Crowdstrike's malware-as-a-service is now affecting Linux. Red Hat, Rocky and Debian stable are affected. According to distrowatch.com, most of us here running linux as a desktop are using debian and debian stable based distros like Mint, Ubuntu, MX. Stop updating, 2 wks+
(www.theregister.com)
🚔 Crime & Democrats 💸
You're viewing a single comment thread. View all comments, or full comment thread.
Comments (25)
sorted by:
Someone who bills himself as a 'computer guru' and who reconditions laptops and sells them, recently told me that Linux was the way to go, as it was (in his words) impervious to hacking and malware. Hmmm... maybe he's full of it too.
Anything can be hacked, especially if you purposely install software/ malware on your machine that operates as a kernel level driver which is what crowdstrike requires to function properly.
If I install a secure version of linux on my machine and proceed to add to it a program running at kernel level 0 which bypasses all that security, then I have opened up the entire OS to a security risk.
If I install at user level 1 software that opens up security, I'm also making the OS be at risk, but not to the same extent, as the kernel should be somewhat protected unless a bad operator takes advantage of my security hole in software level 1 and finds a way to elevate the security level to level 0 (ie exploits a known bug or a zero-day). If the privilege is hacked /elevated to kernel level 0, then nothing is secure on that OS because the user has taken actions that exposed the system and a bad actor has taken advantage and gained control.
No OS is impervious to security issues, when users or administrators make decisions to add software like Crowdstrike, the actual security of the system becomes the lowest common denominator of either the OS security or the installed software's security. Any security hole in either package generates the same risk of a security breach.
In more layman's terms (I've been running Linux for years and still couldn't really explain the word "kernel" for my life). What makes Linux seem "invulnerable" is really the fact that very few scammers and hackers will waste time on Linux when only a tiny percentage of the market uses it. The most gullible and easy marks are using Windows so that's where most of the hackers go. Simple as that. It does seem to be a lot more inherently secure than windows but if it had the same size market share there would be more problems to follow.
And I think that's a really good thing, but doesn't give me the kind of brain that does well with code, lol.
Maybe Linux is far behind on desktop numbers, but it is far ahead on other devices. From Brave's AI:
How many devices run linux in the world? Based on the provided search results, here are some relevant statistics:
Smartphones: 85% of all smartphones run on Android, which is a Linux-based operating system. With over 1.5 billion smartphone shipments annually, this translates to approximately 1.275 billion Linux-based devices (85% of 1.5 billion). Supercomputers: 100% of the world’s top 500 supercomputers run on Linux. IoT devices: 68% of IoT devices and systems rely on Linux. Embedded systems: Although not explicitly stated, embedded systems, which include devices like routers, set-top boxes, and other appliances, are estimated to have a significant presence of Linux usage. Desktop PCs and laptops: 2.68% of desktop PCs and laptops worldwide run on Linux. Considering these statistics, it’s estimated that:
At least 1.275 billion smartphones (85% of 1.5 billion) run Linux (Android). All 500 supercomputers run Linux. A significant portion of IoT devices (68%) and embedded systems rely on Linux. Approximately 2.68% of desktop PCs and laptops worldwide run Linux. Combining these estimates, it’s reasonable to assume that there are over 1.3 billion Linux-based devices in the world, including smartphones, supercomputers, IoT devices, embedded systems, and desktop PCs/laptops. This number may not be exhaustive, as it doesn’t account for other types of devices or systems that might use Linux, such as servers, mainframes, or specialized equipment. However, it provides a comprehensive overview of the scope of Linux adoption across various device categories.