Thread: Is Linux More Secure Than Windows?

  1. #16
    Crazy Fool Perspective's Avatar
    Join Date
    Jan 2003
    Location
    Canada
    Posts
    2,640
    >> You have to sweat to even install something in Linux.

    erm, even as a beginner i've never had problems...

    yum install <package>
    apt-get <package>
    up2date <package>
    ...the list goes on, and there are gui tools for all of these apps if the user wants them.

  2. #17
    Pursuing knowledge confuted's Avatar
    Join Date
    Jun 2002
    Posts
    1,916
    Quote Originally Posted by ^xor
    An unpatched Linux system is just as vulnerable as an unpatched Windows system.
    I disagree, and can prove my point with two words: file permissions.

    If I'm running a process as a user that contains a vulnerability in Linux, and it's compromised, the only files that are in danger are those that belong to the user. Windows supposedly has something like this - but I don't actually know a single Windows user who does not use an admin account as the primary account.
    Away.

  3. #18
    FOX
    Join Date
    May 2005
    Posts
    188
    We need to differentiate between desktop and server security. What matters more to a desktop user, his data or the integrity of the operating system? You could easily write an exploit for some common Linux program that wipes out the entire home dir. Granted, the same thing could be done for Windows, but that's not really the point. Both Windows and Linux users face the same risk of having their personal data deleted by an exploit, so just because you're using Linux does not make you safe from script kiddies and other morons.

    You say that most people use the admin account in Windows by default, but is that really Microsoft's fault? Sure, they're not exactly educating people about it unlike Linux people who will flame the hell out of you if you turn up in their IRC channel as root (thanks funroll-loops.org for the laugh :P), but don't you think the same clueless people would run as root in Linux as well? Heck, Lindows runs as root by default if I'm not mistaken.

    But on a properly configured system, you don't need to be root to do most tasks you say? You certainly do not need to be root in Windows either... Can you install a sound driver in Linux as user? Video driver? What about software then? Sure, you could probably click on some installation file that installs applications with --prefix=$HOME, so no need to be root here. Why can't Windows applications do the same thing? And lets face it, if you pop up a prompt telling the user to enter the root password so he can see nekkid ladies on his desktop, how many wouldn't just blindly type in the password?

    And if the same Windows people don't upgrade their Linux boxes for over a year, how many local or even remote root exploits will there have been released? But that's assuming that they're not already running as root...

    Default security you say? Sure, there are a crapload of services running by default in Windows, and I'm not going to defend Microsoft on this one. However, and I'm not up to date on every single distro out there, but I recall that a lot of popular Linux distros or even commerical UNIX systems ran sendmail by default... An operating system should not have any network services reachable from the outside running by default. Period.


    On servers however, I do feel that *n?x is superior, even though the server editions of Windows can be locked down pretty tight as well.


    Don't forget that Microsoft will introduce file permissions with Longhorn, but I guess that point is moot until that vapourware gets released.

  4. #19
    Pursuing knowledge confuted's Avatar
    Join Date
    Jun 2002
    Posts
    1,916
    If you run services like webservers, etc as a different user, then your home directory is in no danger. Also ... I don't recall having ever turned it off, and I'm not running sendmail, which leads me to believe it was not turned on by default. Even if it was, though, that code has been reviewed by more people than look at any one portion of Microsoft's code, most likely.
    Away.

  5. #20
    FOX
    Join Date
    May 2005
    Posts
    188
    > If you run services like webservers, etc as a different user, then your home directory is in no danger.

    I was referring to desktop systems, with applications like Gaim and similar being exploited.

    > I don't recall having ever turned it off, and I'm not running sendmail, which leads me to believe it was not turned on by default

    And that is because you're running Linux 10.0 ULTRA?
    I didn't say all distros had it running by default, and it's been quite a while since I ran anything other than the three main BSD's, Gentoo and Debian anyways, so I wouldn't know what the current situation is like. All I know is that Debian installs with OpenSSH, Exim and some Portmapper running by default. Could be worse, but I still had to turn them off, and an unexperienced Linux newbie certainly wouldn't even know they were running.


