Slashdot Mirror
Linux and Windows Security Neck and Neck
Linurati writes "According to vnunet.com, Linux and Windows are neck and neck when it comes to security, but 'misleading figures and surveys are muddying the waters.' The article lays blame on both sides for the misleading information." From the article: "...Microsoft had made real progress on security in the past two years, but that the increasing number of Linux enthusiasts coming into the market would help the open source alternative in the long run."
"Nothing to see here ... move along"
Now THATS security for you!
It's no longer better, it's now just as good.
Funny, last month people told me it was better. The only quote in the article talks about linux' advantages. Erm. Something's missing.
My little site.
The Pinto dealer down the block said that they have added a couple of air bags on the passenger side doors to get it at par with a Volvo. Coincidence?
Free XBox, PS2
I think there are two main factions here, and the answer for what constitutes better security has slightly different context with significantly different results.
For all of these people their machines are ticking time bombs, and I'm usually the one who gets the call when their world of computer technology explodes. This by itself is reason enough to consider other technologies where by default they are secure. For example, Apple does a good job (not perfect) of making their machines secure... I won't go into great depth -- I'm not a heavy Mac user.
Also, linux by default comes out of the box with decent security. Even if users do try to just use, e.g., KDE an root only, they (as I recall) have to fight off the big red screen background, kind of like the enunciator lights and bells in cars when you don't fasten your seat belts.
So, in the lay community, though Windows carries the popular vote, I think linux out of the box is by far the more secure and safe way to go.
Security in Windows itself had definately improved over the last few years. But almost all of the current and recent vulnerabilities have somehow been related to IE.
Not using IE and using Firefox instead almost completely secures an up-to-date Windows box. Get rid of IE, get rid of 90% of Windows' security problems.
Maybe for servers, but not home users. When was the last time you saw a home Linux machine 0wn3d?
(Granted, most people who use Linux at home are knowledgeable enough to keep even a Windows machine safe.)
"the increasing number of Linux enthusiasts coming into the market would help the open source alternative in the long run."
I'd say this is precisely the other way around. More users equals bigger target and more potential fuck-ups.
Natlie Portman and Kathy Bates neck and neck when it comes to hotness.
May or may not be true, but if it would nice if I could run as LUA under Windows without having to jump through a bunch of hoops. I'm not talking about 3rd party apps, I'm talking about explorer.exe. There are a lot of little quirks and workarounds you have to deal with, although it's not impossible. It's clear that even XP was not designed with this in mind. Longhorn should do a better job of it. How good remains to be seen. That said, as an semi-experience Linux user, I still have no idea if I am really safe under Linux. Maybe that's because I have not put much effort into it.
When are we going to see an independently funded research studies that will, without bias, give us realistic statistics that will benefit intelligent buying decisions for the general public when debating over classic "windows v linux" implementation?
They are taking security vuln's for redhat EL 3, or suse 9.1, and comparing them to MS Windows. That is not fair. Now if they compared them to Windows, Office, sharepoint, IIS, Office, Project, all Microsoft games, SQL server, etc.. then it would probably be a little more fair. Linux DISTRIBUTIONS are a little more than an OPERATING SYSTEM.
What are we going to do tonight Brain?
yawn...
Generally, bash is superior to python in those environments where python is not installed.
Sex with someone with horable burning VD is just as safe as sex with someone ho doesn't have VD... as long as you apply a symantec branded condom and use critical update cream liberally.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
Look out! All the slashdotter will have a heart attack reading this one, and miss the point which was : (fromt he article)
"My hunch would be that Linux still has the edge but it's difficult to tell with all this misleading information being pumped out."
FUD is FUD, and its being given by both side. It happenned in the C64 vs Mac, Mac vs PC, Nintendo VS Sega, XBOX vs PS2 wars, and will continue to happen in everything where nerds is involved.
Those wars are Nerd's answer to woman staffed clothes store. (if you don't get that one, go spend 1 hour in there while your girlfriend shop, and listen to the saleslady dispute who got the sale. Sounds like a Linux vs Windoze Slashdot thread).
They have a herd of poorly paid but diligent slaves (a.k.a. graduate students studying for a Ph.D.). They do excellent work in voluminous quantities and would surely produce an accurate analysis of Linux versus Windows.
