Something that has been bothering me for a while is my unquestioning belief that 'nix is inherently safe - is it true to say that Linux is safer than (say) Windows or even Mac? It seems that I'm not the only person that is vexed by this question and AIB (a registered user at askubuntu.com) has posed the same question to the Ubuntu community.
As usual, the answer is not quite as clear cut as I would have liked but it does seem that there is a consensus that Linux is vulnerable to attacks from malicious code-writers, criminals, and other ne'er-do-wells - it's (perhaps) just less likely to happen than in the more popular operating systems. The usual reason offered for this enhanced security is that Linux sessions are generally run as a non-root user meaning that it is harder to install rogue apps maliciously. However, this doesn't protect users from themselves and if you choose to install an application, you do so at your own risk.
So, the real question is; how do you know which applications are safe and which are not? The answer is that you don't!
An accompanying problem is that of poorly written (but otherwise, benign) code - bug fixes and enhancements can find their way into the repositories without any real audit and potentially have serious implications for system stability.
The good news is that, with appropriate precautions, Linux users are generally quite safe. Windows dominates the OS market and remains a more attractive target for virus and malware writers. Nonetheless, it is good practise to refrain from installing applications from untrusted sources and to stick with the tried and tested applications in the Ubuntu Software Centre. However, if you really must install the latest version from an untrusted ppa, do your research first: check the Ubuntu Forums to see if other users have experience (good or bad) of your chosen application and stick with trusted project maintainers.
Sources & References:
- Ask Ubuntu: Are the Programs in the Ubuntu Software Center Spy-ware Free?
- Wikipedia: Linux Malware
- The PCSpy.com: Linux isn't invulnerable. Don't say it is.