Slashdot Mirror
Ask Slashdot: Why Not Linux For Security?
An anonymous reader writes "In Friday's story about IBM's ban on Cloud storage there was much agreement, such as: 'My company deals with financial services. We are not allowed to access Dropbox either.' So why isn't Linux the first choice for all financial services? I don't know any lawyers, financial advisers, banks, etc., that don't use Windows. I switched to Linux in 2005 — I'm well aware that it's not perfect. But the compromises have been so trivial compared to the complete relief from dealing with Windows security failings. Even if we set aside responsibility and liability, business already do spend a lot of money and time on trying to secure Windows, and cleaning up after it. Linux/Unix should already be a first choice for the business world, yet it's barely even known of. It doesn't make sense. Please discuss; this could use some real insight. And let's at least try to make the flames +5 funny."
The thing people like a lot of the times is that microsoft offers support, they have it stuck in their head that if you spend money on it, it must be better than a free alternative. Pretty simple really but that's human nature in this day and age, we are programed for it from commercials on tv to radio to Target and Walmart.
Maybe it's because Windows' security isn't the rotting mess it was 10-15 years ago?
Simple, because upper management always wants more windows.
This has been discussed ad nauseum here over the last decade.
One big reason why things are the way they are, is that corporate types want somebody to blame when things go pear-shaped. There's not many linux companies of enough size to handle that. Just RedHat and SuSe.
Another reason is yes, the apps. The simply *must* have MS Access and integration with the whole Office suite. Anything that doesn't have this is likely a non-starter.
C|N>K
If you've got things to do, learning how to operate a Linux system is low on the priorities. If people start finding hiccups because of the differences between Linux and Windows they'll rapidly complain to tech. support, who will soon fold under the pressure of people not being able to meet their commitments due to not understanding their workstations.
Linux isn't the top dog because it's 'more secure' than Windows, it's not the top dog because it's not as well known as Windows. I see more people using Mac in the workplace now, and with the popularity spike in BYOD I would suggest that if Linux were to become more user friendly, Linux would be slowly be adopted anyway.
We should remember that >60% of servers run Linux, versus Windows.
Must we really re-hash windows vs linux? Must we?
If I were a too busy to be bothered executive, my high level opinion of the hobbyist operating system would be that it's bound to be full of backdoors put in by the coders. What's worse, is when those backdoors cause my golden parachute producing institution serious financial harm, there's nobody to sue. At least if Microsoft were to do something dastardly, there's a few billion in assets to get the lawyers worked up over.
because the windoes security guys work for free!
One reason is because in many cases your system is only as good as your administrator. Bad linux admins are worse than competent Windows ones.
1) Trying to run away from good security practice by going to something you perceive to be less targeted or better able to save you from yourself isn't a good idea. Hate to break it to you but really Windows itself is pretty good security wise these days. If you are having trouble the question to be asking yourself is what is wrong with the way things are set up. To me it is like having your house robbed and moving to a new neighbourhood, rather than locking your door at night. We run a mixed environment at work, and we don't have many Windows security issues, despite it being our big OS. Reason is we have a good security setup that provides defense in depth. We have real proactive security, not ostrich security.
2) Because often the products businesses need aren't available for Linux. People will point to half-assed alternatives because said half-assed alternatives are the best they can find. "Just write your own," is completely unfeasible to many companies, and uneconomical to others. If you'd save $X in terms of security issues and licensing but spend $X*10 to develop and support your software that does what you need, it isn't a good move.
3) Because Linux doesn't always, maybe even not usually, have a lower TCO. In our environment it requires a hell of a lot more fiddling than Windows to make it work. Our Linux lead spends a lot of time hacking around with things to make them work right, and dealing with customized setups (which we do a lot of being a research university) is a pain. I spend way less time fiddling to make Windows work, and not because I'm smarter to better than him. He's damn good. It just seems to be more trouble to get Linux to do what we need, the enterprise support tools aren't as robust.
Remember that security is only one facet of cost, and also remember Linux doesn't provide perfect security. You can argue if it is better or not, though many of the better arguments are just arguments of less targeting. Things like malware that the user has to download and run, an OS can provide no defense against that short of trusted computing or the like.
So you have to look at what it would cost and save in total.
