Windows Developers Agree: Linux More Secure

← Back to Stories (view on slashdot.org)

Windows Developers Agree: Linux More Secure

Posted by michael on Friday October 24, 2003 @04:11AM from the statistical-games dept.

theblackdeer writes "eWeek has an article up about an Evans Data Corp survey that the majority of Windows developers agree that linux is a more secure OS. "Linux scored high for innate security among respondents, more than two- thirds of whom 'use or target Windows with their code.' Indeed, only 23 percent of the developers were primarily Linux developers.""

9 of 62 comments (clear)

But why would you listen to a Windows developer by Anonymous Coward · 2003-10-24 04:13 · Score: 4, Funny

Seriously, the people have been programming Windows all their career, and now somehow you ask them for authoritative opinion that requires knowledge of a multitude of platforms.

What's next?

Linus Torvalds agrees, VB is pretty cool.

RMS agrees, Microsoft Visual Studio .NET is the best tool available for J#.NET
1. Re:But why would you listen to a Windows developer by Monkelectric · 2003-10-24 07:24 · Score: 4, Insightful
  
  He posts anything that fits his agenda, without even paying lipservice to journalistic integrity.
  shhhhh! He's trying to get noticed by fox news.
  
  --
  Religion is a gateway psychosis. -- Dave Foley
Baloney by prostoalex · 2003-10-24 04:20 · Score: 3, Funny

Put the following in your web server cgi-bin:
#!/usr/bin/perl use CGI; my $cgi = new CGI; my $input = $cgi->param("userinput"); system($input);
and let me know what the URL of your Linux box is.
1. Re:Baloney by vigilology · 2003-10-24 04:28 · Score: 5, Funny
  
  Give us the URL of your Microsoft box. You don't need to give us special permissions. We'll make our own.
What do Windows administrators say? by cfadam · 2003-10-24 04:52 · Score: 3, Interesting

I don't see how a VB programmer can speak with any authority about the security of servers since that is most likely not their primary job function. I'd rather hear what Windows admins think (preferrably ones who also admin Unix systems).

I administer a large network of both Windows and Unix server. Yes, I patch my Windows systems more often, but that is because patches are brought to my attention more often (via email as well as released more often _and_ they are easier to apply. Get SMS into the works and patching servers/desktops is even easier.

I see no reason to apply every security patch Microsoft (or Sun or Red Hat) releases, a large number of them are for apps/services I don't utilize. Not patching them immediately (or ever) doesn't necessarily compromize my security model, nor have I had any issues in the past re: this scheme. Good luck exploiting a hole in WMP on my servers.

As for which is more secure, its hard to say. That is really up to the administrator. I can make a Windows server more secure than most Linux installs out there.. but nothing is inherently secure.
In other news... by ERJ · 2003-10-24 05:16 · Score: 3, Funny

In other news, 3/4 of all carpenters polled agree that plastic tubing is better then metal tubing for plumming.
Re:Yeah but... by Feztaa · 2003-10-24 07:06 · Score: 3, Funny

The grass is always greener on the other side of the fence, of course.

I think most windows developers are just fed up with all of windows' flaws, and when they responded to the poll, they were thinking "whatever 'linux' is, it has to be better than this" :)
Re:More secure for what? by Dan+Ost · 2003-10-24 07:10 · Score: 3, Insightful

I have often wondered why windows is less secure. Could it be that a larger installed base means more exposure to security issues?? (ie. popularity = more exploits?)

No, the problem with Windows is that just about any exploit allows for the running
of arbitrary code with full privileges (equivelent to rooting a Linux box).

With a real OS (Linux, BSD, etc), to get similar privileges, you need both
a exploit to gain access to a machine and some way of escalating your privilege.
There has historically been a fraction of exploits that granted root from the
start, but that fraction has become vanishingly small.

--

*sigh* back to work...
"Windows developers" by skookum · 2003-10-24 08:45 · Score: 3, Insightful

This summary, and the article it links to, both seem to paint the picture that there are two distinct sets of developers in the world, those that target Windows and those that target Linux (or other open source platforms). This is just simply misleading, as I don't think it's the case at all.

First of all, most people who write code for a living have little control over what target OS they are developing for. These things tend to be dictated by the business that the company is in, or their clients, or the decisions of upper management, or historical reasons, etc. Most developers write code for Windows at work because that's where most software development happens, not because that's really their choice.

And just because you code for Windows at work doesn't mean you don't use Linux or participate in open source development at home or in your free time.

I guess what I'm getting at here is that I'm not surprised at all that Windows developers thought Linux was more secure, as a lot of them probably have used Linux or use it at home in some form (such as for a firewall.) In other words, you can't just break software people up into "Windows people" and "Linux people" and expect the members of each set to view their target OS as more secure, more stable, etc. People develop software for Windows for lots of reasons -- "it's a day job", "that's what the client demanded", "it's just corporate policy", etc. I guess what I'm saying is that this article doesn't really prove much, other than the fact that a lot of people think Linux is secure, but we knew that much already. Or simply: "Sure I write code for Windows for $DAYJOB, but that doesn't mean I think Windows is secure, and I use FreeBSD for my firewall at home."