Linux's Greatest Strength: No One Uses It
An Ubuntu user published a piece on his blog last week about using .desktop files to deliver malware under Gnome and KDE. He exposes a serious problem that serves to remind over-zealous free-software advocates that Linux, like everything else, has flaws. But in a world where Linux market share remains negligible, do these flaws translate to a decline in the actual (rather than theoretical) security of a desktop Linux system?
The attack method outlined by the blogger is pretty straightforward–you don’t need to be a Linux guru to carry it out–and represents a design flaw, rather than a bug, in both Gnome and KDE.
A little background
Briefly, the exploit involves inserting malicious commands into a custom .desktop file, the format used in Ubuntu and Kubuntu to define desktop launchers and auto-start programs. The attacker then tricks a user into double-clicking the .desktop file, which can be disguised to appear innocent. This method can be used to execute arbitrary code, and even without root access, a malicious script can easily ruin someone’s day by deleting personal files, sniffing passwords and so on.
Of course, the attack depends on tricking the user into clicking the malicious file, and is thus not as serious as threats that deploy themselves automatically. Even so, this is a significant vulnerability that developers have known about since 2006 but have failed to address, which is a bit embarrassing to the Linux community.
This exploit dispels the myth (if it ever existed) that Linux is invulnerable to attack because of superior design. It may be better designed than Windows, but it–or, in this case, its most popular desktop environments–clearly have flaws, and developer ambivalence isn’t helping.
But I don’t think that design flaws really matter at this point in the evolution of Linux, because the chief ingredient in Linux security, at least on the desktop, has nothing to do with Unix privilege management. It might not be pleasant to admit, but the reason that no Linux malware has ever been released “into the wild” is not that Linux is impossible to attack. Like anything else, it has holes that can be effectively exploited by anyone with enough motivation and resources.
Rather, obscurity has been the key to keeping desktop Linux secure for the last two decades, and will remain so for the foreseeable future. An operating system that enjoys less than 1% market share on desktop computers doesn’t offer much motivation to attackers. That fact, as much as anything else, is why Ubuntu users can surf and read email with impunity, at least for the time being.
As long as Linux remains unpopular, Ubuntu users have little cause for concern. And let’s not delude ourselves: the Year of the Linux desktop remains beyond the horizon. We’re not going to rival Windows for market share any time soon.
After all, even Macs remain relatively free of malware attacks. The frequency of exploits targeted at them has risen steadily over the last few years; even so, with Apple’s market share currently ten times higher than desktop Linux’s, malware has yet to become a serious issue for most Mac users. This advantage results from the low popularity of Macs, not an ingenious security system.
To preempt some criticism: the argument has often been made that Linux does in fact present a sizable target to crackers because of its popularity on servers. That’s true. But the sorts of exploits aimed at Linux servers don’t translate easily to the desktop. Hacking ssh or Apache daemons isn’t going to get you into the personal computers of many Ubuntu users. You can’t lump server and desktop market share together.
Lack of standardization: an advantage?
The variability of Linux systems is also an asset. Unlike OS X and Windows, desktop Linux is very unpredictable in that the sub-systems upon which it depends are numerous and interchangeable. An attack that works in Gnome and KDE would likely fail under other desktop environments, for example, and an exploit based on flaws in yum, the package manager for Red Hat and Fedora, would be irrelevant to users of Debian-based systems, which use apt.
In many respects, lack of standardization presents a problem for Linux, but when it comes to security, it’s a strength.
It’s time for the free-software community to admit that obscurity and variability, at least as much as careful engineering, are behind Linux’s solid track record on the security front. This doesn’t mean that Linux isn’t better designed in some respects than other operating systems, but implications that it’s somehow immune to flaws are pretentious and fallacious. The free-software community needs to deal honestly by recognizing these facts.