Also as I said, really security talk needs to be about defense in depth and how to prevent problems, not about trying to run away from them. Security failures WILL happen, anyone who's done physical security know there's no such thing as a perfect defense, everything is fallible, and you have to have layers and you have to monitor and adapt to maintain good security.
I would rank a place high security that runs Windows but does things like: Have regular users run deprivileged and not hand out admin accounts. Have a good, but sensible password policy and use two factor authentication. Have all systems patched regularly and quickly and monitored. Run a host based firewall on all systems. Run an on access and on download virus scanner on all systems, centrally monitored. Run a network based firewall and IDS, maybe even more than one. Segments servers from workstations and only allows the access needed. Proactively monitors for problems. And so on.
I would rank a place low security if they just run Linux, give local users sudo, and say "Have fun, Linux is safe!"
Linux could potentially help with security, that would need to be evaluated by someone competent case-by-case. Linux does not give good security, it is layers and a process, not a magic bullet.
2001 called, they want their "get the facts" back....
C|N>K
It's stories like this that make me wonder why IBM isn't laying off people instead of HP. (Truth: HP wouldn't need to lay off so many people if they could tell people how to swap the crappy batter on the HP Touchpad. Then again, Meg Whitman is Carily Fiorina 2.0 now with Romney cues.)
But IBM has has also rejected allowing anyone from using an iPhone at office meetings over concerns that Siri may be spying on the company.
Also, remember a few years back how IBM was so eager for businesses to switch to Linux? Clearly they're not following their own advice considering they were hacked last week according to The Hacker News.
We can't move forward if everyone is taking steps backward.
The Rapture is NOT an exit strategy.
At least at the level of "business desktop", I believe "user stupidity" is a far bigger threat than "insecure operating system". Yeah, for a ___ server, or firewall, or really any sort of system managed by trained, competent people, the OS or applications may indeed be the bigger risk, but on the desktop? All it means is that instead of attaching bank_of_nigeria__withdrawal_forms.pdf.bat, they'll attach bank_of_nigeria__withdrawal_forms.pdf.pl when running a scam.
Linux is not a magic security bullet - such a thing simply does not exist. No OS is unbreakable. My company found that out ourselves, when we discovered just how completely '0wn3d' a particular clients' Linux servers were - let's just say the guy who configured them is now fleeing the *country* to escape the gross negligence and breach-of-contract lawsuits (when your job description is "keep these servers up-to-date and secure", and they're still running a version of Debian from '02 and participating in Anonymous DDoS attacks, you've failed).
Windows also, I have to admit, has gotten much better at security compared to the 95/98 days, or even the XP SP0 days. Linux still has a security lead, but that lead is now orders of magnitude smaller (especially since Linux, at least for certain distros, seems to be trading security for usability).
... but it really isn't! If you can manage to find someone with zero experience, Windows does not magically make sense to them.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Unix is actually very popular where security is a concern. Most of the internet runs on some variety of Unix.
Same in business.
But the reasons it's not even more widespread are:
a) Management and HR are clueless, and so they implement the wrong policies and hire the wrong people.
b) Microsoft spends a lot of money on getting people hooked on their technologies, including getting most universities to teach their crap, so many sysadmins are clueless regarding anything outside Microsoft.
c) CTOs get bribed. Those bribes determine what technology they buy. The FSF doesn't have much money to waste on bribes, but many corporations do.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
One of the parts of the otherwise totally asinine "Zen and the Art of Motorcycle Maintenance" that actually did stick with me was the story about some little part of a motorcycle that can be replaced with just a little piece of tin can if it breaks, and in some ways it even works better if you do. But, in the auto parts store it costs $15. The point is this guy's friend would never consider using a piece of tin can on his bike, and would always buy the expensive part every time because he's the kind of guy that associates paying for something with quality. You could never convince him that a free alternative to anything could be better, because then why would anyone ever pay for it? And since there's these successful and widely popular companies selling the widget for lots of money and making a killing, they must be doing something right that can't be offered anywhere else. Having dealt with enough executive types that make decisions like these for large companies, they are almost universally this type of person. It's not that free can't be better, it's just out of their comfort zones. Really, I think it stems from faith in capitalism. Windows is it because its the big one that everyone uses, and that means everything to some people (unfortunately).
I suspect that, for large enterprises, 'security' as measured by 'how fucked it is after 6 months of clueless use by Joe Pornhound, his wife Jenny Incredimail, and his son Timmy Warez' is basically irrelevant.
