Does Linux Mint require antivirus? @ AskWoody (2024)

Options

• Reply
• Quote

b wrote:

See Also

Why people like Linux Mint so much? What LM users have to say about it?Best Linux distro for privacy and security of 2024Linux Mint Live safer for home banking?Top 9 Fastest Linux Distros in 2024

What’s the perceived “benefit” of open source bug finding then, if serious security flaws go unnoticed for 25 years?:

It’s a bug that never got exploited in the wild, and was still discovered before it was able to be exploited. It was caught before it became a problem. Is that worse, in your estimation, than the various Windows bugs that were discovered sooner because some crook exploited them? If not for that, you have no way of knowing how long it would have taken to be discovered. Could be 25 years… or it could be that it would never be discovered. It is impossible to know.

The real question is one of how many security bugs get exploited before they get fixed. I don’t know how Windows fares compared to Linux in that department. The point I was trying to make is that the presence of bugs that only get fixed after long periods of time does not suggest that the “many eyes” theory of Linux bug discovery is false.

b wrote:

So it’s good that Microsoft patches so many security flaws each month, the vast majority of which have not been exploited.

Of course. If bugs are discovered, they should be fixed, whether they are security bugs or other bugs. More issues fixed is better than fewer. As long as they \ are fixed without introducing other bugs, security or otherwise, it’s an improvement.

That said, though, I have also said that there would be a lot less issues to fix if feature updates didn’t keep rolling on down (which apparently MS now at least partially agrees with). Code with a lot of churn will always have new bugs introduced. It’s always good to fix them, but not everyone wants the cutting edge stuff, which always comes at the cost of more new bugs. Many would rather have a relatively feature-static code base that gets more stable over time as fewer bugs are introduced than are fixed per unit of time.

In Linux, you can go for the most stable distros (RHEL or its community versions, Debian) or the most bleeding edge (Arch, Tumbleweed, Rawhide), or anything in between… and on all of them, you can install the updates whenever you want, without any restrictions. If Windows allowed consumers to use LTSC and to have full control over updates as they used to have prior to the Nadella era, I’d consider that a huge improvement.

b wrote:

What incentives are there to spend time examining Linux for vulnerabilities?

There’s a lot of money in Linux– including MS money. More of Azure’s VMs run Linux than Windows, and those Linux users are MS customers.

The incentive for the corporate interests in Linux are the same as with Windows… money. For FOSS enthusiasts, it’s the desire to improve the product. There’s a community around FOSS projects that wants to improve things for the good of others, a large part of which is about limiting the amount of control that megacorporations like Google, Amazon, Apple, or Microsoft can exert over the web and the IT industry as a whole. Much of the work done in the FOSS world is done for that reason, but that’s not the only one.

There are multiple layers of bug testing in Linux… as an example, you have the kernel team testing the kernel initially, then when they release that kernel, some of the distros will pick up that kernel and do their own testing. Others will wait and see how things shake out for a while before moving to a new kernel version.

Some bleeding-edge distros like OpenSUSE Tumbleweed update to newer packages sooner than other distros, and their users know this going in. By the time they get a given update, it’s already gone through several layers of testing, but the more cutting edge distros will still see more new bugs that make it through. The users of these distros will often find the bugs in those new packages before the more conservative distros roll them out.

If any one of the many distros testing or using a given kernel or other package finds an issue, they will often fix it themselves… and it gets reported upstream, along with a pull request, so that the fix gets distributed to all the various distros if the kernel team accepts it. Sometimes they just report the bug and let the kernel team (which is very particular with the pull requests it will accept) decide how to go about fixing the issue. Once the issue is fixed, that fix is pushed out as a kernel update, and those distros that are not using bleeding-edge packages will usually backport these fixes to their older versions of the package in question. In this way, any fix for any given issue is distributed to all the various distros.

Linux is open source and licensed under the GPL, but it’s also a paid product for enterprise customers of Canonical, Red Hat/IBM, and SUSE. They don’t want their customers to switch to another Linux distro, so they have a very big interest in making the experience smooth and reliable.

2 users thanked author for this post.