Slashdot Mirror
Linux and Windows Security Neck and Neck
Linurati writes "According to vnunet.com, Linux and Windows are neck and neck when it comes to security, but 'misleading figures and surveys are muddying the waters.' The article lays blame on both sides for the misleading information." From the article: "...Microsoft had made real progress on security in the past two years, but that the increasing number of Linux enthusiasts coming into the market would help the open source alternative in the long run."
Security in Windows itself had definately improved over the last few years. But almost all of the current and recent vulnerabilities have somehow been related to IE.
Not using IE and using Firefox instead almost completely secures an up-to-date Windows box. Get rid of IE, get rid of 90% of Windows' security problems.
Maybe for servers, but not home users. When was the last time you saw a home Linux machine 0wn3d?
(Granted, most people who use Linux at home are knowledgeable enough to keep even a Windows machine safe.)
"the increasing number of Linux enthusiasts coming into the market would help the open source alternative in the long run."
I'd say this is precisely the other way around. More users equals bigger target and more potential fuck-ups.
But I agree with the parent -- advanced psychology-based FUD is a growing science.
When are we going to see an independently funded research studies that will, without bias, give us realistic statistics that will benefit intelligent buying decisions for the general public when debating over classic "windows v linux" implementation?
They are taking security vuln's for redhat EL 3, or suse 9.1, and comparing them to MS Windows. That is not fair. Now if they compared them to Windows, Office, sharepoint, IIS, Office, Project, all Microsoft games, SQL server, etc.. then it would probably be a little more fair. Linux DISTRIBUTIONS are a little more than an OPERATING SYSTEM.
What are we going to do tonight Brain?
Sex with someone with horable burning VD is just as safe as sex with someone ho doesn't have VD... as long as you apply a symantec branded condom and use critical update cream liberally.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
Where are the proactive security systems for Windows? Sure, Windows by default has a fairly rigorous ACL system by default (at least in comparison to classical Linux ACL's), but trying to measure the security of a system solely on how many exploitable bugs it has is just a poor measurement method. With projects like SELinux, GRSecurity, Pax, different implementations of active bounds checkers as well as stack smashers, and good implementations like Hardened Gentoo (Debian has a hardened project but I havn't tried it) I don't particularly see how Windows has a chance in hell.
I don't know of any person with a Windows box who will hand out an admin account, but there are Gentoo Hardened devs who hand out root on their SELinux test rigs. Why? Because the system is secure enough to hand out root.
...Microsoft had made real progress on security in the past two years..."
:
Yeah, thats real believable considering Microsoft is holding hands with Claria...
--
Check out the Uncyclopedia.org
The only wiki source for politically incorrect non-information about things like Kitten Huffing and Pong! the Movie !
Please allow me to hate the creator of the 120-character limit: *HATES*. Thank you.
I hate these studies. Saying Linux isn't secure is like saying that fruit isn't red... it depends on what you're looking at. Are we talking about kernels? GNU tools? Common server software?
More importantly, which distribution? Windows comes with f*cking notepad and Solitaire. Linux distributions typically come with an order of magnitude more applications.
I'm on the Gentoo Security Mailing List. I get a few messages each day about vulnerabilities in software. Is each of these a ding on Linux? No, certainly not... it's a piece of software that happens to be available via portage.
If they want to be fair, then every ding on every Windows application counts against Windows.
More importantly, why the hell does every one of these boneheaded articles make it on the front page of Slashdot? Just helps spread the FUD.
The figures mentioneed by the hosting company seem to indicate that the discussion is focused on Windows security on the server side, where it is fairly true that Windows can be about as secure as Linux when both are competently managed. In both cases, there will be someone who knows about the systems taking care of them and ensuring that they're properly patched, firewalled, etc. I personally find managing Linux boxes easier, but Windows can be kept secure as a server.
Where Windows still falls down security-wise is on the desktop, where the combination of a vulnerable browser/Office Suite along with the fact that the de facto standard way for desktop users to set up their accounts is with administrator priviledges. That turns what would be a non-existant threat on the server (you shouldn't be doing general surfing or office work on a server) into a major issue. Microsoft has made feeble attempts to encourage users and developers to use limited accounts, but the fact remains that reconfiguring poorly written software to work in a limited account is a major headache that the average desktop user is not willing to put up with.