Home users are basically helpless cattle; but they are also low value targets. If a drive-by download or a trivial trojan can't land some malware, they are safe. If it can, they are helpless.
Your enterprise, on the other hand, likely has the desktops locked down good and hard, firewall and IDS and people paid to care. However, they are a high value target. It is plausible, indeed quite likely, that they are getting actual human attention, from actually competent attackers, customized payloads, possibly even the honor of having one or more zero-days used against them. They are also much more likely to be running complex, web-facing applications, where the security may not rely on the underlying OS that much at all(how many sites have been exploited purely through more-or-less OS agnostic attacks on their CMS?)
In this scenario, it isn't entirely clear how much better Linux is than Windows(and, also, it isn't necessarily the case that the desktop OS matters nearly as much as the competence and vigilance of the chaps watching the network for funny business).
Office, plus things like Visio and MS Project. And I don't care how much someone argues, Dia is nowhere near a good a product to date as Visio. And there is nothing in the Linux world that even compares to MS Project. There are some apps with 'project' in the name that might even look a little like MS Project, but nothing that can compete. ERD tools are another thing. Yes there are a bunch that run on Linux, but even a mid to low price Windows offering like Toad Data Modeller is head and shoulders above anything you can find for Linux. And the multitude of financials software out there runs on Windows not Linux.
Software vendors simply don't want to deal with the GPL if it means there is any chance that they will have to give away the code they spent hundreds of thousands, if not millions of dollars to develop. You will find them occasionally making software that will also run on OSX, but again the license there won't force them to give away anything. And I know there is the LGPL, but it still has GPL in the name which rightly scares the vendors. And with the way some of the more rabid FOSS people are, vendors don't want the worry of a v4 of the GPL and/or something that deletes the LGPL, etc. Unless vendors can be guaranteed to make money on their investment they won't write top level code for Linux, and without top level apps, people won't use it... except for programmers who have made tons of decent apps to work on the platform they code entereprise apps for (not the client apps that the bosses use).
-- I ignore anonymous replies to my comments and postings.
People use computers to run applications. The operating system should be chosen to support the applications they need, not the other way around.
Business already has too many problems with Mac fanatics insisting on using Apple products. The main issue is they demand the computer/OS *before* seeing if any of the applications used at the office are supported. Ass backwards.
However, the question in the article was a non-sequitur. The use of cloud services has absolutely nothing to do with operating system of choice. It has to do with losing control of data.
Case in point, IBM didn't say "You can't use Dropbox on Windows", they said "You can't use Dropbox". Yes, there is a Linux client for Dropbox.
Learning HOW to think is more important than learning WHAT to think.
I can't speak for the financial advisors and banks, but for the lawyers, it is inertia. In 2000, when I graduated from law school, the firm I worked at still used Word Perfect 5.1 on Windows 97. They were convinced in 2001, to upgrade to Windows 2000. Even then they ran Word Perfect in a DOS box. They kept this for two reasons. The first was they didn't want to retrain their legal secretaries. Document formatting is very important and intensive in legal briefs, so you need to know the word processor in much greater detail than to write a term paper. The second reason is that they had purchased a customized version of Word Perfect that integrated with the accounting software the firm used. This was not easily duplicated. When they finally did upgrade to Word, they had to buy a whole new accounting package, and the conversion process, including training, took months.
I suspect that what keeps law firms, and most other professionals, from making a switch to Linux is the desire to avoid the unknown and the learning that goes with it. That is bolstered by the fact that every industry has some killer app that just doesn't exist on Linux.
Bullshit, do you have anything to back that up with? Appliances to monitor traffic are not just a Linux thing, if you care about it that much, you'll want them for a Windows only network as well. As for firewalls, if you're at all competent, you should be able to set one up for Linux without any particular trouble, for free. Set up the rules once and you probably don't have to fiddle with them again.
And no, people don't work for free, so I'm curious why you're only counting that when it comes to Linux, I doubt very much that Windows Admins work for free.
Because of OpenBSD? :)
and the flavor is "Why not Zoidberg?"
Space Shuttle was a program that strapped humans to an explosion and tried to stab through the sky with fire and math
No, windows is not user friendly. It's actually very user antagonistic. It is, however, corporate (particularly *AA) friendly.
