Nearly 40 Years Without Security Incidents
LATER THIS week (on Thursday) this site turns 18 and we've already bought some party kits for the sister site's 21st anniversary. Next year the combined age - the age of both sites - will be 40. Over the years the sites ran Gentoo, Debian, CentOS, and Alpine.
In all this time we've never suffered a breach (security incidents) and since upgrading to Debian 12 we've hardly had to endure DDOS attacks. Aside from increased capacity owing to static pages replacing WordPress, Drupal, and MediaWiki, there are also some firewalling mechanisms that obstruct abusive bots and botnets.
Speaking for myself, I never ever had security incidents on my desktops/laptops. In my childhood, way back in the DOS days, there would be the occasional "rogue" floppy disk with a virus on it, but that predates the Web and viruses could not pass from one computer to another wirelessly or over a network cable (which most homes did not have at the time). As this predated hard-drives (for most people), a virus would be hard to transmit from one program to another (except RAM) and many boiled down to pranks, not ransom, extensive data loss, or permanently damaged hardware.
People who use Windows have come to sort of "accept" that security incidents are part of life or "normal". Disaster is always "imminent" and "unavoidable" (inevitable). At my last employer we saw clients' systems suffering security incidents (reasons varied), as did the last university I worked for. GNU/Linux isn't invulnerable to 'Windowsheads' assigned to manage it. Yes, a common pattern was neglect and mismanagement; misconfiguration was one symptom. One client put JBoss on Windows. Yes, Windows!! All the other machines (back end) ran GNU/Linux. This boiled down to an old technician (in his 60s) who used Microsoft for everything, even for his E-mail!
People who know how to run GNU/Linux (and not just reboot any time something goes wrong) can use it safely for many years. In my case, my two primary laptops have already had a combined uptime of 700+ days. And yes, those are safe. The world-facing (e.g. over SSH) machine is fully patched and was last rebooted (for a new kernel) about a week ago. It runs Debian 12.
The Microsoft-funded (e.g. by "ads") media likes to claim that "Linux" is not secure, but it often boils down to GPL violations or appliances/servers running Linux (or other key packages) that's years out of date while connected to the Net, sometimes needlessly. Not every machine needs to be accessible by anyone on the Net; or facilitate printing by every/any random IP address, even from North Korea.
3 years ago Dr. Andy Farnell said that "We Can't Teach Cybersecurity" in today's universities. He explained that real security practices are verboten or ridiculed, whereas snake-oil and charlatans take their place. Revisit what he wrote this past summer about "Clown Computing". This issue isn't limited to Microsoft, even if Microsoft remains the "worst of breed". █