Microsoft also falls behind [most] Linux systems in that the majority of the software on a Linux box can typically be updated from a single tool (apt-get, yast, urpmi et al) while Windows Update only covers the core OS. Microsoft does have a better system in the works, but that will still only cover MS software.
Windows continues to be a world where, out of the box, people set up their boxen with everyone at administrator privelege levels.
And this points at where the problem lies - the users. They're generally lazy and uninformed. Even if they CAN set up more secure ways of doing things, they're not likely to actually do it if A) they aren't sure what they're doing and B) it will cause their computer-using experience to be more complex.
Even that isn't the main issue, though. Major problems come with the fact that users don't know what they're supposed to and what they're not supposed to run. Trojans are able to affect any system so long as the users aren't informed. Actual informed users can run administrator accounts on Windows with no problems whatsoever (I have for years without worms/viruses/adware/spyware/etc), however dumb users can still mess ANYTHING up if they're given permission to install/run programs.
The whole "windows gets infected more because more people are targeting it" argument doesn't hold up - otherwise, apache would have more security problems than IIS.
feh. stuff.
If you spend any time at Secunia, you will find all of the leading Operating Systems listed.
One of the things you will notice, is that not all Operating Systems are created equally.
Windows XP is here
http://secunia.com/product/22/
and Redhat 9 is here
http://secunia.com/product/1343/
With the biggest difference being in HOW CRITICAL THE SECURITY DEFECTS ARE and HOW MANY ARE STILL UNPATCHED
Funny, that...
Windows and Linux neck and neck? Not according to these numbers.
--E--
The best edge I can see for Linux is SELinux and better support for it. Role based access and strong policy can make a real difference in security - it's the next layer on from the multiuser privilege separation that exists now (and is insufficient).
/home/Music which has restricted access. Would you like to grant software X access to write to this folder in the future? [Do not Grant Access] [Grant Access]"
As other people have pointed out in replies, a non-root user can still hose the part of their system that counts: all their data. But let's imagine a nice future with SELinux or equivalent systems in place, good base policies, and good tools for maintaining them. You could, for instance, set up a "Music" folder under the users home directory, and by default only CD Rippers, encoders have write access to that folder. If you (or a virus, or malware) try to use a program to write to that folder a little dialog pops up saying something like
"Software X has tried to write to
Rinse and repeat the same scenario for email, documents etc. Sure some folder will have pretty loose defaults (granting access to most everything currently on the system) but that still stops a reasonable amount of malware which will be new to the system.
Will this stop viruses trashing machines? Nope, I'm sure some users will grant access to malware to trash their system, and I'm sure there will still be people stupid enough to be socially engineered into doing other stupid things to break the system. Nothing is foolproof. It does, however, add a really significant layer of protection to the system in the same way that having files as only writable by root adds some protection.
SELinux is a huge step forward, and we ought to be doing more to take advantage of it and make it easy to use.
Jedidiah.
Craft Beer Programming T-shirts
The problem is that, with Linux, you sacrifice ALOT of functionality. I mean, in any household, there are alot of things you'll need to do on the computer -- play games, run various kinds of IM and chat applications, run little diddly screensavers that people send you, sort and organize your pictures and movies.
Getting Linux to anywhere NEAR the level of functionality that a Windows box can provide is an exersize in pain and frustration. To expect that any given person will prefer to use Linux is silly in the extreme.
The problem is that people in the OSS community still insist on tailoring the Linux Desktop for that hypothetical, yet non-existant, user that only uses a web browser, a shitty office suite and only wants a few half-functional IM clients. Oh yeah, and doesn't play games.
Oh yeah, PS.
DUMBLEDORE DIES! KILLED BY SNAPE! SNAPE IS THE HALF-BLOOD PRINCE!
Actually, I agree with that one. Did you see Natalie Portman in III? Yeeuck!
I'll take the cast of Serenity for the new female sci-fi hotness, thanks. Natalie Portman is (well... still kinda young) and busted.
Information wants to be anthropomorphized.
A friend's machine is full of spyware. Common users have no knowledge of ad-aware, so what's the point of having your windows "updated" automatically, when you haven't cleaned up the spyware in the first place?
OH, and with the new SP2, you _HAVE_ to connect to the internet to activate your product, so that makes windows CD's either crippled (you can't connect w/o activating, and you can't activate w/o connecting first) or insecure by default. And I bet most of the people haven't gone to the stores to replace their WinXP SP1 CD with SP2.