Rather than not being user friendly, Linux's problem is it is too user friendly: it's easy to get lost in the choices.
Most windows users want their hand held. Corporations want to use handcuffs. Windows provides the handcuffs.
Bill - aka taniwha
--
Leave others their otherness. -- Aratak
I work in financial services and we are addicted to Microsoft Excel.
I get "relational data" in Excel spreadsheet form from outside vendors all of the time. I can't even get them to send me the data in a flat text file so Excel won't chop off the leading (and necessary) zeros.
It is what everybody knows.Not the way it should be, but that's life.
One word: OpenBSD. It is more secure. You can debate the reasons all day long. But the fact of the matter is, even an OpenBSD box running SSH, SMTP, and HTTP services isn't going to get hacked. Forget remote root exploits. Let's talk about local root exploits, which are found regularly on Linux and Windows. OpenBSD? The most recent local root exploit, circa 2009, didn't work on the then current--or prior--release. Thus it was tagged--arguably improperly---as a reliability fix.
So it's not that bugs aren't found in OpenBSD. It's that their "proactive security" mantra has substance to it. The developers see where the state-of-the-art hacking techniques are going, and cut them off at the pass with counter measures. Contrast this with Linux or Windows, where they react after the fact; and after countless people have been p0wned.
Linux and Windows code is chock full of amazing algorithms and sophisticated hacks. OpenBSD code tends to be extremely dumbed down. If you're concerned with security, you want the dumb code. The more sophisticated the code, the harder it is to debug. The old adage that anyone who codes to the best of their ability is by definition incapable of debugging that code rings true.
The problem with Dropbox isn't just that it exposes Windows insecurities, it's also that it makes it easy to export lots of stuff out of your company, potentially with wimpy passwords, to a storage system which your company doesn't have any control over - Dropbox doesn't even have to tell your company if they've gotten a subpoena or "friendly" FBI request for the material, and with no contract, there's no way to specify data retention limits.
At $DAYJOB, we've got a Dropbox-like service (at least the "upload/download from browser" part of it, not the "glom onto everything" part), because it's useful to have something like that. It goes to our own storage, and has encryption we've got control over, and it keeps the employees from needing to find other ways around the firewall's block on Dropbox uploads.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
No, you're wrong. Every single day I get updates. The "bug" I submitted to the patch for in Linux? It was patched in 2 weeks. The "bug" I submitted the whitepaper and proof of concept code under "responsible disclosure" to MS? It's been 2 years, and some of my unsavory friends who worked on the bug with me are now exploiting it. UPDATEs, FASTER. Linux wins.
I've worked for some of the largest banks in the world, and:
1.) They use craploads of Linux.
2.) They're going to stop using Windows.
3.) They'll never use dropbox.
Detail:
1.) They use craploads of Linux.
Just about every bank has declared Linux to be the future for application services, with a few exceptions for specific applications. Accounting will stay mainframe for a very long time, Collaboration will remain MSExchange for a very long time, Sharepoint probably as well, and rinky-dink one-off applications may still run only on Windows servers, but only if those apps come from software shops built by math/business/commerce geeks (algo stuff, etc.). Most databases, report generation, records keeping, document management, webbanking backends, and other banking stuff will continue their current trend of UNIX-to-Linux. Some banks are 20% along their UNIX-to-Linux projects, some are at 80%, but I don't know any that aren't on that road.
I think you were talking about desktops, though, not the datacenters and server farms. That's a very superficial way to look at banking computing. Banks do not use Windows machines to do banking, they use Windows machines as desktops for running Exchange, and Office, and banks are thrilled that they can *also* use those same pieces of hardware as dumbterms for people to SSH/Telnet to some banking applications and also access the newer applications through the browser. But, if it wasn't for Exchange and Office, they wouldn't use Windows, they'd use Linux thin clients. I actually know one bank that's trying to migrate people to Google Apps for just this reason, but it's really hard, because bankers really do love office/exchange.
2.) They're going to stop using Windows.
But they're not going to go to Linux. The banks are all calling it "BYOD" for "Bring Your Own Device." Bankers really, really, really want to use Mac desktops and iPads and Android phones and ditch Windows -- but there's no way they'll switch to Linux on the desktop unless that Linux is called Android. So, the banks are currently running well-funded projects to replace all their Windows-desktop-only applications with web-based apps that'll work from any browser, and also throwing lots of money at companies like Good Technology to be able to get iPads and Android Tablets in to the workplace.
