The obstacles to Linux security

Off the Beat: Bruce Byfield's Blog

Dec 07, 2016 GMT
Bruce Byfield

Improving security and privacy is the most important issue in modern computing. Yet even Linux, whose architecture gives its a built-in advantage, is moving slowly on these issues. The prevailing attitudes and the innate difficulties of bringing security to the desktop mean that the progress is slow.

To start with, despite the media attention of the last few years, many Linux users -- even many developers -- fail to see the urgency. They fail to distinguish the difference between the fact that Linux has the tools for security and privacy with how it is actually configured. In some circles, even mentioning that Linux might not be configured securely raises accusations of FUD (Fear, Uncertainty, and Doubt) -- that is, disloyalty to Linux in the name of sensationalism.

It doesn't help, either, that distributions have spent over a decade increasing the convenience of their releases while decreasing the security. Most of these changes seem justified in themselves, such as the automounting of external devices, yet I am confident that an audit would show a cumulative decrease in security, especially during the years 2000-2005.

Like Windows users before them, many Linux desktop users have learned to think of their computers as appliances. What matters is their short-term convenience, even at the cost of the long-term inconvenience of restoring their computers after serious security intrusions. Many cannot even be bothered with a strong password, or any password at all, although they seem to regard hiring an expert to purge their computer and restore its functionality every six months a normal part of running a computer.

These attitudes are not a single person's fault. If anything, they are the fault of an entire industry. Over the years, computer users, no matter what their operating system, have been conditioned to accept occasional security and privacy breaches as the price of running a computer. They complain, and worry over the headlines, but the overall attitude is that nothing much can be done. Even those who have migrated to Linux often carry remnants of the attitude.

The overall effect is that what should be an urgent concern with millions of Iot devices likely to come on line in the next few years is regarded as more of the same, and nothing different from the way things already are. In the end, increasing security and privacy means giving up a degree of convenience, and, for many people, that is an unacceptable step backwards.

Getting things on to the desktop
Of course, exceptions to these attitudes exist. In the last few years, many of the new distributions have been security-oriented. A few have even gained some small acceptance, and others have been bundled into free hardware. Yet few of their ideas, if any, have found their way into mainstream distributions or desktop environments.

This situation, I suspect, is not due to a slowness to adapt. The problem is more than reconceptualizing graphical interfaces so that non-expert users can take advantage of security and privacy features is a difficult task. It is almost as difficult as squeezing Linux on to a desktop in the first place -- and, with the partial exception of KDE Plasma, that was only accomplished by omitting all but the most common features. However, that is hardly a solution for security and privacy, since tools that provide either only in the most common cases by definition fail to accomplish their goals.

The minor distros focused on security and privacy do a service by introducing basic tools for users. Thanks to distributions like Tails, for example, more people are aware of Tor and the possibility of anonymous browsing than they were five years ago. In the same way, the omnipresence of Engimail --aided by a campaign by the Free Software Foundation has helped spread the encryption of email in Thunderbird.

However, too many of these distributions -- especially the early ones -- simply provide the tools and leave users to figure things out for themselves with a minimum of documentation. They may, for instance, offer several tools for encrypting filesystems, but they fail to provide any guidance as to which might be preferable in particular circumstances or for certain types of users. In other words, they fail to integrate security and privacy into the desktop. As a result, they leave users only slightly better off than they would be researching these issues on their own.

Fortunately, this situation is starting to improve, with some distributions offering a modified desktop with panel applets and menu items that make security and privacy features part of a desktop. The most thorough example so far is probably Qubes OS, whose different levels of security are at the top of the main menu, making them no harder to select than any other menu item. Others, like Subgraph, are expanding their efforts beyond email, web, and chat to include LibreOffice -- a potential source of privacy leaks.

However, these are exceptions rather than the norm. The idea that security and privacy features need to be as accessible as anything else on the desktop is barely in its infancy.

Beyond Containers
These ideas have yet to reach major distributions. So far as they are modernizing security and privacy at all, they seem to be placing their faith in containers, isolating applications to minimize the damage that an intrusion can do.

This is an important new security feature, and in fact, containers feature in security distros like Subgraph. However, containers are a new technology, which means that they should be relied on cautiously. If nothing else, as Subgraph recognizes, defense in depth is a basic principle of security, and there is no need to depend on a single feature when so many others are readily available.

The main challenge now is not to add security and privacy features -- although new ones like containers are always welcome. Instead, the challenge is to make the existing features accessible. If they add inconvenience in the form of changed work flow and extra precautions, they need to minimize inconvenience in other ways, so that users will accept them.

comments powered by Disqus

Issue 210/2018

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)