Linux for gaming, is this a good time to jump the windows boat?

[Vertigo 7]

Again, a Linux desktop or server takeover without any help from inside or the hacker having local access has still to be made, which is not the case for Windows and Android, right ?

Uhh no. The vast majority of that is dependent on the competency of the administrator. While it's certainly true that Linux administrators have a higher technical working knowledge than Windows and Android administrators (due in no small part to the much steeper learning curve to use Linux) on average, thus the average Linux administrator is better able to control firewall policies and access restrictions, etc., than the average Windows or Android administrator. Just being Linux doesn't make it more secure.

You see, the Linux OS can be easily made just as vulnerable as anything else by your average idiot that does things like disabling UAC on Windows, running everything as admin, disabling the firewall, etc., etc. - all the stupid things you see in your favorite cnet blogs and spiceworks forums. You think these people are going to be suddenly brilliant when they sit down in front of the supposedly more secure Linux OS? And IF users suddenly switched off to Linux instead of Windows that the malicious actors won't shift the main focus of their attention onto Linux? You think those cnet blogs won't change from Disable UAC to Give yourself root access and disable password requirements and other equally stupid things?

Security challenges for ANY operating system is largely dependent on the user base.

And the thing is, you know this.

[BaronVerde]

https://www.exploit-db.com/exploits/44890 "DynoRoot" for NetworkManager in Red Hat-likes

Granted, But was not really relevant for the desktop user.

https://conference.hitb.org/hitbsecconf ... ilhelm.pdf CVE-2018-15688 for systemd networkd

Not granted because didn't allow control of what happened on the attacked side. Though systemd itself is still debated. Can you debate any windows component ? If unsure, don't use systemd, there are alternatives. That's Linux

Secondly, with a relative handful of users of desktop Linux,

lol, if you say so. Judging from a gamedev forum I'm sometimes on I'd say ~30%. That a lot of fingers for a handful, is't it ? But it is impossible to say with confidence because nobody can track the numer of Linux installations.

Thirdly, you cannot rely on users never running anything they shouldn't,

I don't. Don't pretend I did. That's why I advise not to do so and to use an environment in which they can be aware. Are you aware of what comes on your Windows machine ? You'd probably need at least as much knowledge as one need under Linux, where that knowledge is freely available.

If you stick to that advice, you will not even need a pesky virus scanner any more.

[Vertigo 7]

But wait a minute... systemd and networkd went through the gamut of opensource review and validation before being built into the distros! I thought that was the be-all end-all solution to eliminating vulnerabilities in OS's?! You mean to tell me it wasn't?! *gasp* *shock* *horror*

And even with an alternative available, with networkd being the default service in most Linux distros, are users supposed to know automagically that there's an alternative available and how to change away from it? inb4 "they can learn how to do it" the average user isn't going to want to learn how to change their system configs and service settings. They just want their stuff to work out of the box. And we're back to nothing is going to be different for the end users moving from Windows and now they'll have to learn linux command line functions to secure their machine. UPGRADE!

I do sincerely hope no one is following your advice if they're wanting to keep their machines secure.

[BaronVerde]

[..]

Trying to find the relevant information in the piffle ...you're, as before, just getting personal without arguments to discuss. For that one, there was no real predictable exploit (potential though, by chance, on some systems, but I think not on red hat and debian) or access gained.

Btw., the mere fact that such things come to light is the control through open source. the Linuxes can afford it, Windows too ? MS says no, I believe they were afraid even for Windows 10 when part of NT source code went public. There is an added reliability level in open source that closed source doesn't have, cannot have. You mus just trust MS that they do things right. That's your choice, I don't judge you or anyone. But I say there's a more secure, more performant, better documented alternative freely available. I have an agenda, I admit Though I am not going out and serach Windows vulnerabilities, my time's too precious.

There are, though, limitations to gaming under Linux in general, simply because few games are written for native Linux. But the good ones are, isn't that enough ?

[Vertigo 7]

But wait a minute... systemd and networkd went through the gamut of opensource review and validation before being built into the distros! I thought that was the be-all end-all solution to eliminating vulnerabilities in OS's?! You mean to tell me it wasn't?! *gasp* *shock* *horror*

And even with an alternative available, with networkd being the default service in most Linux distros, are users supposed to know automagically that there's an alternative available and how to change away from it? inb4 "they can learn how to do it" the average user isn't going to want to learn how to change their system configs and service settings. They just want their stuff to work out of the box. And we're back to nothing is going to be different for the end users moving from Windows and now they'll have to learn linux command line functions to secure their machine. UPGRADE!