Microsoft is trying to use Office360 or WTF it's called so that they can still sell stuff to banks that have ditched Windows on the desktop, but there's going to be lots of turmoil over the next 5-10 years as that progresses. Windows on the desktop in banks is effectively dead already -- I know 3 banks that have decided to stick with XP on the desktop instead of upgrading to Win7 because the Win7 upgrade costs are better spent in moving faster to this better future.
3.) They'll never use dropbox.
Banks are required to log everything, and logging everything you upload to dropbox and everyone that downloads it and all of that crap is so expensive that you should find out what the approved tools are for doing what you want to do. Most banks will allow SFTP/SCP between trusted endpoints if the right people sign the right forms. In my experience, dropbox is only ever requested in banks by someone that wants to break the law and is too stupid to know what law they'd be breaking.
Dropbox blocking is not something IT decided to do, it's something the lawyers required IT to do, and it has nothing to do with "security" in the way that there are "security" differences between operating systems. It has to do with the kind of security you have in the lobby that would ask questions if you started walking out the door with canvas bags that have dollar signs on them. If the banks allowed dropbox, naughty employees would copy documents to home that their daytrader spouses would use for insider trading (seen that more than once).
... but it really isn't! If you can manage to find someone with zero experience, Windows does not magically make sense to them.
We seem to have no problem finding an endless supply of Windows "admins" with zero experience. I don't know why you think that's such a big deal.
John
My NEARLY COMPUTER ILLITERATE next door neighbour (has trouble remembering how to copy files and use email attachments) who is 75 years old (a retired air force mechanic) who has used MS OS's for over 20 years (I helped him upgrade from DOS and a batch launcher script to Windows), now uses Ubuntu. It took him exactly ONE day with NO ASSISTANCE to learn the UI, and feel at home. Why?! Because he hated Vista, and after he held out for Windows7, and hated it as well, I said: "Before we install an OS that will be unsupported soon (XP), give Linux a try, it's free, so what do we have to lose?" -- Note: He has NEVER had to do anything with the command line, and he was AMAZED at how simple the installer was: "How are we're already running it from just the CD? ... How can this be free? ... Why doesn't Windows have this?" (well, now they do, sort of, but that's beside the point).
I've had people with ZERO experience with Linux borrow my Laptop (running Linux), and get around just fine, waiving me off when I offer assistance... even write a resume using Libre Office, and check out my music collection... I don't want to disrespect my friends, but these are the kind of people who have 37 windows "I'm an AV" viruses and don't know how to burn CDs or run Defrag -- You are deranged, a shill, or just down right mentally retarded if you can't use the OS.
I used to work for a large international organization. Every time I went to Africa, my laptop would get infected (from USB drives passed around at meetings). I finally installed Linux in my work laptop and never had a problem after that. (The USB drives still would get infected but not my laptop... I would just delete the offending files.)
The organization was a pure Microsoft shop and also was plagued by malware inside the headquarters (rumors were that there were foreign governments who wanted information).
Several times they had high level IT security meetings and I strongly made the point that they should move to Linux. This fell on deaf ears and they are still on Windows XP plus all of the Office, Exchange, etc. dross (and still plagued by security problems).
I don't read your sig. Why are you reading mine?
I can give you four good reasons.
1) Excel. Sorry Libreoffice can't compare to someone who has 15 years of experience ( and a masters in finance/ econ/ 10 years of experience at company) making pivot tables and doesn't wish to learn another way of doing things. It's nice when you have a 10 year old formula in excel and can boot up office 2k and it works. Keep in mind a fair share of companies are still on office 2k, for better or worse. You can sit there in your chair and say "well, upgrade", but for a 40 seat license, it can cost 3500 usd, and many companies refuse to pay for it, especially when Office 2k is "good enough".
2) Active directory. Yes, you can control file access via samba. Yes, you can have user control via (one of many) means, but active directory is not (too) difficult, and any 1st year admin should be able to set up simple file access.
3) Standard installs. If I go to CompUSA, Wal-Mart, Best Buy or Target, I can buy a computer or laptop with Windows. Windows is the de facto standard because (for better or worse) that is what is able to be bought at the retail level. I would wager 95% of all computer available through retail channels has windows preinstalled.