    > Even if it was, though, that code has been reviewed by more people than look at any one portion of Microsoft's code, most likely.

    Lets not start a flamewar about the merits of open source versus security through obscurity in closed source.

  6. #21
    Pursuing knowledge confuted's Avatar
    Join Date
    Jun 2002
    Posts
    1,916
    ^xor, I'm running SuSE 9.0 Professional; I think we can both agree that it's a big distribution, and even though 9.0 is 3 minor versions outdated, it certainly isn't as old as sendmail.
    Away.

  7. #22
    FOX
    Join Date
    May 2005
    Posts
    188
    Well my point wasn't that specifically sendmail was running, but rather network services reachable from the outside as I demonstrated with OpenSSH and Exim in Debian.

  8. #23
    Banned nickname_changed's Avatar
    Join Date
    Feb 2003
    Location
    Australia
    Posts
    986
    MathFan - touché with the avatar comment. You are quite correct though.

    It is obvious that you have a dislike from Microsoft from what you said above and from the spelling. That spelling does irritate me because it is usually used by little kids who have no idea about anything. This is obviously not the case with you, which is also what dissapointed me about the spelling - it's really as immature as my avatar :P

    To understand my reasons for not agreeing with you on Microsoft, you need to first understand your role as a programmer.

    If you are looking to become a professional programmer some day, you will soon realise that there is no fantasy world where you are rewarded for creating the best software ever. No one will respect you or treat you like you're worth something just because you can write the fastest bubble sort or you invent a new type of data structure. The only people that might are other geeks, or fellow academics if you get a 60k grant to write some silly study.

    As a programmer, your role is to help businesses. As much as you'll come to hate it, business drives technology, not the other way around. If you look back over the last thousand years, you'll realize that every major technology innovation took off and became popular because it helped businesses and/or the military. As great an invention as the car is, it wouldn't have meant anything if it didn't have any real world uses.

    The same is true of businesses. Windows is popular because businesses like it, and open source isn't because businesses generally don't like it (for now at least). Yes, Linux has its roots in geeksland, but in the real world 99% of people have probably never heard of it.

    Microsoft is in the business of producing software. That is what they do - they write and sell software. The selling part is probably the most important part. Their employees have a mortgage and a family, their shareholders want profits, everyone needs food to eat. They could write software all day and night that was beautiful and lovely and all that other fantasy software crap that open source developers tout, but at the end of the day they have bills to pay.

    Businesses buy software from Microsoft because they have a job to do. They don't care if it has a few small bugs, or that they aren't using the best bubble sort algorithm, or that their encryption only takes ten-thousand years to crack rather than twenty thousand. They just want to type a report up in Word, and Microsoft is in the business of helping them do that.

    Microsoft aren't in the business of creating the best software ever. They're in the business of creating software that is useful to its customers and that does the job. They also understand the concept of DEADLINES.

    When Microsoft add a feature to word, such as the word-count menu, it's not as simple as opening visual studio and clicking a few buttons.

    First, the feature request goes to the project manager, who writes a specification for it. This is done so that everyone understands what the new feature will do, because there are a lot of people involved in the process.

    That specification goes to a panel of language experts, who check that there won't be any multi-cultural problems. One of these experts might come back saying "you need to increase the width between 'Pages:' and the number of pages, because blind, Mandarin-speaking Britons in Madrid using Windows 95 and a touch sensitive monitor won't be able to fit the text on screen if the document is over 217,000 pages". The specification is duly revised, and goes through the same process until there are finally no percieved problems.

    Then it goes to a security expert who checks there are no arcane workarounds to abuse this little dialog box to open security holes. This might seem pretty stupid, I mean, it's just a dialog right? Wrong, because even though it is just one dialog, sometimes there are issues and so Microsoft has to play it safe, otherwise people like you .......... about how insecure Windows is.

