Linux and Windows Security Neck and Neck

Linurati writes "According to vnunet.com, Linux and Windows are neck and neck when it comes to security, but 'misleading figures and surveys are muddying the waters.' The article lays blame on both sides for the misleading information." From the article: "...Microsoft had made real progress on security in the past two years, but that the increasing number of Linux enthusiasts coming into the market would help the open source alternative in the long run."

Re:Um, yeah right

[prisoner-of-enigma]

WinXP is still a sitting duck out of the box.

I'm not sure what Microsoft is shipping in its Windows XP boxes anymore, not having ever purchased a retail version of it. However, if you're buying a PC preloaded with Windows, you are almost certain to find SP2 already installed. SP2 fixes a raft of security holes, turns on automatic updates, and, as a bonus, turns on the firewall that was (by default) off on XP RTM and XP SP1.

I'd wager that the vast, overwhelming majority of (legal) Windows XP installations came on machines preloaded with Windows. Given that, your fears of "unpatched" boxes being loaded today seems a bit of an exaggeration.

The biggest security threat these days is users opening worm-laden attachments, despite mountains of FAQ's, instructions, README.TXT, co-worker horror stories, and other forms of documentation, all warning of the dire implications of opening up that oh-so-inviting attachment claiming to have pictures of Paris Hilton's hoo-ha.

The biggest threat to security these days isn't in the OS anymore, it's mounted between the keyboard and the chair. In this respect, Linux (or any *nix for that matter) can be considered more secure than Windows, but only until a competent administrator restricts local users to non-admin-equivalent accounts. Then things rapidly return to something amazingly close to equality.

The corollary would be to give root-level privileges to common users and see how long the vaunted *nix security model holds up. Hint: it isn't nearly as long as we'd like. You're just one shell-script attachment away from disaster when a user gets an email instructing them to save the attachment off, chmod +x it, and execute it, not knowing it contains the ever-useful "rm -rf" command inside. You don't believe that a user would actually do something so stupid as to execute commands outlined in an email body? What have you been smoking lately...of course they would. If *nix ever became as ubiquitous as Windows is now, it would assuredly happen, I'll set my watch and warrant on it.

Re:I think linux actually has an edge...

[ILikeRed]

Actual informed users can run administrator accounts on Windows with no problems whatsoever

I will believe it when Linus starts telling people to run Windows firewalls on the perimeter of their network to protect their Linux boxes - in contrast to how Ballmer tells people to "secure their perimeter" with something other than Windows. (I guess he'd get in trouble if he just came out and said Linux)

Linux and Windows Security Neck and Neck????

[lcsjk]

Engates added that his company manages 13,000 servers, roughly half of which are open source and half Microsoft. He claims to see little difference between the security on either platform.

Am I missing something? I would not attempt to dispute what he says, but what criteria does he use for that statement? Number of crashes, Technician time to re-boot/reload after an incident. Number of Viruses that get through? How many times the box is hacked?

For an article titled "Linux and Windows Security Neck and Neck", I expect to see more than just "servers....no difference..."

Apparently I am not the only one that thinks security is not just the server level. Nearly all the (on topic) comments talk about win boxes that startup with admin priviledges. The real security problem seems to be at the user level, not the server level. A good admin (or group of admins for 13000 servers) can setup and take either box to maximum security. The home user, (not lazy, not ignorant as one post call them) is not an IT person. If the box comes with a setup that makes it less secure, that is probably the only thing that will ever get setup.

My opinion is that security is not just MS or LINUX. It is based on the person that installs and sets up the OS. I would bet that any good admin can set-up and make either OS very secure or very in-secure. If a secure box is delivered to the home user, it will probably remain secure. Otherwise, it will probably end up helping send SPAM.

Re:Advancements in FUD everywhere

[at_slashdot]

Linux may not have as many worms/viruses, but that's only because it is not a target (not because it's more secure). Which ever operating system is the most popular will have the most people trying to attack it.

I'm getting tired hearing this false argument over and over. To run something in Linux that can potentially damage the system you need to log in as root. To run a virus you need to submit root password which is pretty different from what happens in Windows (by the way can you run Windows as restricted user? Many programs just refuse to work, I think that restricted user account is useless, most of the people I know run Windows as Administrator, only that and makes a big difference.)

Remember also that Linux has a big share on servers, and still there are not as many worms like Red Code and alike that bug Windows.

I still have to see ONE virus that successfully replicates in Linux environment. ALL the viruses that exist are lab viruses and they exploit holes that were patched long time ago. Or the type of viruses/worms that come in e-mail and say "please install me" but that doesn't count.