Dident i read about windows and 12min of safe time before trouble hits.. Beyond that.. I could have sworn the problem with widows becomming a secure OS was the fact that it was not Open.. thus nobody can tell if it is secure or not. correct me if i'm wrong but the advantage to open source is the barrage of people out there who can see errors and report and patch... windows is more of a trial and error process for secuirty... which by definition is just not secure...
Losers whine about their best, Winners go home to fuck the prom queen
Where are the proactive security systems for Windows? Sure, Windows by default has a fairly rigorous ACL system by default (at least in comparison to classical Linux ACL's), but trying to measure the security of a system solely on how many exploitable bugs it has is just a poor measurement method. With projects like SELinux, GRSecurity, Pax, different implementations of active bounds checkers as well as stack smashers, and good implementations like Hardened Gentoo (Debian has a hardened project but I havn't tried it) I don't particularly see how Windows has a chance in hell.
I don't know of any person with a Windows box who will hand out an admin account, but there are Gentoo Hardened devs who hand out root on their SELinux test rigs. Why? Because the system is secure enough to hand out root.
...Microsoft had made real progress on security in the past two years..."
:
Yeah, thats real believable considering Microsoft is holding hands with Claria...
--
Check out the Uncyclopedia.org
The only wiki source for politically incorrect non-information about things like Kitten Huffing and Pong! the Movie !
Please allow me to hate the creator of the 120-character limit: *HATES*. Thank you.
I hate these studies. Saying Linux isn't secure is like saying that fruit isn't red... it depends on what you're looking at. Are we talking about kernels? GNU tools? Common server software?
More importantly, which distribution? Windows comes with f*cking notepad and Solitaire. Linux distributions typically come with an order of magnitude more applications.
I'm on the Gentoo Security Mailing List. I get a few messages each day about vulnerabilities in software. Is each of these a ding on Linux? No, certainly not... it's a piece of software that happens to be available via portage.
If they want to be fair, then every ding on every Windows application counts against Windows.
More importantly, why the hell does every one of these boneheaded articles make it on the front page of Slashdot? Just helps spread the FUD.
Right. Whatever you say. Windows is JUST as secure as Linux.
I don't think its that far from the truth, really. It's like painting.. it's the artist, not the brush. A competent system administrator can secure Windows and keep it secure, just as with Linux. An incompetent sysadmin will fail with both.
Of course, it could be said Windows makes it easier to be incompetent.
The figures mentioneed by the hosting company seem to indicate that the discussion is focused on Windows security on the server side, where it is fairly true that Windows can be about as secure as Linux when both are competently managed. In both cases, there will be someone who knows about the systems taking care of them and ensuring that they're properly patched, firewalled, etc. I personally find managing Linux boxes easier, but Windows can be kept secure as a server.
Where Windows still falls down security-wise is on the desktop, where the combination of a vulnerable browser/Office Suite along with the fact that the de facto standard way for desktop users to set up their accounts is with administrator priviledges. That turns what would be a non-existant threat on the server (you shouldn't be doing general surfing or office work on a server) into a major issue. Microsoft has made feeble attempts to encourage users and developers to use limited accounts, but the fact remains that reconfiguring poorly written software to work in a limited account is a major headache that the average desktop user is not willing to put up with.
Microsoft also falls behind [most] Linux systems in that the majority of the software on a Linux box can typically be updated from a single tool (apt-get, yast, urpmi et al) while Windows Update only covers the core OS. Microsoft does have a better system in the works, but that will still only cover MS software.
WinXP is still a sitting duck out of the box.
I'm not sure what Microsoft is shipping in its Windows XP boxes anymore, not having ever purchased a retail version of it. However, if you're buying a PC preloaded with Windows, you are almost certain to find SP2 already installed. SP2 fixes a raft of security holes, turns on automatic updates, and, as a bonus, turns on the firewall that was (by default) off on XP RTM and XP SP1.
I'd wager that the vast, overwhelming majority of (legal) Windows XP installations came on machines preloaded with Windows. Given that, your fears of "unpatched" boxes being loaded today seems a bit of an exaggeration.