    Then it goes to a programmer, who writes the code in a couple of hours. The code is then reviewed by the language experts, a senior developer or two and the security guy. By the time the whole process is complete, something as simple as Words Tools->Word Count can take 2-3 days to implement and can involve a good dozen people after all the hoop jumping, and that doesn't even count writing the documentation (yes, Microsoft actually have decent documentation) and translating it to a zillion different languages.

    Seems like a lot of beurocratic nonsense and time wasting doesn't it? Well, the reason these processes are in place is because unlike the majority of open source software (I'm not talking KDE or anything like that, but something like aMSN), Microsoft actually cares about blind Mandarin speaking poms in Madrid using Windows 95. Because if they don't, they'll get sued. Because of all the added complexity that comes when you have users of your software that aren't running Windows XP, with US english and nothing out of the blue, there is a much bigger chance of security issues.

    Now what really sucks for Microsoft is that it takes 12 people and 2 days just to do a simple dialog. Imagine how much work writing Microsoft Word from scratch would take? Of course, if Microsoft wanted to (and they have the money to), they could rewrite it all from scratch. They could make it perfect in every possible way. When would you expect a shipping date? June 2017.

    This isn't any good. Businesses are demanding newer releases - they have bluetooth cell phones that they need to synchronise with Outlook dammit. Huge companies like General Motors are counting on Microsoft releasing upgrades every 18 months, because they also have a big beaurocratic process of upgrading all their PC's. Oh, and let's not forget, the people at Microsoft still need to eat.

    So they pick a realistic shipping date. They say "we'll rewrite and have it done by December 2006". They can't use the method that 70% of Open Source projects use ("It'll be ready when it's ready"). To meet this ship date, they need to cut out features. They can't afford to spend 12 years making it perfect in every possible way - they have a deadline and they need to make some cuts. Features, cost, or time - pick any two. Yes, they have to cut a few corners to stay on budget and on time. If they don't, people whinge "oo Longhorn's release date is slipping, M$ sux0rz!".

    Microsoft aren't protected by a "we take no responsibility for anything at all" clause like 90% of open source projects. They have a responsibility to their customers. Any when a Microsoft project ships late, they generally have a good reason - not that anyone cares.

    So when you say "I don't like M$ because they concentrate too much on the commercial side", you have to realize that every other successful software company in the world does the very same. Heck, even Red Hat do it. Why? Because there is no lollypop land where you're paid to write code just because it's "beutiful". Your source code won't be hung in a Paris art gallery. If anyone even uses it, they'll use it because they have a business case for it, because it helps them do their jobs on time. Because the majority of people don't live in an academic fantasy world.

    I learnt this at the company I work for. Every day I suggest a new feature or that something should be re-written. The response is always "can you show that it will help us finish by 25th December? Or that the changes would be so significant that it's worth implementing? If not, write it down, and maybe we'll do it in version 2". If we could, we'd spend forever making it perfect. But our budget is limited, our deadline in Christmas day, and if we take another six months doing things that don't make our product significantly better, our customers will get angry and I'll be looking for a new job.

    If anything, just remember that business drives technology, not the other way around. Netscape spent years rewriting their flagship product to make it the best. Microsoft just patched their buggy Internet Explorer. While I'm positive the Netscape browser was better, Netscape lost because their biggest mistake was forgetting the commercial side (and a list of other reasons, but that stands out as the most significant). Any software company that forgets this is doomed to failure.

    Look at the top ten software companies in the world 15 years ago, and look at them today - Microsoft is the only one still on the list. It's not because "oo they have better marketting". It's because they never forgot their purpose - to provide businesses with solutions, not with perfect software.

  9. #24
    Banned nickname_changed's Avatar
    Join Date
    Feb 2003
    Location
    Australia
    Posts
    986
    And to prove my point MathFan, when you get your first programming gig, spend a week improving somes silly routine to make it "perfect", then show it to your manager. If they don't fire you, they'll be keeping a very close eye on you.

  10. #25
    Registered User
    Join Date
    Jul 2003
    Posts
    450
    Yes it is.