I do sincerely hope no one is following your advice if they're wanting to keep their machines secure.

Trying to find the relevant information in the piffle ...you're, as usual, just getting personal without arguments to discuss.

I'm sorry if you feel that warning people away from bad advice is somehow personal. It isn't. Dunno what else to say about that.

Debian for instance wasn't affected because they switched late to systemd. There was no real predictable exploit or access gained.

Good for Debian. You know what also wasn't impacted? Windows.

Btw., the mere fact that such things come to light is the control through open source. There is a reliability level that closed source doesn't have, cannot have. You must just trust MS that they do things right. That's your choice, i don't judge you or anyone. But I say there's a more secure, more performant, better documented alternative.

Red Assassin pointed out to you that you also have to trust the distro maintainers and coders if you're going to use their things. What's the difference? I highly highly doubt you have personally reviewed every single line of code in your preferred linux flavor, or even most of the applications you've installed. So if you're fine with blindly trusting those developers, how is that any different than me trusting Microsoft or developers of any application I've installed?

There are, though, limitations to gaming under Linux in general, simply because few games are written for native Linux. But the good ones are, isn't that enough ?

So from many choices to few. Was that supposed to be an argument in favor of Linux? Because the logic of that escapes me.

[BaronVerde]

Honestly, I and probably nobody have/has any idea how many vulnerabilities and exploits, from harmless to zero day, there were and are for Windows. Many, that's sure, and many weren't even even found yet. We don't know, we don't have the code.

@Vertigo 7: No, I haven't looked at all the code, actually at almost none of it. The kernel alone is idk, are they at 40 million loc yet ? So that's a bit ridiculouls to assume a single person would/could do that. I could download it with a single command, yay . But a few minutes ago I looked at the code of the systemd thing, and I must say that one is visible if you know what's going on (looking for it). And the visibility and open source nature helped the discoverer findig it.

https://bugs.launchpad.net/ubuntu/+sour ... ug/1795921

Btw., C is a language one can actually learn relatively easily.

[Vertigo 7]

Honestly, I and probably nobody have/has any idea how many zero day exploits there were and are for Windows. Many, that's sure, and many have not been disclosed yet or where even found. We don't know, we don't have the code.

Ok, so? I'm sure the worlds most popular desktop OS is going to have some vulnerabilities discovered at a higher rate than the rest. No one is disputing that Windows has vulnerabilities. The point is that so does Linux, only there's not nearly as many looking for them. Whether the code is available or not doesn't mean a thing.

@Vertigo 7: No, I haven't looked at all the code, actually at almost none of it. The kernel alone is idk, are they at 40 million loc yet ?. I could download it right now with a single command. But right a few minutes ago I looked at the code of the systemd thing, and I must say that one is visible if you know what's going on (looking for it). And the visibility and open source nature helped the discoverer findig it.

https://bugs.launchpad.net/ubuntu/+sour ... ug/1795921

Btw., C is a language one can actually learn relatively easily.

So what?! Just because I learn Japanese, that doesn't mean I can integrate into Japan's society. If you've ever spent any time coding, you know there's more to it than just knowing the language. If that's all it took, Linux, Windows, OSX, and everything else would be the greatest things ever of all time.

And I seriously hope you're not suggesting everyone learn C just so they can review Linux kernel code. I'm going to assume you know that people don't have the time required to invest in such an endeavor since you haven't done so yourself. Not to mention, the desire and drive to do that will be minimal, at best.

And since you haven't done that yourself and most users wouldn't do that, then you know as well as I do that they're trusting the distros are safe and bug free. Again, I ask you, how is that different than trusting MS or any other developer?

[red assassin]

Granted, But was not really relevant for the desktop user.

? It affected desktop installs of any Red Hat like (CentOS, Fedora, Scientific Linux, etc).

