I was thinking a bit lately, running Linux as my daily driver for the last few days, at least on my desktop PC, about the rationale behind Linux as a secure OS.
Linux is secure because it’s open source so anyone can inspect it and find the back doors and insecure features. That’s the story.
However, a while ago they discovered an open-ssl vulnerability called “heartbleed”, which was there for years, in an open source library, that theoretically everybody could inspect, and yet apparently that didn’t help the slightest bit. How is that possible?
The explanation is quite easy. Yes, there is a huge number of people working on open source projects, but the trick is in how they are grouped. The largest majority is working on redundant high-level stuff, while the “invisible”, low-end, critical features are so obscure, that they are often maintained by either a single developer or a handful of them, and although people could in theory read some cryptographic c library, almost nobody does, because it’s obscure, difficult and unrewarding work. People who maintain those libraries need to have immense expertise, and yet they are usually paid nothing for their work. Nobody really competes for a job that requires a PhD in mathematics, a wizard-level knowledge of c, uses up lots of time, and pays nothing.
Which brings me to the main security issue in Linux: its critical security features are written and maintained by a few unpaid experts, are too obscure to read and understand by the vast majority of Linux developers, and the likely attacker can literally print billions of dollars that will never be tracked or accounted for, and has infinite means of intimidation.
This means Linux is in fact extremely vulnerable. It was proven to have “heart-bleeding” vulnerabilities out there in the open for years, and nobody actually bothered to read the open source code and find them. The vulnerability can be extremely obscure, and you’d need to be a professional cryptanalyst to be able to identify it, and there would be no incentive for you to go through all those mountains of code and find it, because you would assume it’s already been done, which is an easy and pleasant assumption to make, if somewhat unwarranted.
So, what am I saying here? Basically, I’m saying nothing is secure if those attacking the system have control of the hardware design, firmware design, operating system design, and can pay the best experts infinite amounts of money if they comply with their demands, or have them and their families disappear in darkness if they don’t. The idea, that you can simply install Linux instead of Windows and you’re secure, is incredibly naive.