Linux and Windows Security Neck and Neck

← Back to Stories (view on slashdot.org)

Linux and Windows Security Neck and Neck

Posted by Zonk on Thursday July 14, 2005 @04:55AM from the no-losers dept.

Linurati writes "According to vnunet.com, Linux and Windows are neck and neck when it comes to security, but 'misleading figures and surveys are muddying the waters.' The article lays blame on both sides for the misleading information." From the article: "...Microsoft had made real progress on security in the past two years, but that the increasing number of Linux enthusiasts coming into the market would help the open source alternative in the long run."

7 of 512 comments (clear)

Min score:

Reason:

Sort:

I think linux actually has an edge... by yagu · 2005-07-14 04:59 · Score: 5, Informative
I think there are two main factions here, and the answer for what constitutes better security has slightly different context with significantly different results.
1. First, from the article: He added that Microsoft had made real progress on security in the past two years. This is true. But, Microsoft started from an awfully low level of security. And, yes they've done much to automate patches, make updates easier, etc., in my opinion, the one missing piece is they haven't collaborated with the Windows Applications community (Microsoft, itself, and third parties) to figure out the least authorized user problem. So, for the uninitiated, and the lay people, Windows continues to be a world where, out of the box, people set up their boxen with everyone at administrator privelege levels. Heck, most of the times I still go to people's homes and find they don't really even bother to set up separate accounts for users.
  For all of these people their machines are ticking time bombs, and I'm usually the one who gets the call when their world of computer technology explodes. This by itself is reason enough to consider other technologies where by default they are secure. For example, Apple does a good job (not perfect) of making their machines secure... I won't go into great depth -- I'm not a heavy Mac user.
  
  Also, linux by default comes out of the box with decent security. Even if users do try to just use, e.g., KDE an root only, they (as I recall) have to fight off the big red screen background, kind of like the enunciator lights and bells in cars when you don't fasten your seat belts.
  
  So, in the lay community, though Windows carries the popular vote, I think linux out of the box is by far the more secure and safe way to go.
2. On the other hand, many companies have wised up (though not all) to the notion of restricting the default access of their employees, i.e., they do not get administrator priveleges to control their own boxen. This creates a more stable, manageable, and secure environment for companies, but at what cost? Given that by the articles own words, "Engates added that his company manages 13,000 servers, roughly half of which are open source and half Microsoft. He claims to see little difference between the security on either platform.", and given that not having administrator access in Windows can be so problematic because of ill conceived applications (see item 1.) and mismatched access to data, if I could forgo reliance on Windows applications I would choose to deploy as much linux in a company as I could.
1. Re:I think linux actually has an edge... by naelurec · 2005-07-14 07:00 · Score: 4, Informative
  
  And this points at where the problem lies - the users. They're generally lazy and uninformed.
  
  While this might be true .. its not the entire story. The entire story is simple -- there is still a LOT of software out there that simply DOES NOT RUN 100% CORRECTLY OUT OF THE BOX in anything BESIDES an administrative level account.
  
  Even things that SHIP WITH WINDOWS are prone to oversight which tells me one thing (and has been second'ed but not necessarily confirmed on /.) -- Microsoft doesn't believe in restricted access in its development model (read: Microsoft employees all have administrative level access).
  
  So is it any wonder that people DON'T do this? Its one thing to have a slight PITA factor when installing apps (as you can't simply say "hey here is my administrative level password .. install away!") but when you install apps and they may or may not work .. or might load but not work fully (ie write to a restricted part of the registry or file system without checking for success and not providing good error messages on what went wrong).
  
  From my professional experience setting up a "secure" windows environment -- there is a LOT of use of filemon, regmon and other tools to basically guess as to why apps fail and make the environment slightly more insecure so these apps can run (ie provide user write permissions to system registry nodes or certain file system areas)... even then, my success is quite low given the extremely LARGE amount of data that is spewed from these apps (not to mention certain apps that cause the said apps to close so they can't capture the data (piracy checking??))
  
  anyways.. its not even close to a reality. The mindset of programmers, developers, managers and microsoft is still NOT high on restricted user rights security and it is VERY apparent.
  
  Is it better? sure.. but its still not even CLOSE to being as good as on the *nix side even AFTER well over a decade since NT debuted.. fun.
Absolutely zero-calorie article... by kclittle · 2005-07-14 05:06 · Score: 4, Informative

No meaningful data to be found! Some wanna-be techno-journalist getting some middle-level sys admin to talk about his "hunches".
yawn...

--
Generally, bash is superior to python in those environments where python is not installed.
Re:It's all IE's fault by zerocool^ · 2005-07-14 05:23 · Score: 4, Informative

You must really not be in the trenches much. You are way off base. I would say more than 90% of the stuff that I see is from IE problems.

1. Documents with embedded Macro viruses.

Haven't seen one of these in *years*. All office versions since 2000 have made major steps to reduce malicious code in documents, and they were few and far between in the first place.

2. False email attachments

There's been a huge upsurge lately in server side virus scanning for email, and you just don't see a lot of spyware in email.

3. RPC Vulnerabilities

Not really since windows 2000.

4. Buffer overflows on network services (e.g. IIS)

How many XP machines do you see with IIS?

Honestly, though there may be a higher percentage of vulnerabilities in other products, the VAST majority of actual infections happen b/c of IE. No IE, no spyware.

The number 2 cause of infections on end user machines I would say is the "Click here to download and install the RAD SCREENSAVER OF THE MONTH" bug, or the "Click here to get (spyware supported) WEATHER REPORTS, FREE FREE FREE ON YOUR TASKBAR" bug.

--
sig?
Rubbish by reclusivemonkey · 2005-07-14 06:06 · Score: 3, Informative

Look at what's actually happening, from http://www.us-cert.gov/cas/bulletins/SB05-194.html #trends; Top Ten Virus Threats All Win32 Worms. Pick any security site, and look at the top 10 threats. Then tell me which OS is the most secure. We can argue all day about the reasons, the facts speak for themselves.
Re:Advancements in FUD everywhere by tb3 · 2005-07-14 06:31 · Score: 3, Informative

but windows 2003 is pretty rock solid.
Riight. Like this?
Go on, pull the other one. Windows is just as leaky as it's ever been.

--
www.lucernesys.comHorizon: Calendar-based personal finance
Re:Advancements in FUD everywhere by kz45 · 2005-07-14 06:40 · Score: 4, Informative

Riight. Like this?
Go on, pull the other one. Windows is just as leaky as it's ever been.

no, like this

oh, and btw, microsoft offered has had a fix for those issues for at least a week now.