Not granted because didn't allow control of what happened on the attacked side. Though systemd itself is still debated. Can you debate any windows component ? If unsure, don't use systemd, there are alternatives. That's Linux

? That presentation literally gives a step by step walkthrough of how it's exploited to gain full remote code execution.
Systemd is everywhere, and systemd in particular isn't the point anyway - the point is that there are exploitable bugs in Linux core components just as much as there are in Windows. You can switch to Devuan or something to get away from systemd, but there's nothing inherent in systemd which makes it insecure in a way alternative tools aren't.

lol, if you say so. Judging from a gamedev forum I'm sometimes on I'd say ~30%. That a lot of fingers for a handful, is't it ? But it is impossible to say with confidence because nobody can track the numer of Linux installations.

A developer forum is in no way a representative sample! Desktop Linux is about 2% of the desktop market and 1% of the overall user device market. (Estimates will vary a little, but never higher than a couple of percent. This data comes from web traffic counts.) Edit: oh, and sitting pretty at 1% on the Steam hardware survey: https://store.steampowered.com/hwsurvey ... e-to-Steam

I don't. Don't pretend I did. That's why I advise not to do so and to use an environment in which they can be aware. Are you aware of what comes on your Windows machine ? You'd probably need at least as much knowledge as one need under Linux, where that knowledge is freely available.

If you stick to that advice, you will not even need a pesky virus scanner any more.

You are saying "just do this list of things and never make any mistakes and you'll be safe". But
a) you have exceptions to your own advice - "only ever run stuff from the Debian repositories! Except for this list of other things I use." - and I'd bet money nobody writing your telescope control software has ever put any real effort into security;
b) as discussed above you're reliant on nobody anywhere in the development process of all of the software in Debian making any mistakes, getting compromised themselves, or being a malicious actor, which is intensely optimistic;
c) people make mistakes, you and me included. It only takes one hasty click, one thing you didn't check properly, one thing you found on a support forum to get something working, one typo in an install command, etc to compromise your entire system.

I run desktop Linux, Windows, and macOS on different devices, as well as managing a number of Linux servers. Security isn't about "my operating system is great and everybody else's sucks". All software is vulnerable! Assuming that yours is the only one that isn't is a very literal false sense of security.

edit: also, as a bonus, I just remembered Google Project Zero's desktop Linux Bluetooth exploit: https://google.github.io/security-resea ... iteup.html

[jlehtone]

Every OS has vulnerabilities. At least the user. However, can we say that security in GNU/Linux is in practice no worse than Windows?

If yes, then that is one tick on the checklist on viability of switching to GNU/Linux.

[red assassin]

I think that's a difficult question to produce a single definitive answer to. Certainly there are a relatively small number of attacks actually targeting desktop Linux due to the small install base, so it's safer in that sense. But Windows provides a lot of security features, many of which don't currently have Linux equivalents (Virtualisation Based Security and associated features, some of the control flow enforcement and pointer authentication features, etc, plus cloud based anti-malware tools, both by default and third party - if your Linux system does get compromised, there's nothing to try and detect that). And most Linux desktops don't currently take full advantage of a lot of the security features Linux does provide like containerisation and sandboxing. If security is your primary consideration, it's up to you and your threat model which you'd like to prioritise, really.

[jlehtone]

If you are concerned about security, then you do find out and take full advantage of the features of your OS.

However, does "regular user/gamer" have security as primary consideration?

[BaronVerde]

@jlehtone: That's my point. but I ambeing dragged into absolutism and ridicule. Ok, I said I still have to see a Linux takeover from outside, and that I saw, thanks. But people also tend to ignore the beam in their own eye when they find a splinter in somebody else's, if you allow the metaphor.

We have the choice with GNU/Linux where to put our emphasis. If it is security, you stay with a stable installation and away from third party software, except for the native Linux game we want to play and eventually a proprietary graphics driver (nvidia, amdgpu open source is seen as equal to the closed source version), and please stop dragging that into ridicule.

If we're hardcore, we bake our own.

If we want functionality no matter want, we go with emulators and clients of all kinds, at the risk of running after updates and potentially catching malware.

Such a choice is partly taken from us under windows, we can't bake our own windows, or choose between distributions that follow different philosophies.

I am not hardcore (too late to the party), but certainly belong to the first group that doesn't want to be constantly tracked and spied upon and left little choice than constantly running after updates that repair this and break that. I've had that for 20 years.

Btw., the full kernel 5.14 has ~30 million loc, 3.3 of which are the open source amdgpu driver (whch performs very well, but is a monster).