4) Support. Microsoft is a Global 100 company. As they used to say 20 years ago... Nobody gets fired for buying IBM. If everyone else is purchasing office, and by default windows, then any issues that you encounter are the same issues that your competitors have. That (in it's own way) levels the playing field. We can all sit here and talk about how great Ernie Ball is for standardizing on Linux, but that is less than 1% of the marketplace. If I have an issue, I have a number to call, and the support I get is from a company that I can pay to get support from that everyone has heard of. Everyone hasn't heard of canonical. Hell, a lot of people have never heard of SAP or Oracle.
Blah Blah Blah.
If what you said is true, that corporations signing "exclusionary contracts" with Microsoft getting huge discounts, in exchange for letting Microsoft to come into their daily IT operation to do spot checks for any so-called "violation", that will be a can of worm right there !!
No corporation, and I mean, no self-respecting corporation, whether or not they are in the Fortune list, should allow any outsider to intrude into their internal operation in carrying out spot checks !!
Whoever signed those type of contract with Microsoft, and all their superiors, must bear full responsibility in any loses, whether in financial or in trade secret, incurred during those "spot checks"
Muchas Gracias, Señor Edward Snowden !
Why is it FUD? I often see in my servers maillog a ton of blocked spam sent from compromised unix/linux servers. It's still not that difficult to find RedHat 7.x installations on the wild, with a vulnerable OpenSSH. And don't even get me started on vulnerable ProFTPDs, stupid user passwords, vulnerable web stack (apache/php/python/java/whatever) and so on and so on. The same way you'll find a _ton_ of Windows servers with vulnerable IIS (old versions) and the stupid stupid habit of having RDP open to the world.
The argument that "Linux is more secure" is a shitty one. Is there anything more secure than Linux? Of course there is - OpenBSD, for example. Is there anything more secure than OpenBSD? Of course there is - OpenVMS, for example. Can OpenBSD (the example I'm more familiar with) be vulnerable to external threats if you load additional third-party software? Yeah, shure. They can all be made insecure by adding needed software or an incompetent administrator.
Working with both unix and windows, I'd say one of the big advantages of windows is how well it integrates with windows servers, and how easily (assuming you don't run into a random bug or design flaw) you can manage granular permissions of your users (the people from sales cannot change the wallpaper, plug in USB devices or write to "my documents", but the sales manager can do it on machine X, Y and Z), add and remove privileges (there will be an external audit and the guys need to be able to login into the accounting machines from 9am to 5pm, but only thursdays and fridays for a month). If you run a managed, well filtered and secure large-scale desktop network, you'll learn to apreciate those tools (and to have every hiccup you'll have) - and all the perimeter appliances probably will run some sort of unix.
As everyone else here is saying if your admin is not up to it then any argument about OS security is irrelevant.
Maybe you aren't reading the same thread as I. Very few people are actually saying that, and it is a shame, because it is the truth.
I don't know the best way to do this but I (no admin training) could get something this working on linux.
Shure you can. On linux or on any other unix operating system. But can you do it in under a minute, or without logging on the machine (suppose it's 7pm and the user already left the building), or that instead of 2 or 3 accounts, you have to enforce 50 or 100 with different schedule requirements? The easy answer is to have your linux desktop authenticate on a Windows Server (or some other directory service that can provide you that funcionality). But the cheapest, easier to use solution I know of is Windows - and you can even train a monkey to perform that specific task.
Don't try to argue that windows has better networking admin than *NIX without researching (do you know you could have done in linux?), i would guess that some *NIX probably did something like it first and probably can still do the equivalent better but in a *NIX way.
Given that my work envolves maintaining heterogeneous infrastructures (bsd/linux/windows/osx/etc) on corporate networks, covering both server and desktop integration, i'd say I have a pretty good idea. And while I do prefer unix on the server (even if it requires me to use samba), many of the issues I solve/work around wouldn't exist on a windows-only network, or could be easily done by someone with superficial tech knowledge.
You really need to work a bit harder than that to push your agenda. No shill cash for you this week!
In what world does "software runs on Linux" mean "GPL" or even "LGPL"?
Some of the largest and most-expensive softwares run on Linux; e.g. everything Oracle makes/sells.
