Like I said, all targeting servers. Many of which spread using vulnerabilities long since patched (shellshock) or services nobody in their right mind would run on a desktop or expose to the internet (telnet). IOT is a special case and falls squarely in the "terminally lazy" category because manufacturers never ship updates on time.
Pretty much all malware that can infect a GNU/Linux box does so through a vulnerable and/or out of date internet-facing service... Since the vast majority of people don't run those on their desktops, the vast majority of GNU/Linux users have nothing to worry about.
hack3rcon wrote:Thanks, but some software doesn't exist in the official repositories.
Of course. But installing it is very much at your own risk. Be careful which dubious blog post you follow, and make a system backup before you go mucking with important config files, especially /etc/apt/*.
You can't expect the Debian maintainers to maintain, update, or audit software they have no source code for, so you'll just have to trust $corporation instead. In the case of outdated libraries like libssl, it's neither practical nor reasonable to hold up the entire OS just for one piece of uncooperative software.
Personally I suggest you try native alternatives wherever possible. We may not have an open-source Maya, but there is a
lot of good stuff in the repos, and it's all free.
hack3rcon wrote:If Windows OS has more Malware because it has more users.
It does, and it is. But it's also because Microsoft's hopeless installer system and dubious privilege separation has trained users to constantly download random software from random websites, and "run as administrator" or disable UAC as the first step in any troubleshooting.
GNU/Linux has been a multi-user OS from the very beginning, so user-separation and security has always been a priority. UNIX-like systems were running on mainframes with hundreds of users back when Windows still ran on top of DOS with no access controls whatsoever. Hell, they were doing it before windows
existed.
UNIX started the internet, and the vast majority of internet-facing servers today run systems built around the same principles - namely GNU/Linux or BSD. That is at least in part because they're more secure by design.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.