The *current* build of XP might be more secure, but in general, the whole policies stuff is making that security COMPLETELY USELESS.
A good measure of windows security I'd suggest:
* Percentage of Linux machines in the world infected with spyware? 0.
* Percentage of Windows machines in the world infected with spyware? 80, maybe more.
So which OS is more secure, huh?
Tough call, but I think reversing the order would have increased the list's effectiveness. Just an idea. Good psossost btw.
windows is not secure by default for a typical end user that doesn't know much about security there is no argument
t his-thing home theater setup.
/. Linux heads consistently rail against, right after they finish their rant about how the only reason Linux isn't succeeding on the desktop is because Microsoft is somehow holding them down.
And these same clueless end users are supposed to love the easy-to-use, totally intuitive, absolutely-not-cryptic Unix way of doing things so much that, if everyone would just adopt Linux, security would take care of itself.
Is it just me or does anyone else see the silliness of the above argument? Windows is not the problem with security any more than Linux. What's lacking here is something that's easy to use and flexible/powerful and secure. What we want is something with the simple user interface of a television (on/off, channel, volume, and that's about it) but we want the functionality of an I-need-eight-remotes-and-an-AV-consultant-to-run-
Personally, I think this form of contradictory nirvana simply cannot exist. If you make Linux easier to use and more accessible to the general public, it must lose either some of its security lustre, some of its flexibility, or some of both. Yet this very thing that would allow Linux to reach the mass market is what the uber-Geek
Folks, the weak link here is the human, not the software.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
The head honcho of Lindows made a good point in an interview a while back. What practical security advantages are there for the average desktop user - who is the only person using his PC - to run as his own user account instead of root? If the user account is exploited by a trojan or whatever, isn't that almost as bad as rooting the whole box? Can't a cracked user account still be used to send spam, or DDOS attacks, or get the user's credit card information? All the traditional things that are restricted to root, like running services on ports 1024 or accessing another user's files, are pretty much irrelevant in the world of the single-user desktop.
I think it is a mistake to assume that 'decent security' means 'not running as root'. Even as an ordinary user account you still have a great deal of power and access to sensitive files (namely, your own personal data). Running with true least-privilege-necessary would involve a lot more than a user account; for example, I'd like to see all applications start up in a chroot jail by default, with access only to files from their own package and those the user has chosen to load into that application. (The GUI shell would need to run with more permissions than the applications, and take care of starting an app and arranging its access to certain files.)
The main reason to restrict user's access to non-root accounts is administrative. You can stop them breaking their own machine. On a corporate network you certainly want to control the configuration, and you may have inherently insecure network services like NFS which depend on trusting the client.
-- Ed Avis ed@membled.com
Like most "debates", those who best frame the discussion for their own purposes will "seem" to be winning.
Realisticly, it's not just the number of vulnerablities that an operating system or program has, but also how the creator deals with them. There will always be bugs, and we should thus judge software creators not only by how few bugs they have, but also by how quickly they respond to bugs.
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
Just thinking, is it really that the Linux OS is more secure or is it that the % of knowledgeable users using windows is lower the % of knowledgeable users using Linux?
IMO Most of "Windows" issues are users: downloading this screen saver, installing that searchbar - running that "Funny" email attachment - Linux users tend to not do stupid stuff like clicking on the "Click here to scan your system!" links....
Bottom line - windows is for the Masses - MS tries to make it user friendly and idiot proof, but I guess they keep coming up with better idiots.
The article reads like this:
Well, I think that Windows security has improved.
There are so many opionions out there, that it's hard to tell what the truth is.
I think that Linux still offers slightly more security.
Microsoft's patches are better...
I think.
It sounds to me like somebody just expressing an opinion that they have. This really isn't news at all, and doesn't even offer any insightful information.
Linux/Open Source/Anti Microsoft News
No, I haven't RTFA, and I don't need to. The claim that Windows and Linux are equal with regards to security doesn't even deserve laughter. A person only needs to use Windows XP online for a few hours, and then compare it with virtually any other Linux distribution available in order to see how this claim is a complete lie.
It's a testament to the complete amorality of many analytical companies that they would even attempt to make a claim like this. Vnunet are obviously completely devoid of any kind of professional integrity, and as such, their analysis can only be considered utterly worthless. Unfortunately however, vnunet are not the only company willing to make such claims. These companies believe that they need to rely on Microsoft's monopoly for their livelihood, and so are willing to go to truly amazing lengths to try to maintain the perception that Microsoft are still on top, despite enormous evidence to the contrary.
