But never the thing. If you twist my words enough and change the context, it would almost seem like I’m contradicting myself, yes. But you’re the one twisting things around until you’re right.
And why are you just now talking about that? Nearly every single comment of me starts right with a sentence that clarifies what I mean?
For the record: I’m not the one changing the meaning of the word. I use it like in the definition. You’re the one extending the meaning arbitrarily.
I think I’ll just wait and see if some expert comes along and gives me my single example. If that doesn’t happen I’m going to stick to my opinion: They exist in theory, but not in practice. And vulnerabilities and rootkits exist, but a vulnerability isn’t automatically called a virus because those are different things.
To end with some more friendly words: I’m pretty sure some people are confusing the words ‘malware’ and ‘virus’. Malware is the umbrella term. I’ve already admitted there is malware. For example the Mirai worm i think had affected hundreds of thousands of IoT devices (speaking of fire and forget embedded linux). And I’ve seen wordpress plugins with vulnerabilities and actual rootkits on webservers myself, as I told earlier. But I’ve also said in this context the distinction matters.
Sure, it’s IT teams that don’t want to support it. I’m lucky enough that our IT supports all major OSs and so we can more or less choose. Most tools certain jobs require however do dictate the OS. For SW development Linux is absolutely feasible.
Yeah, my work doesn’t really support Mac at 100%, but we still use it as docker on Windows is much more a pain, so we are using Mac devices outside that Windows system controlled environment, they told us, and we lack the access to the VPN, still we use remote windows to access on our work network, and we can also use Microsoft Office this way and feels like having it installed on our Mac. (Our Mac don’t have licenses for MS Office)
So as I said, I’m tired of people making excuses… it’s perfectly valid 😭
lemmy.ml
Newest