1070
submitted 7 months ago* (last edited 7 months ago) by ForgottenFlux@lemmy.world to c/technology@lemmy.world

Schleswig-Holstein, Germany's most northern state, is starting its switch from Microsoft Office to LibreOffice, and is planning to move from Windows to Linux on the 30,000 PCs it uses for local government functions.

Concerns over data security are also front and center in the Minister-President's statement, especially data that may make its way to other countries. Back in 2021, when the transition plans were first being drawn up, the hardware requirements for Windows 11 were also mentioned as a reason to move away from Microsoft.

Saunders noted that "the reasons for switching to Linux and LibreOffice are different today. Back when LiMux started, it was mostly seen as a way to save money. Now the focus is far more on data protection, privacy and security. Consider that the European Data Protection Supervisor (EDPS) recently found that the European Commission's use of Microsoft 365 breaches data protection law for EU institutions and bodies."

you are viewing a single comment's thread
view the rest of the comments
[-] shortwavesurfer@monero.town 11 points 7 months ago

Good. This makes them less vulnerable to the malware that Windows innately is.

[-] naticus@lemmy.world 2 points 7 months ago

I wouldn't say that Windows is malware itself, but rather it wasn't created with a security-first stance, which we absolutely need for all OSes going forward. I say this as someone who ditched Windows as my DD ("I use Arch, btw"). I left Windows more for their policies and subscription models that are becoming increasingly anti-consumer.

With that said, let's not pretend that Linux is immune as has been proven in the past week with xz and liblzma being compromised. Yes, it took 3 years to get to the point their long game paid off, but it still happened through a series of credibility social engineering steps by a single person. (Yes I know others were also trying to do exactly this, but only Jia Tan was successful)

[-] 0x0@programming.dev 9 points 7 months ago

(Yes I know others were also trying to do exactly this, but only Jia Tan was successful)

The reason you know is because the target software is FOSS. Care to bet other similar schemes have been successfully pulled off with proprietary software?

[-] baseless_discourse@mander.xyz 2 points 7 months ago* (last edited 7 months ago)

There are so many surveillance built into proprietary software, countries like U.S. probably can just ask for any information from Apple, Google, Facebook, Microsoft.

On the other hand, countries like China and Russia would probably need to compromise these product like Jia Tan did. Except for Apple, because every apple service in China is maintained by a Chinese company with no encryption allowed.

[-] Blaster_M@lemmy.world 2 points 7 months ago

You only know this happened because one dev was benchmarking their system and noticed a 0.5s anomaly in resource usage, and was able to track it down to this. For every one of these that are caught, there are countless more that slip past.

[-] Cataphract@lemmy.ml 2 points 7 months ago

I actually look at it a completely different way. There are so many users optimizing and digging into the core of open source versus proprietary that with so many randoms actions there's less "vulnerable" dark spots available. If we think there's a limitless X amount of vulnerabilities (since we don't know the true ceiling limit), open source will always be "X (vulnerabilities) - 1" compared to proprietary. Completely a math metaphor but gets the point across, It's a path that lessens the impact which we should be striving for over profit/monopoly motives.

[-] shortwavesurfer@monero.town 5 points 7 months ago

Of course, there can be malware for open-source systems such as Linux, but it's generally caught and patched a lot faster.

[-] BearOfaTime@lemm.ee -4 points 7 months ago* (last edited 7 months ago)

In the enterprise space, Windows isn't an issue at all.

This is because enterprise manages security properly - layered, minimum perms to perform a task, etc.

Windows laptops have been tightly locked down since the early 2000's, including USB ports.

I've never seen a virus or malware on a machine in enterprise, and if it were to occur, the most it can damage is the local machine, as network shares are minimal (most data is kept in databases), the shares with write access are limited to small user groups, etc.

Users simply lack permissions to change stuff, so malware lacks it too.

[-] Black616Angel@discuss.tchncs.de 5 points 7 months ago

Have you been near some sort of news in the last years? Corporations using windows get hacked regularly and they are far off from having everything in a database somewhere. You have no fucking clue. What you are describing is the dream of corporate security newbies, but no big corporation let alone some state government is anywhere close to that.

They have massive shares, where all the people can read and overwrite everything, they open all attachments directly on their machine and click away all warnings without reading them. (Who needs USB if you can mail malware directly?)

This is hell and in Germany dozens of smaller or bigger government networks were hacked and massive amounts of data encrypted last year alone.

[-] naticus@lemmy.world 2 points 7 months ago

I can from personal experience that there is a huge push to get much more secure in the local government space in the US, including adhering to NIST 800-53, and be audited on it. It's not foolproof, but it's a much needed step forward towards preventing big events becoming breaches. But if they are a breach they'll be lower impact. It's painful to get there, but I've been involved heavily in the conversion in policies and procedures to get there.

[-] Buelldozer@lemmy.today 5 points 7 months ago

This is because enterprise manages security properly - layered, minimum perms to perform a task, etc.

Apparently Microsoft itself isn't Enterprise?

I’ve never seen a virus or malware on a machine in enterprise...

Change Healthcare - https://www.msn.com/en-us/money/companies/change-healthcare-hack-what-you-need-to-know/ar-BB1kvg2t

MGM Grand - https://www.cnn.com/2023/10/05/business/mgm-100-million-hit-data-breach/index.html

HP Enterprise - https://apnews.com/article/russian-hackers-hewlett-packard-enterprise-microsoft-sec-breach-cozy-bear-d4e88ded0a47d010216e11f41132f72c

Here's 12 more - https://www.kaspersky.com/blog/ransowmare-attacks-in-2023/50634/

Users simply lack permissions to change stuff, so malware lacks it too.

Oh something is lacking in your world and I'm not talking about permissions.

this post was submitted on 05 Apr 2024
1070 points (97.8% liked)

Technology

59672 readers
3283 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS