Thread: Is Linux More Secure Than Windows?

I think Linux is more secure...but for two reasons that have nothing to do with the software.

One of the reasons that Windows is 'attacked' more than linux is simply the number of people using it (~90% MS to 10% other).

I write software for a living so I target the most popular OS. When Linux becomes popular AND I find someone willing to pay me, I will write for it.

Second is that Linux users are usually more knowledgeable about computers and so better at securing them.

When Linux becomes popular the script kiddies will start targeting it.......why waste hours 'cut and pasting' a worm that will only affect a few PCs?

The professional hackers don't care about the OS (ie what OS was running when hackers stole those millions of credit card details?)

I think if you added up all the PCs connected to the internet then my figures would be accurate.

I also limited my comments to the topic....LINUX v Windows.

Not many home users have UNIX servers and home users are the majority.

Security is not a matter of Operating Systems. Security is the job of the sysadmin. If you have a Linux or *BSD admin, he probably knows enough to secure his servers. If you have a home user who got his OS from the shop and doesn't even know how to reinstall it, the security is bound to have holes. Actually, it's more like the holes have strips of security left by chance.

stovelp's post was about right. Businesses don't care about 'good' code. They don't even care about 'secure' code. What a business cares about is that the code gets the job done right now. I'd like to add that most businesses also need someone to blame. If our database server crashes, there's three parties to blame: the database software manufacturer, the server provider and the storage system company. We can go to any of them and have them sort it out. We will never use freeware or open source, because if something goes wrong, you have to blame the guy who's working with it. You cannot blame a company. And in the Real World (tm) shifting blame around until it hits someone else, preferably "far, far away" (tm) is a time consuming and important part of he job. I don't like it that way, but it's the way it works.

Originally Posted by nvoigt

I'd like to add that most businesses also need someone to blame. If our database server crashes, there's three parties to blame: the database software manufacturer, the server provider and the storage system company. We can go to any of them and have them sort it out. We will never use freeware or open source, because if something goes wrong, you have to blame the guy who's working with it. You cannot blame a company. And in the Real World (tm) shifting blame around until it hits someone else, preferably "far, far away" (tm) is a time consuming and important part of he job. I don't like it that way, but it's the way it works.

That's very true. When a big corporation is deciding what OS to use, the decisions are usually made by someone is isn't the most knowledgable technically. The thought process generally goes:

"Lunux [sic] looks good from what people tell me, but everyone else is buying Microsoft. And if the server breaks, I can blame Microsoft. If a Lunix [sic] server breaks, I'll be the one to blame for being alternative".

So they buy Windows. After all, no one ever got fired for buying from Microsoft.

Perspective - your perspective (hehe) on the business of Linux is something I hadn't taken into account. And you are quite correct, of the 10% of businesses that might be running Linux, 8% of them are probably running one of the big three distros that have support from the companies. I doubt theres many multi-billion dollar companies that would risk recompiling their own kernel on a brand new distro they downloaded from Sourceforge.

>>And in the Real World (tm) shifting blame around until it hits someone else, preferably "far, far away" (tm) is a time consuming and important part of he job.

Well put. Ensure the code won't break and if it does then always ensure any problem is a S.E.P. (someone else's problem)

Originally Posted by nvoigt

I'd like to add that most businesses also need someone to blame. If our database server crashes, there's three parties to blame: the database software manufacturer, the server provider and the storage system company. We can go to any of them and have them sort it out. We will never use freeware or open source, because if something goes wrong, you have to blame the guy who's working with it. You cannot blame a company. And in the Real World (tm) shifting blame around until it hits someone else, preferably "far, far away" (tm) is a time consuming and important part of he job. I don't like it that way, but it's the way it works.

Isn't that what Red Hat, SuSE and the other big distributors are for? Giving support and taking blame?

Isn't that what Red Hat, SuSE and the other big distributors are for? Giving support and taking blame?

Indeed. But they don't do this for free. And that's the only benefit to companies.

Originally Posted by stovellp

Support they can give, but I'm pretty sure they can shift the blame to the original developers when things break. I don't know if they do, but I don't see why they wouldn't.

Because practically every open-source license, including the BSD and GPL licenses, include an explicit disclaimer of responsibility.

"THIS SOFTWARE IS DISTRIBUTED AS-IS, WITHOUT ANY WARRANTY, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF FITNESS FOR A PURPOSE [...]"

Sound familiar?


That's what you pay the big distributors for: they take your money in return for guarantees that the system will work as designed, since the open-source developers themselves do not give any such guarantees. They in turn use the money to pay developers to audit the open-source code to make sure they won't regret their guarantees.