Somebody in the Linux News sphere has recently done an article about “Yellow Journalism” in said sphere. I couldn’t agree more – to the uninitiated (and even to me, sometimes) we look like a bunch of maniacs who don’t want to listen to critique.
One myth I want to knock down right now that nobody seems to be addressing properly: the idea that Linux (this word will herein be used to denote “all operating systems based on the Linux kernel”) doesn’t get malware because it’s actually just more secure.
Whether or not Linux-based OS’s are more secure than the big alternative on the market is entirely beside the point; I like to think they tend to be more secure, but they’re only as tight as you, the administrator, make them.
The common argument is that “nobody writes malware for Linux because its market share is tiny;” the nit-picky fanatics fire back “that’s not true, Linux is a high-risk target because it powers so many servers; get a few viruses on some and you have a darn virtual tank.”
I won’t contest the idea that daisy-chaining a few corporate servers could be a formidable power. However, I still sided with the common argument (“tiny market share”) because of the dynamics of the malware writers: the greatest portion of malware out there is aimed at consumers. Why? Because consumers often aren’t capable of removing their own malware. Many consumers, confronted with flashing lights and annoying sound effects from their antivirus software, ignore all the warnings and take no action whatsoever to remove malware.
If you’re an administrator of a corporate server, you better darn well be on the watch for malware (and worse) day and night. So even if a particularly crafty malware writer managed to sneak something in (less likely considering the attack vectors of generic malware), the behavior would be picked up and stamped out in little time.
So it’s moot! Consumers are the easiest target for malware writers. That said, the hugest demographic among consumers has to be Windows. One of the smallest would be Linux.
QED, malware writers simply don’t bother targetting Linux because there’s no payout.