this post was submitted on 05 Apr 2024
1155 points (97.9% liked)
Technology
59161 readers
1727 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I wouldn't say that Windows is malware itself, but rather it wasn't created with a security-first stance, which we absolutely need for all OSes going forward. I say this as someone who ditched Windows as my DD ("I use Arch, btw"). I left Windows more for their policies and subscription models that are becoming increasingly anti-consumer.
With that said, let's not pretend that Linux is immune as has been proven in the past week with xz and liblzma being compromised. Yes, it took 3 years to get to the point their long game paid off, but it still happened through a series of credibility social engineering steps by a single person. (Yes I know others were also trying to do exactly this, but only Jia Tan was successful)
The reason you know is because the target software is FOSS. Care to bet other similar schemes have been successfully pulled off with proprietary software?
There are so many surveillance built into proprietary software, countries like U.S. probably can just ask for any information from Apple, Google, Facebook, Microsoft.
On the other hand, countries like China and Russia would probably need to compromise these product like Jia Tan did. Except for Apple, because every apple service in China is maintained by a Chinese company with no encryption allowed.
You only know this happened because one dev was benchmarking their system and noticed a 0.5s anomaly in resource usage, and was able to track it down to this. For every one of these that are caught, there are countless more that slip past.
I actually look at it a completely different way. There are so many users optimizing and digging into the core of open source versus proprietary that with so many randoms actions there's less "vulnerable" dark spots available. If we think there's a limitless X amount of vulnerabilities (since we don't know the true ceiling limit), open source will always be "X (vulnerabilities) - 1" compared to proprietary. Completely a math metaphor but gets the point across, It's a path that lessens the impact which we should be striving for over profit/monopoly motives.
Of course, there can be malware for open-source systems such as Linux, but it's generally caught and patched a lot faster.