I think one reason for the perceived vulnerability (it still is very vunerable) of windows is that it is so prevalent. If the situation was reversed, and linux was the mainstream and windows was not, who do you think would get more hacks and viruses? Linux of course. Because black hat hackers like causing mischeif, and same with virus coders. Are you going to code a virus for a minor operating system, or a major one? A Major one of course, because you can do the most damage that way!
I love to slaughter the english language.
Average user is too dumb to add execute permission to something.
Oh really? Is the average user too dumb to follow this simple email below?
----------------
"Hello there. We have attempted to process your payment but there appears to be a problem with your account. We've attached a brief presentation to this email explaining how to rectify these problems with your account so payment can proceed in a timely manner.
Please save the file to your hard drive and execute it from the command line. If you have problems executing it, please type "chmod +x filename.sh" and then execute it.
Thank you for your time and atention in this matter, and we appreciate your business."
Attached file: filename.sh
This file has been certified virus free by McAffee Anti-Virus Scanner.
--------------------
Now, if you think the above scenario wouldn't happen by the millions, you're smoking some particularly good weed there, bub. This is how phishers get into things and they're very successful at it. What you're failing to grasp here is that the user doesn't need to know how to perform the operation. They only need to be gullible enough to follow instructions. Unfortunately, the more gullible they are, the less likely they are to recognize the threat such an email would pose to their system.
Gullibility is not something restricted to Windows users.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
If you go to Secundia and check their ratings of, for example, Microsoft Windows Server 2003 Enterprise Edition with, for example, SUSE Linux Enterprise Server 9, and RedHat Enterprise Linux ES 4, it looks like:
Microsoft: 7 less critical unpatched vulnerabilities
SUSE: 0 unpatched vulnerabilities
Redhat: 1 not critical unpatched vulnerabilities
My question is: Why didn't the article's author spend the 10 minutes of research I did? Granted, there's more to it that just grabbing summaries from Secundia. But, if the author couldn't even do that, how useful is quoting 'experts'? At least Secundia can make a believable claim to be unbiased.
As for 'neck and neck', 7-0-1 doesn't look 'neck and neck' to me. Unless, of course, its Bill's FUD noose around my neck.
"We are all geniuses when we dream"
- E.M. Cioran
Let's be a little realistic here. I'm a Linux user and glad of it, but don't you think the main reason why there's so many worms for Windows and so few for Linux is that there are a hell of a lot more victims for Windows worms?
If a train station is a place where a train stops, what's a workstation?
I agree with you but I would add one point:
;) - meaning it has market share like twice bigger than competitors - still no mass compromise was seen. Another example against this argument? Sure - OpenSSH - it is used in almost all major operating systems (despite MS) - Linux, BSD, MOX, Solaris, other-unices, appliances such as CISCO devices etc. etc. - still it happen to have few bugs but there was no mass compromise noted.
:)
What was compared?
Linux servers vs. Windows servers - this is an issue here because Linux has some security problems (not that Windows hasn't) - there had been lot of holes in kernel (Linux) recently. But I don't really recall any mass histeria with Linux servers getting infected and DDoS entire country (Korea that was?) from Internet. There are some holes in f.e. Apache (but as I recall not serious ones - like exploitable in specific configurations - far more from default and even far more from common). Now somebody can go with instalation volume argument (that Windows is more widespread) - with server market it is not really an issue - Apache is most popular web server - even counting it running on Windows and other systems - it is in fact THE WEB SERVER
But servers are completely different than desktops (and should be measured so) -servers are usually operated by technical IT staff - servers do not face users directly. So now we come to desktops. And gues what... Linux does not have *any* problem with desktop security. Mind you - ANY PROBLEM AT ALL. This is the reality for now - no viruses, no adware, no worms, no need for firewall, no need for antivirus, no need for antispyware, no need for patching or instead your system dies in 2 minutes after connecting to Internet - no such stuff at all.
But with desktops I can agree that Linux was not tested "in real world yet" but given its experience on servers I don't know why it could be insecure on desktops? There will be some problems for sure - but we will overcome them even *before* they occur. Ever seen any modern Linux distro? Now we have tools like SELinux in place - it can be used to preety much secure any desktop (minimalize target surface, separate privileges/roles/tasks correctly, compartment Internet facing user apps like MUA and browser in sandboxes) - so really if anything like problems with Linux desktop security will happen we will be prepared for it. We are right now.
