Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux and Windows Security Neck and Neck

Posted by Zonk on from the no-losers dept.

Linurati writes "According to vnunet.com, Linux and Windows are neck and neck when it comes to security, but 'misleading figures and surveys are muddying the waters.' The article lays blame on both sides for the misleading information." From the article: "...Microsoft had made real progress on security in the past two years, but that the increasing number of Linux enthusiasts coming into the market would help the open source alternative in the long run."

8 of 512 comments (clear)

  1. I think linux actually has an edge... by yagu · · Score: 5, Informative

    I think there are two main factions here, and the answer for what constitutes better security has slightly different context with significantly different results.

    1. First, from the article: He added that Microsoft had made real progress on security in the past two years. This is true. But, Microsoft started from an awfully low level of security. And, yes they've done much to automate patches, make updates easier, etc., in my opinion, the one missing piece is they haven't collaborated with the Windows Applications community (Microsoft, itself, and third parties) to figure out the least authorized user problem. So, for the uninitiated, and the lay people, Windows continues to be a world where, out of the box, people set up their boxen with everyone at administrator privelege levels. Heck, most of the times I still go to people's homes and find they don't really even bother to set up separate accounts for users.

      For all of these people their machines are ticking time bombs, and I'm usually the one who gets the call when their world of computer technology explodes. This by itself is reason enough to consider other technologies where by default they are secure. For example, Apple does a good job (not perfect) of making their machines secure... I won't go into great depth -- I'm not a heavy Mac user.

      Also, linux by default comes out of the box with decent security. Even if users do try to just use, e.g., KDE an root only, they (as I recall) have to fight off the big red screen background, kind of like the enunciator lights and bells in cars when you don't fasten your seat belts.

      So, in the lay community, though Windows carries the popular vote, I think linux out of the box is by far the more secure and safe way to go.

    2. On the other hand, many companies have wised up (though not all) to the notion of restricting the default access of their employees, i.e., they do not get administrator priveleges to control their own boxen. This creates a more stable, manageable, and secure environment for companies, but at what cost? Given that by the articles own words, "Engates added that his company manages 13,000 servers, roughly half of which are open source and half Microsoft. He claims to see little difference between the security on either platform.", and given that not having administrator access in Windows can be so problematic because of ill conceived applications (see item 1.) and mismatched access to data, if I could forgo reliance on Windows applications I would choose to deploy as much linux in a company as I could.
    1. Re:I think linux actually has an edge... by Waffle+Iron · · Score: 5, Funny
      Longhorn will fix this.

      2005: "Longhorn will fix this."
      2001: "XP will fix this"
      1999: "Windows 2000 will fix this"
      1996: "Mission accomplished! NT fixes this. We've got C2 certification!"
      1994: "Windows NT will fix this"

  2. It's all IE's fault by DarkHand · · Score: 5, Insightful

    Security in Windows itself had definately improved over the last few years. But almost all of the current and recent vulnerabilities have somehow been related to IE.

    Not using IE and using Firefox instead almost completely secures an up-to-date Windows box. Get rid of IE, get rid of 90% of Windows' security problems.

  3. Re:Advancements in FUD everywhere by team99parody · · Score: 5, Insightful
    It's funny how people think. Since neither product is 100% secure, they both think they're equally insecure. This logic is as stupid as saying "reading slashdot is just as dangerous as motorcycle racing, because I could get hit by meteor and die either way". Clearly one of the products has more serious exploits than the other and has caused more loss to businesses, but some people just don't want to admint that.

    But I agree with the parent -- advanced psychology-based FUD is a growing science.

  4. MIT & CMU can do a reliable study. by reporter · · Score: 5, Funny
    That "'misleading figures and surveys are muddying the waters''" is easily explained by a recent SlashDot article: "Study Shows One Third of All Studies Are Nonsense". We need an unbiased but authoritative organization to do a reliable study of Linux versus Windows. The best choice is probably the computer department at the Massachusetts Institute of Technology (MIT) or Carnegie-Mellon University (CMU).

    They have a herd of poorly paid but diligent slaves (a.k.a. graduate students studying for a Ph.D.). They do excellent work in voluminous quantities and would surely produce an accurate analysis of Linux versus Windows.

  5. Re:Um, yeah right by prisoner-of-enigma · · Score: 5, Interesting

    WinXP is still a sitting duck out of the box.

    I'm not sure what Microsoft is shipping in its Windows XP boxes anymore, not having ever purchased a retail version of it. However, if you're buying a PC preloaded with Windows, you are almost certain to find SP2 already installed. SP2 fixes a raft of security holes, turns on automatic updates, and, as a bonus, turns on the firewall that was (by default) off on XP RTM and XP SP1.

    I'd wager that the vast, overwhelming majority of (legal) Windows XP installations came on machines preloaded with Windows. Given that, your fears of "unpatched" boxes being loaded today seems a bit of an exaggeration.

    The biggest security threat these days is users opening worm-laden attachments, despite mountains of FAQ's, instructions, README.TXT, co-worker horror stories, and other forms of documentation, all warning of the dire implications of opening up that oh-so-inviting attachment claiming to have pictures of Paris Hilton's hoo-ha.

    The biggest threat to security these days isn't in the OS anymore, it's mounted between the keyboard and the chair. In this respect, Linux (or any *nix for that matter) can be considered more secure than Windows, but only until a competent administrator restricts local users to non-admin-equivalent accounts. Then things rapidly return to something amazingly close to equality.

    The corollary would be to give root-level privileges to common users and see how long the vaunted *nix security model holds up. Hint: it isn't nearly as long as we'd like. You're just one shell-script attachment away from disaster when a user gets an email instructing them to save the attachment off, chmod +x it, and execute it, not knowing it contains the ever-useful "rm -rf" command inside. You don't believe that a user would actually do something so stupid as to execute commands outlined in an email body? What have you been smoking lately...of course they would. If *nix ever became as ubiquitous as Windows is now, it would assuredly happen, I'll set my watch and warrant on it.

    --
    In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
  6. Re:Maybe for servers... by cozzano · · Score: 5, Funny

    When was the last time you saw a home linux machine?

  7. Linux and Windows Security Neck and Neck???? by lcsjk · · Score: 5, Interesting
    Engates added that his company manages 13,000 servers, roughly half of which are open source and half Microsoft. He claims to see little difference between the security on either platform.

    Am I missing something? I would not attempt to dispute what he says, but what criteria does he use for that statement? Number of crashes, Technician time to re-boot/reload after an incident. Number of Viruses that get through? How many times the box is hacked?

    For an article titled "Linux and Windows Security Neck and Neck", I expect to see more than just "servers....no difference..."

    Apparently I am not the only one that thinks security is not just the server level. Nearly all the (on topic) comments talk about win boxes that startup with admin priviledges. The real security problem seems to be at the user level, not the server level. A good admin (or group of admins for 13000 servers) can setup and take either box to maximum security. The home user, (not lazy, not ignorant as one post call them) is not an IT person. If the box comes with a setup that makes it less secure, that is probably the only thing that will ever get setup.

    My opinion is that security is not just MS or LINUX. It is based on the person that installs and sets up the OS. I would bet that any good admin can set-up and make either OS very secure or very in-secure. If a secure box is delivered to the home user, it will probably remain secure. Otherwise, it will probably end up helping send SPAM.