← Back to context

Comment by chlorion

18 hours ago

This isn't accurate at all.

The reason people don't get malware on Linux is because they install software through the package manager, via trusted and reviewed repos. And drivers are all built-in to the operating system, not third party (with some exceptions, like nvidia).

On most Linux setups you aren't just downloading random junk from the internet and running it. Also the operating system won't install things automatically for you generally either. Even system updates are optional if you don't want them, and you won't be nagged for it.

Basically it comes down to a difference in culture.

I agree that culture makes a difference, but the largest aspect of it is that the average Linux user is fairly technically proficient and would be fairly unlikely to install malware even on Windows.

As for software installation, that is true for software packaged by your distro (for Ubuntu/Debian/Fedora and others, that only includes open-source software by default), and similarly, a lot of Windows software is now available from MS Store. But even on Linux, you'll need to download software manually (e.g., Chrome is not available in default Ubuntu repos, same for Discord, Slack, Teams, VS Code, Dropbox, Spotify and other common software). Even worse, less known dev tools are quite often installed with `curl ... | sh` or equivalent, which is a strictly worse alternative to installers on Windows from a security perspective.

Then, there's the question of phishing, infected torrents, fake movie pirating sites,... Currently, most malware from these sources will target Windows (various .mp4.exe files, Excel macros,...). If Windows users migrated to Linux, malware would adapt and start targeting Linux.

Desktop Linux is currently protected by being a low value target – it has low market share, and most of its users are power users, which makes them harder to trick. The opposite is true for server and embedded Linux, and it's a frequent malware target as a result.