c't Know-how 2024 (eBook)

Myths about Windows and Linux

Windows is insecure and every second version is stupid. Linux, on the other hand, is much more secure, although – or why – it doesn't need updates. And what about gaming and Linux? It's not quite that simple, we'll explain the mistakes.

Jörg Wirtgen

An SSD must be trimmed

It actually has to! But: Windows has been doing this regularly all by itself since Windows 7. Exceptions are extremely rare and then most likely with ancient SATA controllers that do not even know the TRIM command –, i.e. are at least 12, more likely 15 years old. If the operating system, driver and SSD are TRIM-capable, the system remembers whenever data is deleted and informs the SSD of this at intervals of a few days to weeks so that these memory areas are available more quickly for the next write access.

(jss@ct.de)

Windows spies

This myth can neither be fully proven nor completely refuted. However, it does contain several accusations, so it helps to understand what ‘espionage’ actually means.

The fact that Windows collects telemetry data (called ‘diagnostic data’ by Microsoft) is often mistakenly referred to as espionage. In fact, Windows collects a remarkable amount of data, especially if the user does nothing to reduce its collection. With these maximum settings, the diagnostic data can also include document content, images, personal data and the like. However, this is not ‘espionage’ because Microsoft openly announces that it collects this data – and also provides a tool that can be used to view the mountains of data in plain text.

Things get a little more complicated when it comes to the suspicion that Windows could also be spying independently of any telemetry data. For example, it could forward company documents, chat histories, photo collections and so on to Microsoft, any secret services or other questionable institutions. However, any halfway attentive administrator should be able to notice this from excessive network traffic.

There is also the recurring suspicion or fear that Windows is inadvertently or deliberately riddled with security vulnerabilities that are only known to certain intelligence services but have not yet been noticed. These gaps could be exploited for espionage purposes.

Based on the IT security news of the past few years, two things quickly become clear. Firstly: Yes, such security vulnerabilities have existed from time to time in the past and have also caused catastrophic damage. It is therefore not paranoid to assume that this will continue to be the case, but quite obvious. Secondly, the problem is unfortunately not limited to Windows – prominent and relatively recent example: the Pegasus spyware from the Israeli company NSO Group targets Android and iOS.

One example of a Windows vulnerability that is sadly famous is the EternalBlue exploit developed by the NSA. It was not only used by the secret service itself to an unknown extent, but has since been captured and published by the cybercrime group The Shadow Brokers –, which suddenly made the exploit available worldwide. The WannaCry, Petya and NotPetya malware families, for example, were based on EternalBlue.

(jss@ct.de)

You have to defragment your hard disk

Not a myth, but a fact, but irrelevant for SSDs nowadays. Hard disks, on the other hand, achieve better performance if they are defragmented. Data is rarely written to the data carrier in one piece, but rather distributed across blocks that are free and physically nearby. Depending on the file size, free storage space and current fragmentation status, a file may be distributed over three, four or even many thousands of fragments. When reading the file, this reduces performance because a hard disk has to mechanically reposition its read/write head each time.

During defragmentation, files are written to the data carrier in one piece. Windows automatically defragments hard disks once a week, which can be adjusted in the ‘Optimize drives’ tool. (jss@ct.de)

Incorrect entries in the registry slow down Windows

If Windows is running slowly or takes forever to start, the registry is a rather unlikely place for the solution. A more obvious solution is to check the Startup Manager in the Task Manager to see whether unnecessary tools or similar are being started – Simply try switching off one or two entries there. If important functions are missing after a restart, simply reactivate the entry. You can delve deeper into the matter with the ‘Autoruns’ tool from Microsoft's Sysinternals tool set.

‘Cleaning’ or ‘optimizing’ the registry is really a very old trick. It is true that orphaned entries are also called up when the system is started. However, if they point to nothing, Windows simply jumps to the next entry – Even thousands of obsolete entries lead to a delay in the millisecond or even microsecond range at best.

(jss@ct.de)

Linux is more secure than Windows

You can't say that across the board. There are also security vulnerabilities – and serious ones – in Linux. Like Windows, most distributions are intended to be general-purpose operating systems that weigh up security against other factors such as user-friendliness. Modern security concepts such as sandboxes for applications or immutable system kernels can only be found stringently implemented in a few desktop Linuxes, which are currently still rather experimental.

Especially for desktop PCs, Linux still offers a practical security advantage over Windows because it is much less widespread. There is therefore hardly any malware for Linux, simply because it is not a very worthwhile target. This is why virus scanners, for example, are neither necessary nor widespread on Linux. However, Linux users should exercise the usual caution and scepticism when dealing with external data and networks, just like Windows users.

If you really want an operating system trimmed for the best possible security and are willing to accept a few more far-reaching compromises, you should take a look at alternatives. For example, the OpenBSD project places increased emphasis on security. The Qubes OS operating system(c’t 11/2022, p. 94), on the other hand, is based on the Xen hypervisor and uses virtual machines to separate programs and operating system components.

(syt@ct.de)

You can't play on Linux

That was never quite true, there have always been Linux games. But it's true: for many gamers, Linux was nothing for a long time because too many games didn't run at all and many more only ran after extensive fiddling.

However, times have changed considerably, mainly thanks to Valve and its Steam distribution platform. Valve has been relying on Linux for some time and has now managed to get other game manufacturers to follow suit. Valve has achieved a breakthrough for Linux games in particular with its Linux-based gaming handheld, the Steam Deck. Nowadays, many games, including many triple-A titles, run on Linux without any problems. Details on which Linux distributions are particularly recommended for gamers and what you can do if things do get stuck are described in detail in c’t 25/2023.

(syt@ct.de)

The Flatpak package format wastes storage space

Well, not really. Flatpaks live in a sandbox and come with their own dependencies, which is why – they actually require significantly more storage space than conventional packages when viewed individually –. This is noticeable when you install the first small app in flatpack format and gigabytes of data are shoveled onto your computer.

However, this view is unfair in two respects. Firstly, flatpaks deduplicate their dependencies with each other. If two flatpak apps require the same substructure, it is not duplicated on the disk. As a result, the more flatpak apps you use, the more memory is used. The large download at the beginning is the worst case, not the average memory consumption. Secondly, when comparing with conventional packages, their dependencies are not normally taken into account: The Gnome calculator also requires an exorbitant amount of memory if you include the whole Gnome substructure.

The bottom line is that flatpacks take up slightly more storage space than their classic counterparts, but not much more. In return, you get some advantages, including the aforementioned sandbox, which makes the deal very...