I just read this item, in today’s (Thursday, October 10, 2024) CodeProject newsletter. It raises the question in the title of this post, then provides suggested solutions. What do you think?
Ernie
3 Likes
If the source code is audited then I don’t think there’s any problem. Because all talents matters in open source. Geopolitics has no place.
3 Likes
I agree, but it still exists. Even though I’m non-political for the most part, as an example, being a citizen of the U.S.A., I choose to NOT use any software from companies/corporations based in either Russia, or China, and that includes Open Source options (Deepin comes to mind), mostly because I don’t trust the governments of those countries, as opposed to the distributions/projects/companies/corporations themselves.
I use Microsoft Windows 11, and Garuda GNU/Linux here, as my OSes of choice. While I recognize that, in Garuda, many of the software components that make it up may contain contributions from projects based in the above-mentioned nations, my distribution itself is not, providing peace of mind, because I know they wouldn’t introduce activity-monitoring/malware software knowingly. This may be counter to my stated choice, above, regarding what I choose to NOT use, but it is what it is.
Ernie
1 Like
So you are not planning on using kerperski antivirus!
Like the rest of America!
Dont blame you i would not touch any of them
Nope! Not a chance!
2 Likes
I never did like or use it myself.
If needed i use windows defender, but prefer to move clients to linux instead and my prices reflect that as a service
3 Likes
I did in my Windows XP days (in an ancient historical time).
I liked it because it was seemed to follow the dark force quicker than the others. I also liked Nod32, and switched between them couple times, because Kaspersky was a huge resource hog, it slowed my machine noticeably.
Nod32 in the other hand was almost innoticeable that time.
But Nod32 did detect the same shit just 2 weeks later.
When moved to Windows 7, I changed to AVG, first it was good, but later it became a resource hog too, so changed to Panda.
With Windows 10 (for that short time with it) I just used the builtin something (defender?).
After leaving Windows 10 and moving to Linux my computer could take a breath, and could more easily assign resources to my own tasks, as there was no more “antimalware services executable” eating up sometimes 60% of the CPU and 100% of disk I/O.
Get Linux, be careful, be sensible, and can forget antivirus.
3 Likes
I think there is a bigger problem with hardware and firmware, because they are more difficult to audit.
and
who checks that the binary package that you download actually came from the source code that is open for viewing?
We do place some trust in package maintainers and distro assemblers.
2 Likes
Perhaps i am nieve in that anything on the linux mint site i feel fine about. Same with the repositories that are by default available after installing mint. I take as ready they are good.
If a client comes to me with windows issues no matter what the problem I always look at the anti virus tool, most times its avg, avast or avira, occasionally norton. They all opt for the free versions and almost everytime i find virus issues which I show the clients before cleaning and resetting . Most do not believe they could have a virus as they have so much faith in the AV tool selected as a friend who is an expert says its the best !
1 Like
You’re not naive, these items you mention are the main reason GNU/Linux is so much more secure than Windows.
And you should. If they’re running Windows 10/11 (and need to keep it for some reason), and not using the built-in Microsoft Security suite, you should tell them that for the past several years, Windows Defender has rated with the best of the antimalware suites, free or paid, getting a 9.8 or better rating year after year, and to top it all off, it puts less of a load on the system doing its job that the other suites out there.
Another thing you should teach them is something I identify as Cognitive Security. It involves adopting a healthy skepticism about anything that comes from the Internet, and learning to ALWAYS check the URL of any hyperlink BEFORE clicking it, by comparing the URL (which can be seen by hovering the mouse over it) with the label (on it) to see if they’re similar. For example, if a hyperlink’s label says it goes to Best Buy, the URL should start with https://bestbuy.com/. The URL can contain the path to a specific page following this first part, but the important part is that the first part of a hyperlink’s URL has some relevance/similarity with its label. Additionally, a very big red flag is, when you look at the URL, if it looks like some kind of code/cryptography; like something you can’t make any sense out of, it’s probably taking you to a malicious website.
I suspect you already know all this, and probably more, but these are some of the things I think everyone should be teaching clients/friends, especially the ones who seem to contract viruses over and over again. If they can learn to do that one simple thing (check the URL before clicking) with everything that comes from the Internet (websites AND email messages), they’ll probably stop getting their computers infected, and everyone will be better off for it.
Ernie
1 Like
I do place a lot of trust in them, but then again, I use distributions with a good track record, too. When I check out a newer distribution, I have something of a routine I follow. First, I run the live image to see if I think it’s worth my time. If I think so, I install it into a virtual machine to see if it works well with repeated/ongoing use. Finally, if it seems to fit me better than what I’m currently using as my day-to-day driver (OS/distro), I’ll install it on bare metal, but right now, that’s a very high hurdle, because I really like my Garuda KDE-Lite GNU/Linux 
Ernie
2 Likes
I do try to educate, and those i the things I suggest. BUT the expert down the bar, round the corner, or the papers say …
I really should not complain I have made more money out of windows virus issues than I care to mention, plus done many linux installations when all hope is lost.
When asked for a foolproof solution, dont switch on the computer !
1 Like
When a client tells you that some so-and-so ‘pundit’ says something else, tell the client to ask that ‘pundit’ how many viruses has (s)he had to deal with in the past decade.
I, for one, can say that I’ve had none since the late 1990s, about a quarter-century (and only one in my entire life). I think that makes me something of an expert. If the so-called pundit can say something similar, then what (s)he has to say may be worth evaluating. If not, IMNSHO, that person should be ignored.
That’ll work, but so very impractical
Ernie
2 Likes
Seems to me like the original article is overhyping something that is already somewhat going on. We already have multiple apps for almost any task to choose from, not to mention distros which make different choices as to what they choose by default… I might not want to use a Chinese app (and a person in China might not want to use a US app) for the simple reason of LANGUAGE… I already have enough trouble figuring out the docs on products made in China, why would I want to have a distro in “Chinglish” if there is one available in English…?
After all if a given app / distro is seriously better, it can always be forked / borrowed from by a dev in a different country- isn’t that what Free Software is all about???
ex-Gooserider
3 Likes