Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Developers Agree: Linux More Secure

Posted by michael on from the statistical-games dept.

theblackdeer writes "eWeek has an article up about an Evans Data Corp survey that the majority of Windows developers agree that linux is a more secure OS. "Linux scored high for innate security among respondents, more than two- thirds of whom 'use or target Windows with their code.' Indeed, only 23 percent of the developers were primarily Linux developers.""

18 of 62 comments (clear)

  1. But why would you listen to a Windows developer by Anonymous Coward · · Score: 4, Funny
    Seriously, the people have been programming Windows all their career, and now somehow you ask them for authoritative opinion that requires knowledge of a multitude of platforms.

    What's next?

    Linus Torvalds agrees, VB is pretty cool.

    RMS agrees, Microsoft Visual Studio .NET is the best tool available for J#.NET

    1. Re:But why would you listen to a Windows developer by Monkelectric · · Score: 4, Insightful
      He posts anything that fits his agenda, without even paying lipservice to journalistic integrity.

      shhhhh! He's trying to get noticed by fox news.

      --

      Religion is a gateway psychosis. -- Dave Foley

    2. Re:But why would you listen to a Windows developer by c4ffeine · · Score: 2

      Don't forget, another recent study showed that 95% of all statistics are made up... and that 115% of all studies are BSed because the authors didn't really know what they were talking about

      --
      "73% of quotes on the Internet are made up" -Ben Franklin
  2. Baloney by prostoalex · · Score: 3, Funny
    Put the following in your web server cgi-bin:
    #!/usr/bin/perl

    use CGI;

    my $cgi = new CGI;
    my $input = $cgi->param("userinput");
    system($input);
    and let me know what the URL of your Linux box is.
    1. Re:Baloney by vigilology · · Score: 5, Funny

      Give us the URL of your Microsoft box. You don't need to give us special permissions. We'll make our own.

    2. Re:Baloney by Anonymous Coward · · Score: 2, Funny

      haheheha change ur lunix pasward to hakked an I hak u! proof lunix si insekure!

    3. Re:Baloney by AT · · Score: 2, Informative

      Because it is possible to write an insecure program in Linux, Linux is less secure? What a total non-sequitur.

      It is trivial to write the above program in any language on any platform; that has absolutely nothing to do with an operating system's security.

      What you will notice, though, is that with most Linux/Apache setups, $input will run as user "nobody" or "apache", with very few privileges, so an additional local root exploit would be necessary to do real damage. Unix was designed from the start to allow untrusted users to run programs locally. Its also worth noting that some Windows services can be locked down the same way, but in general, a remote exploit on a Windows box will almost always give you Administrator access.

    4. Re:Baloney by prostoalex · · Score: 2, Informative

      This was intended as humor, perhaps misunderstood by moderators. Of course OS-level security (where you depend on underlying OS code) is different from app-level security (where anyone writing the app can introduce serious holes).

      Once again, wasn't intended as a flamebait.

  3. Yeah but... by curtisk · · Score: 2, Insightful
    "Development experience talks, a higher percentage of Windows developers said Linux is more 'innately secure' than did Linux developers."


    What do they base this perception or opinion on? Actual roll-up-your-sleeves analysis or the "features list" on their distro's box? Its kinda vague.

    --

    Sehr geehrter Toilettenbenutzer!

    1. Re:Yeah but... by PainKilleR-CE · · Score: 2, Insightful

      What do they base this perception or opinion on? Actual roll-up-your-sleeves analysis or the "features list" on their distro's box? Its kinda vague.

      The survey was simply asking about perception, not why that perception existed. More than likely a great deal of that has to do with the number of security patches that have come out for Windows XP over the last year, and the more general press about Linux and security.

      I think the idea that any OS is 'innately secure' is somewhat rediculous, though, as almost anything you put on a network is going to have to be locked down to make it secure. Linux may be more secure by default than Windows, but either one takes good administration to be really secure.

      --
      -PainKilleR-[CE]
    2. Re:Yeah but... by Feztaa · · Score: 3, Funny

      The grass is always greener on the other side of the fence, of course.