The biggest security threat these days is users opening worm-laden attachments, despite mountains of FAQ's, instructions, README.TXT, co-worker horror stories, and other forms of documentation, all warning of the dire implications of opening up that oh-so-inviting attachment claiming to have pictures of Paris Hilton's hoo-ha.
The biggest threat to security these days isn't in the OS anymore, it's mounted between the keyboard and the chair. In this respect, Linux (or any *nix for that matter) can be considered more secure than Windows, but only until a competent administrator restricts local users to non-admin-equivalent accounts. Then things rapidly return to something amazingly close to equality.
The corollary would be to give root-level privileges to common users and see how long the vaunted *nix security model holds up. Hint: it isn't nearly as long as we'd like. You're just one shell-script attachment away from disaster when a user gets an email instructing them to save the attachment off, chmod +x it, and execute it, not knowing it contains the ever-useful "rm -rf" command inside. You don't believe that a user would actually do something so stupid as to execute commands outlined in an email body? What have you been smoking lately...of course they would. If *nix ever became as ubiquitous as Windows is now, it would assuredly happen, I'll set my watch and warrant on it.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
The whole "windows gets infected more because more people are targeting it" argument doesn't hold up - otherwise, apache would have more security problems than IIS.
feh. stuff.
If you spend any time at Secunia, you will find all of the leading Operating Systems listed.
One of the things you will notice, is that not all Operating Systems are created equally.
Windows XP is here
http://secunia.com/product/22/
and Redhat 9 is here
http://secunia.com/product/1343/
With the biggest difference being in HOW CRITICAL THE SECURITY DEFECTS ARE and HOW MANY ARE STILL UNPATCHED
Funny, that...
Windows and Linux neck and neck? Not according to these numbers.
--E--
I use Linux on a daily basis for Desktop and server use, and since i'm not a security expert.. I often wonder how the entire process of awareness of exploits and the patching of packages happen. Could someone explain this to me?
Who is the trusted authority?
I'm not the type of guy to bash Microsoft, but I must say I was quite surprised when spyware of some sort infected IE on a fresh and updated install of WinXP. www.google.com was redirected to another site offering spyware removal (What a joke)
http://science.slashdot.org/article.pl?sid=05/07/1 3/2255243
Studies show that there is a one in three chance this is BS, and a 100% chance we'll see this artical written over and over again in the favor of one or the other. The difference is, the Microsoft are usually the only ones to write articals in which they look better than linux. Perhaps things really are changing.
Go ahead and call me unreliable; reliable is just a synonym for predictable.
A friend's machine is full of spyware. Common users have no knowledge of ad-aware, so what's the point of having your windows "updated" automatically, when you haven't cleaned up the spyware in the first place?
OH, and with the new SP2, you _HAVE_ to connect to the internet to activate your product, so that makes windows CD's either crippled (you can't connect w/o activating, and you can't activate w/o connecting first) or insecure by default. And I bet most of the people haven't gone to the stores to replace their WinXP SP1 CD with SP2.
The *current* build of XP might be more secure, but in general, the whole policies stuff is making that security COMPLETELY USELESS.
A good measure of windows security I'd suggest:
* Percentage of Linux machines in the world infected with spyware? 0.
* Percentage of Windows machines in the world infected with spyware? 80, maybe more.
So which OS is more secure, huh?
I'm not sure what Microsoft is shipping in its Windows XP boxes anymore, not having ever purchased a retail version of it.
Having just purchased an OEM copy for a custom built machine, I can answer this question. XP Professional tends to ship with SP2 preinstalled. XP Home, however, only comes with SP1 installed to provide for better compatibility for "home" programs. (read: Programs that didn't behave themselves in the first place.)
Javascript + Nintendo DSi = DSiCade
I'll start paying attention to the Linux vs. Windows security debate the next time I get a virus on my Linux box. Nuff said.
windows is not secure by default for a typical end user that doesn't know much about security there is no argument
t his-thing home theater setup.
/. Linux heads consistently rail against, right after they finish their rant about how the only reason Linux isn't succeeding on the desktop is because Microsoft is somehow holding them down.
And these same clueless end users are supposed to love the easy-to-use, totally intuitive, absolutely-not-cryptic Unix way of doing things so much that, if everyone would just adopt Linux, security would take care of itself.