Back to the point: Is it time to switch to Linux ? One can switch any time, but if it just for gaming than the answer is probably "no" for those who need all the thirdparty stuff and don't want to become more let's say literate in the use of their OS. They are better off with Windows and MS taking care of everything. If it's for greater performance, security, and to become more knowledgeable in the use of a OS at the cost of executing some discipline (and pls. stop dragging that down into absolutism) then by al means yeah, go ahead.

That's my opinion, and the reason why I switched. I am not a hardcore gamer.

--------------
Edit: As to what's more secure, Linux or Windows, the common sense is that the architectural differences make Linux more secure than windows nd that Windows is the most vulnerable OS among MacOS nad Linux for a few reasons, and that in itself has nothing to do with the number of installations or user behaviour. Even if you have a browser that on double click automatically downloads a file, marks it executable and executes it, it can only do harm to the user account. Create a low profile user and use it for browsing, if you're navigating shady places. Don't use suid sandboxes, they heave the user space restriction out.

So, yes the user has to do a bit, become somewhat more savvy with Linux, its architecure and tools, to make the most out of it and take profit from its principally greater security.

---------------

https://www.techworm.net/2016/09/real-h ... s-mac.html

[red assassin]

https://www.techworm.net/2016/09/real-h ... s-mac.html

It's not 2016 any more. All major OSes have made serious security changes since then. Security is an incredibly fast moving field. In 2016 I would probably have agreed that Linux was the most secure option for a desktop platform (though not to the same extent as you - it's still very complex and nuanced). But Microsoft (and Apple and Google for that matter) have been investing seriously in security for that entire time and have come a very long way. Have a look through the lists of Windows security features and mitigations I posted and count how many are new since 2016. Desktop Linux has benefited a bit from security improvements from server Linux and Android and shared applications like major browsers for sure, but there just isn't the scale of investment in desktop Linux platforms that there is in Windows and macOS. Meanwhile, the flaws in the "open source is secure" assumption have become clearer. Turns out it being easier for the good guys to find security issues means it's also easier for the bad guys to do it. And good guys with the sort of skills necessary for modern security research rarely work for free. For major corporately-backed projects like Linux itself that can afford to pay security researchers, that might not be a major hindrance. But projects with little money like desktop environments, or all the weird and wonderful projects that are supported by a couple of people in their free time? There's far, far more code than you're ever going to be able to have audited for free.

Even if you have a browser that on double click automatically downloads a file, marks it executable and executes it, it can only do harm to the user account. Create a low profile user and use it for browsing, if you're navigating shady places. Don't use suid sandboxes, they heave the user space restriction out.

You say that in a way that implies it isn't true of Windows? If you run something as your user account in Windows, it also only has access to your user account. But on a single-user device like a home PC, everything you care about is also owned by the same user account, so that's not actually a significant protection. Sure, using a separate user account for different categories of browsing helps, but you'd better be religious about doing that... and you can still do the same on Windows! This is why Android (and iOS, and increasingly macOS, and even Windows) enforce sandboxes that limit applications' access to other files owned by the same user. Linux supports similar restrictions, of course, as seen in server containerisation, Android, and the Chrome sandbox. But they're very uncommon for other desktop applications - Snaps can do it, but I haven't really seen a very positive reaction to Snaps yet.

You keep bringing up setuid sandboxes, despite them not being necessary since the kernel introduced user namespacing. From "they heave the user space restriction out" I'm not convinced that you actually understand what they do? Chrome used a setuid helper for sandboxing because, pre-user namespaces, chroot(), CLONE_NEWPID and CLONE_NEWNET were unavailable to non-root users. Therefore, the setuid helper is necessary to enforce those restrictions onto renderer processes. But none of the actual browser processes run setuid. The helper just spawns processes that are running as your user and with additional restrictions on top. It's no more a violation of user account restrictions than /bin/ping being setuid, or a process starting as root to acquire privileged resources like well-known network ports and then dropping privileges. It's not ideal - the setuid helper is theoretically a potential source of security issues itself if an attacker can get out of the sandbox in the first place. But it's better than not sandboxing at all, and becomes completely unnecessary as soon as you can access those sandboxing features (and many more) without being root via CLONE_NEWNS.

[BaronVerde]

@red assassin: The principle differences have not changed, denying that is denying reality. https://fossbytes.com/pop_os-vs-windows-11-comparison/. Maybe one day Windows will be comparably safeto Linux. That'll be the day when it's desktop runs on a Linux Kernel, haha (weren't there rumours a year or two ago ?)

