How inherently vulnerable to exploits is Linux really?

I read an article (Linux | Madaidan's Insecurities) claiming that Linux was actually less secure than Windows or Mac, for various reasons including an outdated kernel and lack of exploit mitigations. Some of the arguments they used sound suspicious to me - why do they seem to credit Windows and Mac with partial solutions, but require them to be fully implemented in Linux? And why would such severe vulnerabilities be left basically unfixed for so long?

I use Linux now because I thought that being open-source, while obviously not a straight path to security, makes it a better choice than proprietary systems like Windows and Mac. But I also know that exploits, particularly zero-day ones, are an ever-increasing problem. Is Linux actually more vulnerable to these in practice? And what can be done to protect yourself if you use it?

Thanks for any advice you have

Ah, the great mystery. If you find out, let me know.

Technically speaking, there are legitimate disadvantages to Linux compared to Android, iOS, and macOS (and Windows to a lesser extent), some of which I’ve previously brought up on Fedora’s discussion forum:

However, it’s important to understand the context of these supposed deficiencies within the larger threat landscape. For example, the average person’s greatest risks by far are phishing attacks, weak passwords, and drive-by malware downloads. Your OS won’t help you with the first two, and in the case of malware downloads, simply not using Windows is probably the greatest thing you could do to reduce your attack surface.

The “problem” with Linux is basically that it would probably be easy to develop malware for it. The reality is that despite this, nobody is actually developing malware for Linux, and you’re exceptionally unlikely to ever encounter a Linux exploit in the wild unless somebody sends it directly to you.

If I were a high-risk target—like a journalist reporting in a hostile foreign country, or an executive at a prominent company, for example—I might not be comfortable trusting Linux as my daily-driver operating system. But at that point frankly I would also need to consider many threats which are a bit out of scope for a project like Privacy Guides.

There’s a general rule I like to follow for regular computer users: If an exploit is not being used in the wild, you do not need to worry about it.

There is value in posts like the one you linked which describe security design flaws, but that value is for developers and cybersecurity professionals, not for people who just use Linux. As someone with an interest in cybersecurity, there are a lot of things I’d like to see Linux improve from a security perspective, but there’s also no reason to also not generally recommend Linux to people in the meantime. The article is an interesting piece for Linux developers to ponder, but frankly I’m tired of people citing it as the reason nobody should use Linux themselves, because it is so irrelevant to the average person.

All of this being said, the criticism of stable release models in that document is actually applicable to regular Linux users, and updating frequently is good advice.


That makes sense. Thanks very much for your informative answer

Engineers at Apple who makes macOS and Microsoft who makes Windows both contributes to linux project.It is their best interest to keep it secure and it is secure… on servers. Operating systems like macOS was built from the ground up to be secure on consumer devices and continue to innovate in that area.

Security is not just on software it is also is on hardware. One of the best example is Secure Enclave on macOS. Secure Enclave takes advantage of the dedicated security module on Apple Silicon SoC and run separate operating system called sepOS parallel with macOS to handle sensitive tasks like encryptions.

Linux will continue improve its security on consumer hardware and mostly be able to replicate security features on macOS (except for the hardware based ones). However it is mostly catch-up, while macOS is leading in that area.

You can learn more about what makes macOS secure from Apple Platform Security page.