Uh, the parent poster never concluded Windows has more serious flaws.
I can understand *YOU* could jump to the conclusion that people think Windows is less secure than Linux (because a lot of people have that personal experience)
But for all we can tell the parent posting that you flamed may have been suggesting that Linux had more serious flaws than Windows (as laughable as that sounds; considering most online brokerages are linux/apache according to netcraft; and most all the Department of Homeland Security sites are either Linux/Apache or Unix/Apache).
More likely he was just making an observation that often journalists falsely jump to conclusionsn that when two things have some risk, that they have equal risk.
There I have said it the the last time this week!!!!! You can not but Security is a box.
Windows XP SP2 is doing this already to some extent, such as when they dialog the user "Program X is connecting to remote host. Do you wish to allow this?" and the like.
.NET Framework, but not many companies are currently developing major projects in .NET, so there will be some years of lag before the role based and code access security features of .NET begin to make inroads into a critical mass of the Windows software out there.
I presume that's the firewall? Think of SELinux as a firewall built into the kernel that mediates access between processes and resources: everything on the system can be vetted for access to all the resources (files, network access, what have you) in as fine a grained way as you desire.
I agree that program and role based security could be taken further and it has with the Microsoft
But there's the difference right there: Windows is adding it as an extra that you can use in the right framework. SELinux has added it as a security system built in to the kernel that applies to anywhere software running on the system and any resources made available by the system no matter the software was written in/with, and no matter what the resource is. If it runs on the OS then it needs to go through the security system. If the resource is made available to the user then it's the kernel doing so, and hence the security system can lock down that resource.
We're talking about the difference between ground up, and slapping patches on. Security works best when it is at the base level.
Jedidiah.
Craft Beer Programming T-shirts
I read the entire article, and it appears to be 100% fluff. THere is not one statistic, or even any made up data that is used to support the premise of the article. To paraphrase, the two experts that were interviewed are essentially saying: "Well, I think that maybe just possibly Linux has a security edge, but Microsoft has probably done some catching up with all of the security stuff they've been talking about, so I think that realistically I don't have any idea at this point what is better".
Wow. Thanks for that, guys.
\/\/oobie
When was the last time you saw a home Linux machine 0wn3d?
Home Linux machines are exactly the sort which get "owned." That's because amateur Linux lusers think that Linux is so secure that they can run superuser accounts with too many privileges, leave dipshit services like Telnet running, and leave root shells open, just waiting to be 'sploited.
How do you think University networks get r00ted? Amateur Linux lusers who configured their box wrong.
I'm sure he did, but the point is, here's Ballmer saying security is important to Microsoft, but if you want to put that in action, don't you dare put our products on the internet naked... put something running Linux, Cisco's IOS, one of the BSDs, or anthing we don't sell in between our products and the internet. And really, they do so, any administrator worth their salary does so... and yet look at how many Linux machines sit naked on the internet, or act as security appliances to protect those vulnerable Microsoft products... and then someone can say they have comparible security with a straight face?!?
I have come to a conclusion that one useless man is a shame, two is a law firm, and three or more is a congress -J Adams
"Linux has a slight advantage in that computer science students are learning it, but Microsoft has made life easier for non-techies, particularly with its improved patches."
This paragraph says it all.
First off, a system is only going to be as secure as the person who's using the system knows how to secure it. I've seen tons of Linux and BSD boxes with services running for no reason. Just check out Redhat's default installation and you'll see ports open all over the place that are not being used. At least that the way Redhat did things.
Secondly, Linux has 3 advantages over Windows.
1. The obvious. Linux should be more secure because it's a much simpler system than Windows! I don't think anyone can deny that. Wouldn't make sence if Linux was less secure than Windows, especially since lots of it's functionality was taken from more time proven Unix systems.
2. The people who use Linux are more likely to be experienced computers users than their Windows counterparts. Linux doesn't have to appeal to a bunch of mouse clickers who expect things to work all the time. Us geeks are willing to bend over backwards to make things work.
3. Windows operates over 90% of the world's computers, so hackers and virus writers have a much bigger target. Besides, it wouldn't make much sense for anyone to write viagra adware for Linux when most of it's users aren't even getting laid!
I've always maintained that an OS is secure as the people that run it and the programmers that write the code which runs on it.