Is it just me or does anyone else see the silliness of the above argument? Windows is not the problem with security any more than Linux. What's lacking here is something that's easy to use and flexible/powerful and secure. What we want is something with the simple user interface of a television (on/off, channel, volume, and that's about it) but we want the functionality of an I-need-eight-remotes-and-an-AV-consultant-to-run-
Personally, I think this form of contradictory nirvana simply cannot exist. If you make Linux easier to use and more accessible to the general public, it must lose either some of its security lustre, some of its flexibility, or some of both. Yet this very thing that would allow Linux to reach the mass market is what the uber-Geek
Folks, the weak link here is the human, not the software.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
It's just like a treasure hunt, except you win back the time it would take you to read the article.
The winner is the first to find the word in the following URL that suggests the value of the article it links to:
http://www.vnunet.com/vnunet/news/2139790/surveys
I have been running a mixture of Windows and Linux boxes at home for more than 10 years. I am conscientious about anti-virus and anti-spyware on the Window's boxes. On the Linux (and an occasional BSD) boxen I just take the normal security of the distro install and update packages regularly. I also, of course, do not log in as root. The bottom line is over the years I have had to battle various vermin on the Windows boxes. I have yet to have a virus or anything like it on the Linux/BSD machines. EVER! I use Linux as my normal OS on my laptop. I am surfing everywhere, constantly checking email. I download lots of programs, install things, etc. NEVER a virus, etc. Give me a break!
Some settling may occur during posting.
It will continue to be impossible to secure any version of Microsoft Windows until that company changes their design philosophy of mingling various unrelated tasks directly into the operating system.
The latest example is their plan to integrate RSS feeds into Littlebighorn (due out next near, whether it's ready or not). Lookie, boys and girls, a whole new way to infest Windows with viruses and malware. We haven't got the old holes plugged yet, but here we are planning to make new ones! You gotta love innovation at work.
Until they stop this "I'm OK, you're ok, so let's share" design philosophy, and get a little more paranoid, Windows will always be the easier target for the Internet's criminals and malcontents.
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
or mostly BS.
1. Compare WinXP operation system to the whole distribution is stupid.
2. Where from the heck those viruses spread ?
3. Look the secunia lists (www.secunia.com)
WinXP Pro (only OS):
Unpatched 21 of 84 total
Etremely or Highly Critical 30 of 84 total
Remotely exploited 52 of 84 total
Debian Sarge (OS and many, MANY, applications!):
Unpatched 10 of 26 total
Etremely or Highly Critical 4 of 26 total
Remotely exploited 18 of 26 total
So yes I would readily say that 80% of new out of box PCs are infected.... If i did all this and I knew what I was doing and still got infected in 30 minutes, could you imagine someone who didnt.
"Slashdot, where telling the truth is overrated but lying is insightful."
Well that's exactly the point isn't it?
Give a novice admin access and you have no security! ( Thus the outrage over Lindows default admin only setup by people who know better.)
Linux cloned the Unix environment which early on was a multi user networked environment, used by many universities where students could wreak havoc. Many design decisions were made to improve security early on.
Microsoft? Hey lets give our browser, email and applications the ability to install any software
at any time from anywhere on the net without the user even knowing about it. That would be cool huh?
Overall it boils down to a corporate culture problem at Microsoft:
What percentage of programmers who "get" linux/unix would ever want to work there?
What percentage of engineering decisions are made by "Pointy Haired Bosses" instead of programmers with real experience?
Sure, now that linux is giving MS hearburn in the security pocketbook, they are changing, but that's what they do well, and why they succeed. Remember how fast Bill Gates switched from "The Internet is for loosers" to "We Invented the Internet" ?
At least with competition MS are forced to start cleaning up the massive mess they have made of network computing.
Bavarian Purity Law of Rice Krispie Squares: Rice Krispies, Marshmallows, Butter, Vanilla.
Just thinking, is it really that the Linux OS is more secure or is it that the % of knowledgeable users using windows is lower the % of knowledgeable users using Linux?
IMO Most of "Windows" issues are users: downloading this screen saver, installing that searchbar - running that "Funny" email attachment - Linux users tend to not do stupid stuff like clicking on the "Click here to scan your system!" links....
