Too Cool For Secure Code?

An anonymous reader writes "Looks like not everyone believes Linux is the monolith of security folks might like us to think. Jon Lasser raises some interesting points in this article over at Security Focus. Though it has to be said, that whilst he focuses on the Linux/Unix side of things, a good proportion of programmers (no matter what they work on) are guilty of similar conceit to some extent."

It's not about conceit

[lavalyn]

It's about default reality.

In Windows, the main user is often Administrator, and all services run either as Administrator or System. In Unix, most of us use a non-root account (though we may have access to root) and most services are run by its own user, like httpd, or nobody. Combine this with default world-write permissions of "allow" in Windows and "0644" in Unix.

This still doesn't mean much for a script kiddie h4x0r with a rootkit ready to go, but damage is at least slightly mitigated.