Linux seems more secure because the people that run it generally know a hell of a lot more about programming it and administering it, than an MCSE who passed his exams, but doesn't really know that much about real world computing.
I know an MCSE, who after passing his exam (and had the requisite ego inflation that inevitably occurs) query me with "how do I ftp a file?"
Lets just say there are a few knowledge holes there if that guy is running the network.
Contrast that against someone who builds linux boxes. You aren't going to get that webserver to serve web pages, without a how-to, unless you know what you are doing, period. Anyone that's been around the block enough to build a linux web server from source, and can do it without cracking "the book" is going to have a great deal of knowledge about dns, SSL, firewalls, and hopefully networking.
I'm sorry but the point and click crowd isn't going to build a more secure network than someone who can build his own firewalls using IPTABLES.
I am not saying that all MCSE's are clueless, a good deal of them aren't, but the barrier to entrance to run ms products is significantly lower, which leads to more inexperienced people administering boxes. Knowing your OS isn't enough, and most of them think it is.
This is what makes some ms networks dangerously vulnerable. This won't happen in a fortune 500 network, but in mom and pops all over the country, I bet I could get into more, than less, of them within 15 minutes of the first cracking attempt, and most will be ms servers set up by people that should really be studying computers, not setting them up.
l8,
AC
I'm getting tired hearing this false argument over and over. To run something in Linux that can potentially damage the system you need to log in as root. To run a virus you need to submit root password which is pretty different from what happens in Windows (by the way can you run Windows as restricted user? Many programs just refuse to work, I think that restricted user account is useless, most of the people I know run Windows as Administrator, only that and makes a big difference.)
Remember also that Linux has a big share on servers, and still there are not as many worms like Red Code and alike that bug Windows
among hackers and script kiddies (and many slashdotters), microsoft is the enemy. This is one of main reasons there are so many worms/viruses for the windows platform. Another reason is that a large percentage of the Internet is using windows, including people that are very likely to click on a link. When a large percentage of non tech-savvy people are using linux, it will have many of the same issues that windows has today.
Remember also that Linux has a big share on servers, and still there are not as many worms like Red Code and alike that bug Windows
There was a patch for code red, weeks before it started spreading. Many worms can be stopped through smarter sysadmins. Microsoft did its job.
...but sometimes I get a feeling that Linux is used by some people to feel like a smug elitist nerd. You know, install it and then you can sit back and laugh at the poor windows fools who probably know just as little about security as the person who is feeling all 1337 by using linux. I'm not saying all Linux users are like this, but I'm sure there is a good percentage. I mean any OS can have gaping security holes, depending on the implementation. When I was at uni a friend of mine managed to get pwd logging software on a persons account because it was easy for a non-savvy user to think they had logged out when they hadn't. Being the joker that he was, he thought it would be incredibly funny if that logging software would mail to pwd to my account, off to the sysadmins office I went for an account suspension. I got my revenge though, by sending nulls to a file that stored his login info (I don't remember the details, it was a LONG time ago) to forcably log him out while he was working. Pretty lame-brained idea considering they were watching my account, back to the sysadmins office I went. Lets not also forget the first internet worm I can recall was the one that would use a gaping sendmail exploit to send spoofed mail messages from server to server. It really was as easy as telnetting to port 21 on a unix mail server and writing the email header in a text editor. So you can laugh all you like about the chequered history of Windows, but unless you recognise that Unix had just as shaky beginnings, you are only looking at half the story.
Blessed are the 1337, for they shall pwn the earth.
Your new to Linux so let me give you the rundown. The OS has nothing to do with the security. The user is what really makes or breaks a system. If a user does dumb shit and doesn't protect his/her system then that system is compromised no matter what OS they use. Macs, Linux, BSD, and windows are all pretty much equal which is why if you really want to be secure you need to implement some strategies to protect yourself. Sure some of these OS's do that for you but even then you still have to know what your doing and stay on top of it. I've seen Linux systems fall to pieces cause the users were idiots. They switched to Linux because it was more secure and then bitched at how it was just the same. Linux and BSD users are generally more knowledgeable so their systems are more secure. Mac's market share is so small no one really cares and even then I find Mac users have better habits and more experience when it comes to the net. Window users tend to be not the brightest. I use Linux, BSD and Windows and all my systems are very secure and I never have a problem. From my experience all operating systems are equal, it's the users who are not.