Google "commercial software on linux"
Linux is really more secure. Here's why.
You as a normal windows user by default have sufficient rights to modify or delete files in the OS.
Not true in Linux.
When you install an application in windows it ususaly drops files all over everywhere, adds stuff the the registry etc. so ususally extends the operating system itself. There is no partitioning.
Again, not true in Linux.
I do ;)
In the corporate / work world, I'd have thought that most lawyers use what they are given and, unless the corporate IT policy changes, Windows it probably is. But that's not the choice of the lawyer, in most cases — perhaps it reflects the lawyers that I know, but most of us are employees like any other paid staff member (in some cases, even if called "partner"), and have no real say on the IT or any other office aspects of the environment in which we work.
However, outside the corporate world, I (and quite a lot of others that I know) don't use Windows — for my academic and personal work, I haven't used Windows for years, instead preferring a mix of Linux, FreeBSD and Mac OS, depending on what I'm doing. Perhaps it's reflective of my areas of interest, but many of my legally-qualified friends use Linux either on a netbook for travelling, or else just at home — that may be because I tend to see myself as a legally-qualified geek, and my friends are probably in a similar position.
So, yes, lawyers *do* use platforms other than Windows. Whether law firms do is perhaps a different matter.
You as a normal windows user by default have sufficient rights to modify or delete files in the OS.
Not true for Windows. Since the very first version of Windows/NT regular users never had rights to modify or delete OS files. That was a Windows 9x problem. The problem with desktop versions of Windows (for home users) was that the *default account* was an *administrator* account - not a "normal windows user" as per your claim.
In the context of this discussion you have to consider Windows deployed in *enterprise* settings. In enterprises users log on with normal user accounts and *do not* hold rights to change the OS.
Since Windows Vista, even logging in with an administrator account, the token is *stripped* of admin rights and the such a user does *not* have the right to modify or delete OS files. By going through UAC elevation, a new process can be created without the stripping of admin power rights. Unlike Linux/Unix this elevation does not grant the process more rights than what was originally assigned to the account (but stripped at log-on).
A sudo "elevation" in Linux/Unix is based on SUID root and runs *totally unrestricted*. At that point it is the executable that is the barrier for total system compromise, not the rights system. The braindead SUID design is probably the single feature most responsible for root compromises on Linux/Unix. Linux Foundation and kernel.org has not been forthcoming with actual post-mortems and explanations for how their systems could become thoroughly *rooted*. It has been speculated that a user password was compromised, but that does still not explain how a system can go from a compromised user account to actually having a rootkit installed. I would bet money on some kind of SUID vulnerability at play.
When you install an application in windows it ususaly drops files all over everywhere, adds stuff the the registry etc. so ususally extends the operating system itself. There is no partitioning.
No, not true. Applications install in Program Files or Program Files x86. I am not aware of a single, recently modern application which "drops files all over everywhere".
It is true that applications usually also write to the registry as well. But you write as though the registry is a monolith. It is not. Just like the file system there are places where applications write their stuff. There are a number of "root keys": current user (HKCU), users (HKU), classes_root (HKCR), local machine (HKLM), performance data (HKPD) and current config (HKCC). Think of them as root directories of a file system. Everything has its place.
The registry has full ACL security on every single key - much more granular then text config files - and there are large parts where applications can not write or modify.
Furthermore the registry is not a single file. Rather, it is a number of "hives". For instance, Windows only load the current users hive under HKU. Other users hives are not loaded by default, but can be loaded on-demand under HKU. The registry is a very efficient hierarchical database with transactional support and redundancy and fail-over built in.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
I love how a single anecdote gets taken as a representation of the whole and upvoted to 5. Groupthink, gotta love it.
If you ignore ACs because they are anonymous - you're an idiot.
Well then your experience with Linux.org is much better than my experience, or the experience of past employers. People at my company submitted a bug for HID devices in Linux kernel 2.6.10, 2.6.13, 2.6.17, and oh it wasn't until 2.6.23 or so that they actually implemented the fix, and then gave someone credit for it. I cant tell you how many times i had to keep patching the exact same bug because no one at Linux.org cared about USB HID. It was the most asenine thing I had ever seen. It was a one line fix, that was clearly correct. The problem was someone sleeping with a spinlock in the kernel.