  11. #26
    Registered User MathFan's Avatar
    Join Date
    Apr 2002
    Posts
    190
    stovellp, you are very right in what you say. I must probably reevaluate some of my arguments. Thank you very much for giving such a thorough explanation. I really wasn't aware of or simply didn't know many of the details you mentioned.

    There is only one thing I disagree on: that is how many people have heard of linux. From my experience there has been a rapid development here in the past few years. Five years ago, if I had told anyone that I use linux, people would have just asked "Using what??". Today though, most of those whom I know, have an idea of what linux is (not because I have talked about it much - indeed, I haven't; no one really listens to anyway). It may well be that they hate it (even without really having tried it), but they at least know what I am talking about. Also, it seems to me that there are more linux users now then there were some years ago. I don't know, may be it is specific to Norway and Russia. The institutions here, especially in Norway, have been rather willing to switch operation system and go for the free alternative (mainly because of the financial reasons, at least in the first place). Among these institutions are especially many schools and universities. So may be that is something that has made the young generation here adapt to the change and become more aware of windows' alternative.


    And to prove my point MathFan, when you get your first programming gig, spend a week improving somes silly routine to make it "perfect", then show it to your manager. If they don't fire you, they'll be keeping a very close eye on you.
    Hehe... I don't know if I'm willing to try it to find out....
    The OS requirements were Windows Vista Ultimate or better, so we used Linux.

  12. #27
    Registered User
    Join Date
    Jan 2002
    Location
    Vancouver
    Posts
    2,212
    Why are you guys typing all these words? You are never going to convince each other.

  13. #28
    ... kermit's Avatar
    Join Date
    Jan 2003
    Posts
    1,534
    Longhorn's release date is slipping?

    M$ really does sux0rz!!!11!!

    lol - Kidding of course

    Good writing stovellp

  14. #29
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    Very nice, stovellp.

    I actually disagree with MathFan on the number of people who know what Linux is. If you asked my sister what it is, she'd probably answer something along the lines of, "Uh, I've heard of that, it's something got to do with computers, right?" And I've talked to my sister about Linux. I have explained to her the differences between her own Windows-based computer and my KDE-based computer to the point where she can use it (i.e. I told her that the K on the lower left is like the Start button). She has used it.
    But she doesn't care, so she probably forgot it. And so would most computer users nowadays. I keep reminding myself that we're a kind of elite, and that we're usually overestimating other people's knowledge of computers.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  15. #30
    Registered User
    Join Date
    Jun 2004
    Posts
    722
    Weekend out.. This topic got interesting.

    In finishing my 3rd year of informatics engeneering.. and after my, although not much, experience with linux, honestly I don't see a single vantage using it. Linux lacks of a vital quality missing in most of freewares - ease of usability. that why windows is most of the times superior.

    Also windows and Ms got extremely bad reputation about win95/98/me.
    nowadays i consider MS to be a top quality software developer.

    Someone said that linux is more costumizable.
    Nonsense. To costumize linux you need the proper tools. For windows the same stuff.
    After programming with posix and the win api, that claim to me is alsolute BS...

    Window is currently the target of all acusations relative to security for the same reasons of internet explorer. about 90% of computers users use windows. and about 70% of them dont' even know what a security patch or service pack is. Plus 90% of the internet users, use internet explorer which is the swiss cheese of security. Fortunatly opera and ff are getting popular.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Dabbling with Linux.
    By Hunter2 in forum Tech Board
    Replies: 21
    Last Post: 04-21-2005, 04:17 PM
  2. linux and windows lookup host processes
    By Lynux-Penguin in forum Tech Board
    Replies: 0
    Last Post: 08-31-2003, 11:54 PM
  3. Linux OS to Windows OS code
    By sw9830 in forum C Programming
    Replies: 2
    Last Post: 02-28-2003, 03:11 PM
  4. Linux and Windows Duel Boot
    By The15th in forum A Brief History of Cprogramming.com
    Replies: 7
    Last Post: 04-26-2002, 04:59 AM
  5. Linux vs. windows
    By MicrosoftRep in forum Linux Programming
    Replies: 1
    Last Post: 03-20-2002, 02:42 PM