Bottom line - windows is for the Masses - MS tries to make it user friendly and idiot proof, but I guess they keep coming up with better idiots.
The article reads like this:
Well, I think that Windows security has improved.
There are so many opionions out there, that it's hard to tell what the truth is.
I think that Linux still offers slightly more security.
Microsoft's patches are better...
I think.
It sounds to me like somebody just expressing an opinion that they have. This really isn't news at all, and doesn't even offer any insightful information.
Linux/Open Source/Anti Microsoft News
I'd agree that a fully patched and protected Windows server is about as secure as a default install of a Slackware server
The difference is the Slackware machinbe won't become a security problem when a user sits down and starts surfing the web.
As many point out, novice users with IE/Outlook are the main entry point for windows viruses.
Hey, perhaps someone could set up a public test:
Set up an internet cafe with say 10 XP machines, fully loaded for virus bear and 10 Linux Machines,
Then keep a live scorecard for how long all 20 machines keep clean and functioning. Let Vegas in on this, and place your bets!
Or hey, do it as a docu-tainment independent video similar to "supersize me"...
Hey Cringely, there's an idea for your new downloadable TV show!
Bavarian Purity Law of Rice Krispie Squares: Rice Krispies, Marshmallows, Butter, Vanilla.
Am I missing something? I would not attempt to dispute what he says, but what criteria does he use for that statement? Number of crashes, Technician time to re-boot/reload after an incident. Number of Viruses that get through? How many times the box is hacked?
For an article titled "Linux and Windows Security Neck and Neck", I expect to see more than just "servers....no difference..."
Apparently I am not the only one that thinks security is not just the server level. Nearly all the (on topic) comments talk about win boxes that startup with admin priviledges. The real security problem seems to be at the user level, not the server level. A good admin (or group of admins for 13000 servers) can setup and take either box to maximum security. The home user, (not lazy, not ignorant as one post call them) is not an IT person. If the box comes with a setup that makes it less secure, that is probably the only thing that will ever get setup.
My opinion is that security is not just MS or LINUX. It is based on the person that installs and sets up the OS. I would bet that any good admin can set-up and make either OS very secure or very in-secure. If a secure box is delivered to the home user, it will probably remain secure. Otherwise, it will probably end up helping send SPAM.
Look at what's actually happening, from http://www.us-cert.gov/cas/bulletins/SB05-194.html #trends;
Top Ten Virus Threats
All Win32 Worms. Pick any security site, and look at the top 10 threats. Then tell me which OS is the most secure. We can argue all day about the reasons, the facts speak for themselves.
I work in a world where I am responsible for about 100 servers, most of which run Windows 2000/2003, but a handful of which run CentOS 4 (RHEL4).
:
I have to say that either operating system is secure in the hands of a knowledgeable administrator. The key difference is simply that Linux can be made more secure by someone with ample experience, whereas Windows can be made moderately secure much more easily.
Let me explain. In the Linux world, because everything is open source, a very knowledgeable person can strip away `features` from the operating system, leaving fewer areas which could possibility contain security holes. In doesn't matter whether the NFS server has a security hole, if the NFS server isn't running, or even installed. To be more specific, a very knowledgeable person could even recompile their kernel, etc, such that the only things that will run on the box is that which is intended. A box configured for single use is easy to secure because then there are only a handful of areas which can be exploited. Because of this limited number, there are then only a handful of lists/newsgroups that need to be monitored for security updates.
Windows on the other hand posseses the advantage that Microsoft stands behind their product, and says apply these patches, and your secure. Therefore, to make a `relatively` secure machine is very easy. Just run auto-update regularly, and your secure. On the other hand, taking security to the next level. The level described above is almost imposible. You can't eliminate features from the Windows kernel by recompiling. Nor is it easy to pick and choose which DLL's get installed with the operating system. The result is a bigger window of opertunity for an exploit to be discovered which can then be used on your system. Now it is still possible to disable services, etc, but that is a more difficult task in Windows because of the interconnectivity. In the Linux world, because most components are developed by different people, they have few dependancies. This isn't true in the Windows world, and that makes it more difficult to lock down.
