Linux is more secure than windows

>linux is more secure than windows
>accepts all incoming connections by default

>iptables

>30 second response time
Freetards sure are working hard today. It doesn't matter if it HAS iptables when it by default allows literally any Pajeet, Ching Chong or Vladimir in the world to hack you without any effort and add your computer to their botnet

Pounce off win shillings.

System services need to be enabled, you are working with outdated material, you buffoon.

>botnet
>implicitly implying a network of compromised windows machines.

>accepts all incoming connections by default
that's perfectly sane. if you have no service listening bound to that socket, it will do nothing. if you do have some service bound to it, you'll want to accept that connection, otherwise the service would be useless. for local-only services, bind to localhost.

By what means? Can he guess my 20-character mixed password to connect over SSH?

>allowing password-based ssh auth

>password
>SSH
shake my head to be honest familia

Why would I have SSH sever installed and running on my system in the first place?

the better question is: why haven't you learned about keypairs yet?

>keypair on a freshly installed noobuntu/debian system
not sure if trolling or just too intelligent

Not to mention how shit linux is when you don't want some programs to access the internet, like shit you run in Wine, for instance

Windows:
>use built in firewall to allow/block stuff with a couple clicks
or
>install tinywall for ultimate easymode

Linux:
>no way to block individual programs, only convoluted shitty ways of doing so (like creating groups with their own iptables configs and running programs throuhg a script that launches them under that group so that it can't go online)
>have to block ports and IPs instead, which means you first have to find out which ports it's using and where it's connecting lol
>no way to whitelist stuff you want and blocking everything else, like if you use two internet browsers and you want one to not connect unless you let it, there's no way to do that, the only way is to unblock relevant ports, it's all or nothing, fuck you
>literally have to spend time reading man pages to block a range of ports or IPs

>first boot
not a problem if you have kvm over ip access (you usually do for vps and good dedis)
if you don't, you do a password login once, push your pubkey, disable password auth and never re-enable it.

I know this thread is bait but this has fucking legitimately bothered me. Why doesn't Linux have an application firewall?

>Why doesn't Linux have an application firewall?
keeping the attack vector as small as possible. running more services = exposing more vulnerabilities.

>shit you run in Wine
if it's code i don't trust, i won't run it in wine. VMs are fast enough.

>malicious Windows application designed to attack Linux systems when running in Wine.
Did it ever happen?

Bullshit. Network namespaces exist for a reason. Literally 2 commands:
firejail --net=blockit firefox
ufw deny outgoing on blockit

blockit is a random name for a new network namespace. Firefox is the program you're going to run. Firejail is just one of implementations capable of easy utilization of network namespace interface. You can substitute firejail with whatever you want. (Tip: most distros use systemd which has system-nswpawn)

>malicious Windows application designed to leak data / phone home
this happens. a lot.

Actually, you can even just run
firejail --net=none firefox
Remember, it is not firejail feature. It is kernel feature. Network namespaces.

Thanks user, I didn't know that

>using Windows applications with networking capabilities
Like you were asking for it

>no services by default tho
>meanwhile windows has all that netbios cancer
>meanwhile windows' firewall is full of 0-days
Quality shitpost.
(you)/10