Linux / any OS that is much less prone to ransomware / malware than Windows

Is RHEL or any specific OS that allows us to browse Internet and yet
highly not prone to ransomware & malware

Wanted to use it as 'jumphost' for browsing Internet
Who is Participating?
Rich RumbleConnect With a Mentor Security SamuraiCommented:
It all depends on who you ask, but Linux has been had security built-in for much longer than windows in the way it's been architected. ASLR (since 2001 in linux), DEP (2001), as well as many other features that have been part of the kernel for a long time. The main problem is with windows is it's monoculture, read:
Linux has some severe flaws, most recently HeartBleed, "ShellShock", Glibc - These bugs were very bad, and again there are going to be more. No one is looking as hard at linux as they are windows from a criminal aspect. FireEye themselves has some issues, and they run linux :) 
(there are more)
There are a lot of AV's that work on Linux, Symantec, Kaspersky, McAfee, ClamAV, Sophos, and many others.
If you run as a non-admin on windows, have EMET installed and keep patched, your doing better than most organizations that I encounter :)
John HurstBusiness Consultant (Owner)Commented:
NO. You get ransomware by opening strange emails. You can do that on Windows. MAC or Linux. If the payload will not open on your machine, you may escape it, but crooks are getting wise to that as well.
btanExec ConsultantCommented:
Not really going to be bulletproof for the jumphost (for Linux there is "Linux" crypto-ransomware) as they are also the key target for attacker to bridge across network and application - If I will to see it most jumphost is mainly serving as a privileged access controller or web proxy into internet (or untrusted zone) which is why further more, it needs to be better managed, monitor and assess the necessary measures to make it "less attackable" - in fact it is most vulnerable point in the security design. Consider below for the "jumphost"
a) Hardening it with unnecessary service and account disabled or removed (reduce exposure)
b) Least privileged principle and adopt minimal remote admin and all remote access is via 2FA
c) Application whitelisting and anti- malware is still preferred as part of the system HIPS
d) Monitor the jumphost as part of the central OPS managing the SIEMS collecting all log within architectures

For info on the Lynis scanner -

You may consider anti-ransomware technique that include setting up deception traps (see TrapX's CryptoTrap -, better to engage them if interested as not sure if it support Linux/Unix system)
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

rindiConnect With a Mentor Commented:
It is mainly user incompetence that makes a system more prone to attack and not the OS.

But Linux does have less malware that will execute on it, particularly because it isn't used as much by the normal user, so it also isn't targeted as much.

But for example, Android is the most common OS used by smart-phones, and it is based on Linux kernels. Malware that runs on Android is pretty common.

One thing though which speaks heavily for linux, is that most distributions exist as Live-Media, which means you can download the iso, burn it to DVD, and then boot the PC from that DVD any you will have a fully running Linux environment, without having installed the OS. Live Media is read only, that means nothing is saved to the DVD after a reboot, so your OS won't get infected. But data can still be written to any internal HD of your PC, or attached storage, or to the LAN provided your LAN is insecure and can be used without logon. But with LiveMedia this is unlikely.

I suggest you use MakuluLinux LinDoz 11, which is very easy to use and comes as LiveMedia:
btanConnect With a Mentor Exec ConsultantCommented:
Building on segregate to a number of jumphost such that group of key users or ops systems maybe via a different jumphost compared to the general mass users surfing.

Keeping jumphost as clean slate is another area to invest in. If you deem as long term and for seek of compliance and assurance together with continuous oversight, you may consider Deepfreeze for servers. Mainly for Windows.

For info on an open source software called OFRIS that does sort of "deepfreezing"
An open source application that can freeze your Linux, it is like Deep Freeze in Microsoft Windows operating system. So, you can lock your system by using this application. Feel free and open with this application.

See also Deep Freeze-like application for Ubuntu alternative solution
Lethe is a Deep Freeze-like partition freezing software for Debian GNU/Linux and Lihuen GNU/Linux (May work on other Debian-based GNU/Linux distributions). Lethe makes the partitions behave like a Live CD: all changes made on the file system will not be saved on the disk but in RAM and when the system restarts, all the content saved in the previous session is "forgotten" and lost and the disk / partitions are restored to their original state.

You may even consider this jumphost as an AWS instance which is running as a "service"  gateway for your Web hosting secured with VPN channel btw your premise and AWS. Create the VPS for this instance and restrict the network flow to Internet and does content filter etc.
Rich RumbleSecurity SamuraiCommented:
Kinda sorta... It's not that one OS is really more secure than another, and it's not user incompetance necessarily. It's that M$ is a wide target, and your odds are better when your have 100 windows users to 1 linux/mac user ratio. Java viri and malware work on all OS's, and while that may take a bit more effort for some, for others it's easy.
Your better off in linux in that most expolits are targeted for windows, but it's not that it's more or less secure. It's what most people know, and attackers are also getting better at every part of exploiting, it's not just spam and wait to see - Now you make the emails more beliveable, or use malicious Ad's, Search Engine Optimization... and the tools to help you do that are easy to come by, esp for windows. Previous to windows 7 I'd say windows was less secure, by default you were an administrator, but windows 7 (and vista tried) you were not admin by default. Linux and others have this pricipal of least priv too, you don't check your email as root or use a browser as root, or view a pdf as root, if you do, your no better than windows.
John HurstBusiness Consultant (Owner)Commented:
I agree with a majority of what you said, but I do not open strange emails (most of them get trapped by my spam filter) and I do not get any ransomware. I would not switch operating systems because I am careful and do not have any issues.
sunhuxAuthor Commented:
Actually Fireeye told me Windows has a lot more malwares & exploits compared to Linux.

THing is if I use a Linux as this 'reverse jumphost', there is very little realtime/on-access
AV for Linux or does McAfee has one?  We use McAfee
btanConnect With a Mentor Exec ConsultantCommented:
Windows has a large pool of user and no surprise FE will say that. It is already known fact Win platform is an easy target. Being another OS such as Linux does not mean attack surface is reduced, targeted attack will still penetrate and bypass it - hardening in any platform is the baseline and should be at continuous monitoring and response on alert and suspicious events.

McAfee AV  for Linux
Supported Distributions for 32-bit Platforms/64-bit Platforms
◾Red Hat Enterprise 5, 6, and 7
◾SuSE Linux Enterprise Server/Desktop 10, 11, and 12
◾Novell Open Enterprise Server 2 and 11
◾Ubuntu 12.04, 12.10, 13.04, 13.10, 14.04, and 14.10
◾CentOS 5, 6, and 7
◾Oracle Linux 5, 6, and 7 (Both Red Hat compatible and Unbreakable Enterprise Kernel)
◾Amazon Linux 3.2 Kernels and above
◾Support for public cloud such as Amazon EC2
◾Supports para-virtualization
John HurstBusiness Consultant (Owner)Commented:
People attack the biggest targets - that is true, but (for the most part) it is the user that invites viruses in and switching operating systems won't change that.

To put it another way, change operating systems if you wish, but you are not safer because you to.
btanConnect With a Mentor Exec ConsultantCommented:
I do advocate EMET as well and even that can be centrally managed at GPO level (

Event then, the whole gist is not about OS type but is to secure by default and be aware there is no silver bullet and move ahead to employ layer (not duplicate like multi-AV) of defence as deterrence to the targeted attacks. Key is to also consider not to unnecessarily burden the system into being incapable to maintain optimal operational readiness as the "defences" impact the system with slow performance and high resource req (like memory etc). there should be consideration for DDoS protection against that single point of failure too..
John HurstConnect With a Mentor Business Consultant (Owner)Commented:
EMET still works, but in Windows 10, many of the EMET functions are being built into Windows 10.
madunixChief Information Security Officer Commented:
Antivirus on linux ..... NO its not required!
If you need  anti-virus use ClamAV from but is not distributed or supported by Red Hat. Red Hat provides a high level of security  in OS/packages. They are updated in a way which keeps potential risk to a minimum.
btanExec ConsultantCommented:
in any case of OS platform, patches need to be timely patched and that is important as compared to having to hassle with AV signature update if we are to prevent targeted malware. If you are talking about zero day vulnerability none of the AV or OS patch will be available to stop the penetration. You should adopt the defense in depth and reduce your attack footprint and exposure.
tliottaConnect With a Mentor Commented:
I'm only aware of two ransomwares that Linux is currently susceptible to. Both of them apparently target Linux web servers.

First is Linux.Encoder.1. Only around since maybe Nov 2015, it is an encryption-style ransomware; but its encryption schemes have already been cracked three times. It apparently exploits a Magento (shopping cart) vulnerability to get itself installed. Though Magento has long since been patched, any number of small sites still haven't applied the fix.

Second is FairWare Ransomware, which has really only been seen in the past few weeks. I think that its current attack vector has been been uncovered -- some hacked Redis servers. It seems to be more of a scam than actual ransomware. It claims that some of the server's web or data folders have been moved to a remote server location and that a 2-Bitcoin ransom must be paid to get them back. As far as is known, though, the folders have simply been deleted and not stored elsewhere, so there is no "recovery" via ransom.
btanExec ConsultantCommented:
There are also POC instance of Linux such as BashCrypt and open source, so it not hard to leverage on this to further exploit the platform. It is that is modeled after CryptoWall 3.0/4.0
All Courses

From novice to tech pro — start learning today.