My point is that if there are three security levels, secure, very secure, and air tight. It is easier to get to the first level with Windows, but easier to get past the first level, to the second level and third levels with Linux. Granted large corporations can afford to modify Windows to get the other levels of security, but its more difficult because Windows is such a closed environment.
I've rambled enough. A good article on locking down a Linux box can be found here
http://www.puschitz.com/SecuringLinux.shtml
100% of the vulnerabilities on my linux box that I know about are Unreal Tournament. I think a reasonable rough-and-ready approximation is count the bugs per megabyte.
I am trolling
Average user is too dumb to add execute permission to something.
Oh really? Is the average user too dumb to follow this simple email below?
----------------
"Hello there. We have attempted to process your payment but there appears to be a problem with your account. We've attached a brief presentation to this email explaining how to rectify these problems with your account so payment can proceed in a timely manner.
Please save the file to your hard drive and execute it from the command line. If you have problems executing it, please type "chmod +x filename.sh" and then execute it.
Thank you for your time and atention in this matter, and we appreciate your business."
Attached file: filename.sh
This file has been certified virus free by McAffee Anti-Virus Scanner.
--------------------
Now, if you think the above scenario wouldn't happen by the millions, you're smoking some particularly good weed there, bub. This is how phishers get into things and they're very successful at it. What you're failing to grasp here is that the user doesn't need to know how to perform the operation. They only need to be gullible enough to follow instructions. Unfortunately, the more gullible they are, the less likely they are to recognize the threat such an email would pose to their system.
Gullibility is not something restricted to Windows users.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
If you go to Secundia and check their ratings of, for example, Microsoft Windows Server 2003 Enterprise Edition with, for example, SUSE Linux Enterprise Server 9, and RedHat Enterprise Linux ES 4, it looks like:
Microsoft: 7 less critical unpatched vulnerabilities
SUSE: 0 unpatched vulnerabilities
Redhat: 1 not critical unpatched vulnerabilities
My question is: Why didn't the article's author spend the 10 minutes of research I did? Granted, there's more to it that just grabbing summaries from Secundia. But, if the author couldn't even do that, how useful is quoting 'experts'? At least Secundia can make a believable claim to be unbiased.
As for 'neck and neck', 7-0-1 doesn't look 'neck and neck' to me. Unless, of course, its Bill's FUD noose around my neck.
"We are all geniuses when we dream"
- E.M. Cioran
Uh, the parent poster never concluded Windows has more serious flaws.
I can understand *YOU* could jump to the conclusion that people think Windows is less secure than Linux (because a lot of people have that personal experience)
But for all we can tell the parent posting that you flamed may have been suggesting that Linux had more serious flaws than Windows (as laughable as that sounds; considering most online brokerages are linux/apache according to netcraft; and most all the Department of Homeland Security sites are either Linux/Apache or Unix/Apache).
More likely he was just making an observation that often journalists falsely jump to conclusionsn that when two things have some risk, that they have equal risk.
Which, Microsoft insists, is an integral and inseparable part of the OS.
Microsoft can't say on the one hand that IE is part of Windows, and then on the other hand claim that IE vulnerabilities don't count as Windows vulnerabilities.
There I have said it the the last time this week!!!!! You can not but Security is a box.
so was Linux standing on it's head when they lined them up to compare?
I read the entire article, and it appears to be 100% fluff. THere is not one statistic, or even any made up data that is used to support the premise of the article. To paraphrase, the two experts that were interviewed are essentially saying: "Well, I think that maybe just possibly Linux has a security edge, but Microsoft has probably done some catching up with all of the security stuff they've been talking about, so I think that realistically I don't have any idea at this point what is better".
Wow. Thanks for that, guys.
\/\/oobie
"Linux has a slight advantage in that computer science students are learning it, but Microsoft has made life easier for non-techies, particularly with its improved patches."
This paragraph says it all.
First off, a system is only going to be as secure as the person who's using the system knows how to secure it. I've seen tons of Linux and BSD boxes with services running for no reason. Just check out Redhat's default installation and you'll see ports open all over the place that are not being used. At least that the way Redhat did things.
Secondly, Linux has 3 advantages over Windows.
