Ubuntu – Is open source software vulnerable to viruses

open sourceSecurity

I understand the ideas behind open source software, but I am more interested in the security aspects. How is open source software not exposed to viruses or any kind of Internet attack? How does it stay secure over time? I have heard that open source software is prone to attacks, but the chances are less than Windows-based software. I am unclear about this.

And why do some Linux users not use an antivirus?

Best Answer

Open source is not inherently safer. It might be a little bit, due to the following reasons:

  • Potentially more people look at the code, so bugs allowing for security vulnerabilities are more easily spotted. (Also, it's not true that open source means attackers can just slip in hacks, as some people might be led to think - code is still checked before included in any project. Unless of course the project itself is malicious.)
  • An openly governed project creates an ethos of contributing back, e.g. when a security flaw is found, this is reported (and subsequently fixed), rather than exploited).
  • The creators of an open source project often have no incentive to deny that vulnerabilities exist until a fix is found -- the more people know about it, the more likely it is someone will know how to fix this.

This will only marginally make it safer, though, since bugs will still exist and people will be using their powers for Bad rather than Good.

When it comes to Ubuntu and all other Linux distributions, though, fact is that it has been designed from the ground up from a multi-user perspective, with one user being able to make modifications to the system and the rest only being allowed to change what's relevant to them - in Windows this was rather tacked on later on (though probably works pretty well by now (Windows 7)).

Still, one could easily write a virus that removes all of a user's personal files. The biggest reason for there being no virus for Ubuntu, is simply that it has a really, really small market share. Thus, there is little to gain and little incentive for a hacker to go through the extra trouble of supporting Ubuntu when they could just target Windows and gain a lot. That, and users of Linux are often more well-versed technically, so would be less likely to install something of which they do not know what it does (though then again, the absence of viruses may lead them to trust everything they download).

(Then again, Ubuntu's update model, among others, is much better than Windows's, meaning that fixed for vulnerabilities can be distributed far quicker.)