Is using Linux a sufficient security measure?

We wonder if Linux is a sufficient guarantee and security.

Increasingly, our lives are based on the use of devices. Not only computers and mobile phones, but also household appliances and medical devices are connected to the network, constituting a potential danger. In this post we will see if, as some believe, using Linux is a sufficient security measure.

Some funny guy said that the 3 golden rules to protect our data are: don't have a computer, don't turn it on and don't put sensitive information on it. But the truth is that depriving ourselves of a useful tool just out of fear is never a good option.

Is using Linux a sufficient security measure?

We all know the story of the 3 little pigs and the wolf. There are many versions (even one in which the wolf ends up eaten by the little pigs) but the fundamental story is that each of the 3 little pigs chooses a different material to build their house. The first two are easily knocked down by the predator, while the third, more solid, resists all attacks.

That story is a good metaphor for computer security. We all like to use our devices for fun and work. Security precautions and updates are a pain. But the more seriously we take them, the safer we will be.

Of course there are problems. Unlike the story, the wolf in real life learns how to tear down the brick house and we must find a more solid material to reinforce it. If we use Windows or Android, at some point our hardware will stop supporting updates.

If we talk about computers, we can always install a Linux distribution. However, although Linux is more secure than Windows due to its file architecture and privilege system, it is not impregnable.

There are a few ways to bypass security measures on a Linux system:

  • Social engineering: Although Hollywood has installed the image of the teenager writing code at high speed, most computer criminals are better psychologists than programmers. What they do is take advantage of a person's qualities or weaknesses to get them to do something or share information that would not normally be done voluntarily. Social engineering uses fear, respect for authority, greed, jealousy or any other human emotion that can be exploited.
  • Phishing: In this case the attacker impersonates the identity of a person or institution to fraudulently obtain personal data. This deception takes very refined forms. In my personal case it was with the Paramount+ streaming service. The fake page not only advertised on Facebook, it had better positioning on Google. I was saved because when I checked the domain registration data, I found that the website was hosted on a server in Slovenia.
    Another point to keep in mind is that 15 or 20 years ago, those of us who used Linux were people with a higher level of knowledge than the average user, so we naturally took the appropriate security precautions. It also helped that we were a minority. Today Linux is used by many people who don't even know they use Linux in their gaming consoles, Internet of Things devices, smart TVs, and cars. The type of person who doesn't read the user license and click Next in the rush to enjoy their hardware.

The case of Android

With mobile devices, the problem of hardware obsolescence presents greater difficulties. While it is true that there are alternatives based on the Android source code (which we will talk about in future articles), in general they are usually available for mid- and high-end devices. and, its installation requires obtaining root access to the device and a certain level of knowledge. An alternative is to use Android emulators on your computer and phone to get security codes via text message when needed.

As the first AIDS prevention campaigns said, it's not about being afraid but about being careful. Using applications downloaded from official repositories, checking links before clicking, installing updates when they are available, and using the security tools that we will list in the next article will give us a reasonable level of protection. .


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.