Windows has so many issues not just because hackers focus on it (Linux servers are a much more rewording target btw.) it but because it is so trvial to lure the meak into making mistakes. Afterwards they are so ashamed that they keep silent. While Linux hackers need deep knowledge to score, Windows/mobile users are much easier to trick by social engineering because they rely on the faultlessness of their OS, just like you do. Linux users are often times more concerned about safety. And that's not my idea, so it is pretty obvious.

You haven't understood: Linux knows no file types like .exe, it doesn't execute a file automatically and not by calling its name even if it is in the current directory. It needs useraction to allow that, and that is not true for windows. A doubleclick executes a file, which is just another reason to use the CLI more frequently ... better control.

No, we could carry that on forever, but it is getting boring.

People who like to try Linux out will do so no matter what we say, and I encourage them. If it is only for gaming though and click a graphical UI with the mouse, they might be better off with windows.

Bye, for now.

[Vertigo 7]

it but because it is so trvial to lure the meak into making mistakes

So you want the same people on linux where mistakes can be even more detrimental?

You haven't understood: Linux knows no file types like .exe, it doesn't execute a file automatically and not by calling its name even if it is in the current directory. It needs useraction to allow that, and that is not true for windows. A doubleclick executes a file, which is just another reason to use the CLI more frequently ... better control.

So all those icons sitting on X desktops are just pretty pictures? Sure fooled me. You do realize too that there's shell only versions of Windows Server and have been around for years. Just sayin'

People who like to try Linux out will do so no matter what we say, and I encourage them. If it is only for gaming though and click a graphical UI with the mouse, they might be better off with windows.

So your recommendation for the subject of this thread then is not to use Linux for gaming. Awesome. I fully endorse this recommendation and sound advice.

[red assassin]

@red assassin: The principle differences have not changed, denying that is denying reality. https://fossbytes.com/pop_os-vs-windows-11-comparison/. Maybe one day Windows will be comparably safeto Linux. That'll be the day when it's desktop runs on a Linux Kernel, haha (weren't there rumours a year or two ago ?)

Windows has so many issues not just because hackers focus on it (Linux servers are a much more rewording target btw.) it but because it is so trvial to lure the meak into making mistakes. Afterwards they are so ashamed that they keep silent. While Linux hackers need deep knowledge to score, Windows/mobile users are much easier to trick by social engineering because they rely on the faultlessness of their OS, just like you do. Linux users are often times more concerned about safety. And that's not my idea, so it is pretty obvious.

You haven't understood: Linux knows no file types like .exe, it doesn't execute a file automatically and not by calling its name even if it is in the current directory. It needs useraction to allow that, and that is not true for windows. A doubleclick executes a file, which is just another reason to use the CLI more frequently ... better control.

No, we could carry that on forever, but it is getting boring.

People who like to try Linux out will do so no matter what we say, and I encourage them. If it is only for gaming though and click a graphical UI with the mouse, they might be better off with windows.

Bye, for now.

Your article simply includes some random tech writer stating without evidence that Linux is more secure. Which is the same thing as you've done. I have provided examples and links for everything I've said, to technical documentation where available, because funnily enough I do actually know what I'm talking about. You are ignoring this in favour of repeating "it's more secure" and implying we don't know basic things like C or what the executable bit does, after a discussion including modern exploit techniques and the details of sandboxing policies.

Linux users are certainly different on average from Windows users. That doesn't make Linux more secure, it just means the learning curve for Linux is steeper. Windows hasn't let you just download and run something untrusted for years for exactly this reason - downloaded files get warnings attached if you try and open them, reputation and signature checked, and checked by your built-in or third-party anti-malware tools. Whereas Linux has none of these protections, and indeed it's incredibly common to see setup instructions for Linux tools that say "just download and run this thing" or even "here, pipe this URL from curl into bash"! Once again, I'm not suggesting anybody shouldn't use Linux if it's the right tool for them - again, I run it on a lot of devices and it's my primary day-to-day OS both personally and on my dev machines! But I do object to the mindset that Linux is automatically more secure than (Windows|Android|etc) because a) it will lead less security aware users into a false sense of security (wherein they might, for example, start piping random URLs into bash shells because the internet told them to) and b) believing that your software is already secure discourages vital work to make it more secure.