Linux has a negligible market share in the desktop area, regardless of which statistics are used. But when you look through the blogs and forums of the “data protection scene”, things look very different. Concrete figures are not available, but presumably, more than 50% of people use Linux as their primary operating system.
The reasons are discussed much less often.
Most of the time, a succinct reference to open source and the freedom of the development model comes first. This is a point that is questioned far too little (see: Proprietary vs. Open Source - The Eternal Debate About Security & Comment: Open Source is good for security - or is it?). Of course, it is in principle beneficial for security that the source code is freely accessible. It enables independent audits that are not at the mercy of a company and in case of doubt the experienced user can look it up himself. In fact, most of the open-source projects, especially the security-critical ones, are huge. Hardly any user has the knowledge and the time to "just" check a project like Firefox. At the same time, the number of developers in many projects is very small, so that a principle of multiple control is hardly guaranteed. Of course, a proprietary development model with invisible source code is not safer, but the reference to the open-source code is a bogus argument regardless of the real circumstances.
The situation is different with less ideological arguments. Linux distributions are basically construction kits in which a large number of components can be replaced or completely omitted. In contrast to macOS or Windows, Z. B. A cloud service is not permanently integrated into the operating system in any Linux distribution. Furthermore, powerful encryption solutions for communication, data, and operating system are available in this modular construction kit. With comparable operating systems, this only applies to more expensive editions or only applies to parts such as the actual operating system. Linux enormously lowers the hurdles to further protective measures.
In connection with Windows 10, the focus is once again on telemetry data and data flow. Canonical recently discovered how sensitive the subject has become. Unfortunately, it is by no means the case that no telemetry data is collected under Linux. Firefox is certainly the most prominent example of open-source software that collects data using an opt-out procedure - but it is by no means the only one. On the other hand, it is correct that there is no large-scale plan for data collection behind it - also due to the fragmentation into different projects.
When Windows XP came onto the market over 15 years ago, the Internet experienced perhaps its first major shit storm, even if it wasn't called that at the time. Windows XP made various connections to the Internet. XP-AntiSpysoon became part of the basic equipment of many systems. Many of the hot topics from back then seem strange today. Windows XP checked the license online for the first time, contacted the update server, and had other functions integrated, such as an automatic cover download. Much of this is taken for granted today, and of course, most Linux distributions also contact servers. Updates to the package database, time synchronization, automatic cover download on many music players, etc., etc., etc. With all these connections, data is potentially generated, but at the moment it is most likely not recorded systematically and probably not processed statistically. Although some distributions take a look at the data from time to time.
A popular point of criticism is that many of the big IT giants are based in the USA (and now increasingly also in China) and are therefore subject to the laws there - with all the problematic implications. This is not wrong so far but fails to recognize that Linux is hardly better off here. Red Hat - one of the most important players in the Linux area - is based in North Carolina, while SUSE GmbH is owned by Micro Focus based in the UK. A country with an affinity for far-reaching surveillance laws, the GCHQ was not in the focus of the global surveillance and espionage affair for nothing. There should be no illusions that Linux has not been promoted by small hobby developers in the basement for a long time. In the central components, in particular, development is carried out by paid developers who are employed in companies that are often based in the same countries as the proprietary - supposedly untrustworthy - IT giants. Here the circle closes to the beginning. The open-source code should ensure that these companies do not incorporate anything harmful. But is that actually happening? After all, even such central components as Open SSL were hardly looked at for years.
There are also major problems beneath the operating system. There is hardly any hardware with really free firmware and components such as Intel I now have their own operating systems. Even hardware from vendors traditionally popular in Linux circles is no better. Projects like Purism or Coreboot are all the more important. If you don't own such special hardware, you shouldn't feel too safe despite Linux.
Find Your Security Protection for OS With Total Security
Linux is still a good foundation. Mainly due to the high availability of extended tools and the modular structure, which enables unwanted really to be removed. Also, many of the criticisms expressed here can be remedied in manual detail work. Linux is not an isolated system that does not make any contact with the outside world and, once generated, data can in principle also be evaluated at some point. You shouldn't feel too safe here. The open-source argument should not be carried too aggressively with the increasing complexity of the software and the influence of large companies on development. Because actually it hardly says anything.
Comments
Post a Comment