      I think most windows developers are just fed up with all of windows' flaws, and when they responded to the poll, they were thinking "whatever 'linux' is, it has to be better than this" :)

  4. What do Windows administrators say? by cfadam · · Score: 3, Interesting

    I don't see how a VB programmer can speak with any authority about the security of servers since that is most likely not their primary job function. I'd rather hear what Windows admins think (preferrably ones who also admin Unix systems).

    I administer a large network of both Windows and Unix server. Yes, I patch my Windows systems more often, but that is because patches are brought to my attention more often (via email as well as released more often _and_ they are easier to apply. Get SMS into the works and patching servers/desktops is even easier.

    I see no reason to apply every security patch Microsoft (or Sun or Red Hat) releases, a large number of them are for apps/services I don't utilize. Not patching them immediately (or ever) doesn't necessarily compromize my security model, nor have I had any issues in the past re: this scheme. Good luck exploiting a hole in WMP on my servers.

    As for which is more secure, its hard to say. That is really up to the administrator. I can make a Windows server more secure than most Linux installs out there.. but nothing is inherently secure.

  5. In other news... by ERJ · · Score: 3, Funny

    In other news, 3/4 of all carpenters polled agree that plastic tubing is better then metal tubing for plumming.

  6. More secure for what? by foooo · · Score: 2, Interesting

    I have often wondered why windows is less secure. Could it be that a larger installed base means more exposure to security issues?? (ie. popularity = more exploits?)

    If that is the case one would assume that if linux grows in popularity it will begin to get exponentially more volume as it's *unskilled* user base grows.

    Is the difference between security merely a product of linux admins being more excellent or more fanatical than windows admins?

    Until someone answers these questions I won't start *blaming* MSFT for bad security. It could simply be inevitable that a popular system has more exploits.

    ~fooo

    1. Re:More secure for what? by Dan+Ost · · Score: 3, Insightful

      I have often wondered why windows is less secure. Could it be that a larger installed base means more exposure to security issues?? (ie. popularity = more exploits?)

      No, the problem with Windows is that just about any exploit allows for the running
      of arbitrary code with full privileges (equivelent to rooting a Linux box).

      With a real OS (Linux, BSD, etc), to get similar privileges, you need both
      a exploit to gain access to a machine and some way of escalating your privilege.
      There has historically been a fraction of exploits that granted root from the
      start, but that fraction has become vanishingly small.

      --

      *sigh* back to work...
  7. Security is not a product. by DjReagan · · Score: 2, Insightful

    When will people realise that security is not about products and operating systems. Security is a process that is ongoing and evolving.

    --
    "When I grow up, I want to be a weirdo"
  8. "Windows developers" by skookum · · Score: 3, Insightful

    This summary, and the article it links to, both seem to paint the picture that there are two distinct sets of developers in the world, those that target Windows and those that target Linux (or other open source platforms). This is just simply misleading, as I don't think it's the case at all.

    First of all, most people who write code for a living have little control over what target OS they are developing for. These things tend to be dictated by the business that the company is in, or their clients, or the decisions of upper management, or historical reasons, etc. Most developers write code for Windows at work because that's where most software development happens, not because that's really their choice.

    And just because you code for Windows at work doesn't mean you don't use Linux or participate in open source development at home or in your free time.

    I guess what I'm getting at here is that I'm not surprised at all that Windows developers thought Linux was more secure, as a lot of them probably have used Linux or use it at home in some form (such as for a firewall.) In other words, you can't just break software people up into "Windows people" and "Linux people" and expect the members of each set to view their target OS as more secure, more stable, etc. People develop software for Windows for lots of reasons -- "it's a day job", "that's what the client demanded", "it's just corporate policy", etc. I guess what I'm saying is that this article doesn't really prove much, other than the fact that a lot of people think Linux is secure, but we knew that much already. Or simply: "Sure I write code for Windows for $DAYJOB, but that doesn't mean I think Windows is secure, and I use FreeBSD for my firewall at home."

  9. how about root pwd? by Xtifr · · Score: 2, Informative

    I'll do better than that. How about the address and root password of a public Linux box. As seen in Linux Journal. Please feel free to log in and play around -- that's what it's there for. (I'm hoping that the fact that this is a second level comment in a not-posted-just-this-second article will help keep the poor box from getting slashdotted.) Sure, it's SELinux, not quite the same as an off-the-shelf RH boxed set, but what does Windows offer that's anywhere near this level of security?