1. The obvious. Linux should be more secure because it's a much simpler system than Windows! I don't think anyone can deny that. Wouldn't make sence if Linux was less secure than Windows, especially since lots of it's functionality was taken from more time proven Unix systems.
2. The people who use Linux are more likely to be experienced computers users than their Windows counterparts. Linux doesn't have to appeal to a bunch of mouse clickers who expect things to work all the time. Us geeks are willing to bend over backwards to make things work.
3. Windows operates over 90% of the world's computers, so hackers and virus writers have a much bigger target. Besides, it wouldn't make much sense for anyone to write viagra adware for Linux when most of it's users aren't even getting laid!
An elitist group known as The Living has long believed that they were inherently superior to their rivals The Dead, but statistics are showing a shift and some clear advantages for The Dead.
The Dead use no gasoline, an advantage increasing over time as prices rise and supplies dwindle.
The Dead never argue.
The Dead are more loyal. While there are rumors of switchers, there are only proven cases of switching from The Living to The Dead, not the reverse.
Some evidence of future switchers has been seen in political office where The Brain Dead have a significant presence.
The Dead have a well established installed base.
Some of The Dead give their all for recycling.
The Living are still generally more highly regarded for dating even though some are only vaguely familiar with the activity.
I've always maintained that an OS is secure as the people that run it and the programmers that write the code which runs on it.
Linux seems more secure because the people that run it generally know a hell of a lot more about programming it and administering it, than an MCSE who passed his exams, but doesn't really know that much about real world computing.
I know an MCSE, who after passing his exam (and had the requisite ego inflation that inevitably occurs) query me with "how do I ftp a file?"
Lets just say there are a few knowledge holes there if that guy is running the network.
Contrast that against someone who builds linux boxes. You aren't going to get that webserver to serve web pages, without a how-to, unless you know what you are doing, period. Anyone that's been around the block enough to build a linux web server from source, and can do it without cracking "the book" is going to have a great deal of knowledge about dns, SSL, firewalls, and hopefully networking.
I'm sorry but the point and click crowd isn't going to build a more secure network than someone who can build his own firewalls using IPTABLES.
I am not saying that all MCSE's are clueless, a good deal of them aren't, but the barrier to entrance to run ms products is significantly lower, which leads to more inexperienced people administering boxes. Knowing your OS isn't enough, and most of them think it is.
This is what makes some ms networks dangerously vulnerable. This won't happen in a fortune 500 network, but in mom and pops all over the country, I bet I could get into more, than less, of them within 15 minutes of the first cracking attempt, and most will be ms servers set up by people that should really be studying computers, not setting them up.
l8,
AC
...but sometimes I get a feeling that Linux is used by some people to feel like a smug elitist nerd. You know, install it and then you can sit back and laugh at the poor windows fools who probably know just as little about security as the person who is feeling all 1337 by using linux. I'm not saying all Linux users are like this, but I'm sure there is a good percentage. I mean any OS can have gaping security holes, depending on the implementation. When I was at uni a friend of mine managed to get pwd logging software on a persons account because it was easy for a non-savvy user to think they had logged out when they hadn't. Being the joker that he was, he thought it would be incredibly funny if that logging software would mail to pwd to my account, off to the sysadmins office I went for an account suspension. I got my revenge though, by sending nulls to a file that stored his login info (I don't remember the details, it was a LONG time ago) to forcably log him out while he was working. Pretty lame-brained idea considering they were watching my account, back to the sysadmins office I went. Lets not also forget the first internet worm I can recall was the one that would use a gaping sendmail exploit to send spoofed mail messages from server to server. It really was as easy as telnetting to port 21 on a unix mail server and writing the email header in a text editor. So you can laugh all you like about the chequered history of Windows, but unless you recognise that Unix had just as shaky beginnings, you are only looking at half the story.
Blessed are the 1337, for they shall pwn the earth.
If I start a service (and am stupid enough not to think about it) on a Unix or Linux system I know what I'm getting.
Just to be fair, you have to remember that by default, a lot of distros launch a hell of a lot of unnedded services (Fedora does this), so you don't need to "start" a service, it's already mischievously running. You have to positively act out to stop those useless services.
I believe OpenBSD is the best in this area since I think it has a "not running by default" policy. Even though I'm an Ubuntu/Debian person myself.