[PCWorld]

Post your comments for Why Linux Is More Secure Than Windows here

[AlexanderHedgepeth]

Good article! It really helps explain to the average person why Linux is much more secure than Windows. Nice job!

[bbvammy]

I am using Ubuntu and I have not touch Windows in years.
I find that Ubuntu and other Linux in general actually much easier to use, learn and maintain.

If Linux is too hard for you, stick with Windows and other Apple toys. Let the grow up use real operating system.

[JasonHarrislvi3]

Let's not be naive here. You left off "Security through obscurity", because that is really why it is much less likely to be h4x0rr3d.

[pcworldbtg]

toy |toi|
noun
1 an object for a child to play with, typically a model or miniature replica of something : [as adj. ] a toy car.

In the computer world: cheap, plastic, breaks easily, imitation of a real computer. Synonym: a PC. Antynoym: a Mac.

[Eric2]

It is Windows which tries to be secure through obscurity (of code), not Linux. Don't even dream that Linux is obscure. Just because your mother does not use Linux does not mean it is obscure in any way. Google and the whole Internet run on Linux. The embedded market is Linux. Smart phones soon will be. (world first, US later). Linux is secure because Linux is secure. Obscurity has nothing to do with it. That our military has been forced by political pressure to use Windows could prove disasterous. In security cracking competitions Linux, Mac, Windows in that order.) The article gives a brief, clear, and accurate assessment and explanation. Jason, I'd advise you to read it again.

[Calindar]

"The expression is intended to suggest that proprietary software is more secure by virtue of its closed nature. If hackers can't see the code, then it's harder for them to create exploits for it--or so the thinking goes."

While the official definition is as you have stated, I think most people are mis-using the saying, and implying the obscurity is in the fact that Linux and Mac OS aren't as widely used as Windows, and that is why they aren't attacked as often. Judging by the contexts in which I've seen this saying said, I haven't seen anyone use it to describe Windows as being secure because the code is hidden.

[ArupRoyChowdhury]

There is this silly notion that linux is secure through obscurity, nothing can be further than truth, almost all the supercomputers run linux, so does major enterprises, severs etc. in fact 91% of global servers run linux. Organizations like London stock exchange, google all do and so do many more. Most military run linux. OTOH, only Joe Q. Pulbic runs Windows, who is the better target to hack for hackers. Its the linux machines and guess what, every day they are under attack and therefore the Linux kernel gains gets hardened on a real time basis and all those then get passed to desktop linux, both share the same kernel btw.

[antize]

Don't agree with many of your specifics:

1. Privileges

"Windows, users are generally given administrator access by default"

Have you used a newer version of Windows lately? Ever since UAC started with Vista, all users run with their least level privileges. That means even users who are in the administrators group get only regular user access token privileges unless the user explicitly elevates a process which is much like a SUDO operation in Linux. Further information: http://msdn.microsof...y/aa511445.aspx

2. Social Engineering

There appears to be viruses/worms for the Windows platform, I agree with this, however social engineering attacks are platform inspecific.

3. The Monoculture Effect

I think the vast number of Linux distributions actually attribute to its niche status. Look at all of this: http://upload.wikime...roTimeline.png. Who is going to install all of those to see which one fits best? What if developers would take the best things out of some of those and focus on make one killer desktop Linux operating system?

4. Audience Size

Yes more malicious software for the window platform in comparison to Linux. Here is a discussion: http://superuser.com...indows-vs-linux

5. How Many Eyeballs

Bugs? "It’s a limited set of paid developers" You do realize that Microsoft has ~90,000 employees the majority of which are developers who also happen to be some of the brightest in the industry. The reality is that all software ships with bugs. Here are few Red Hat recently: Bug Fix Advisory - RHBA-2010:0562-1 (glibc bug fix update), Bug Fix Advisory - RHBA-2010:0561-1 (selinux-policy bug fix update ), Bug Fix Advisory - RHBA-2010:0560-1 (krb5 bug fix update), Bug Fix Advisory - RHBA-2010:0563-1 (vnc bug fix update). "Not only that, but users can even fix problems themselves" - is this a feature of Linux?

[MattPerkins]

But Linux users forget one thing ... the average user isn't going to use Linux. It's more complex to use than Windows and lacks the eye candy of a Mac.

Linux is basically for really tech savvy people or those who are too cheap to spend money.

I have had Ubuntu installed on my computer as well as VMWare's virtual machine and I always go back to Windows. Windows looks better and is much easier to use. Especially for a guy like me who likes to try many different types of software, in which Windows has an extreme edge over Linux.

Yes I know Linux has it's built in installer which you can choose from a variety of software in its database to install with ease. But if you want to install software that isn't in the database like a brand new product, you have to be tech savvy to install it. I wanted to installed a beta version of Firefox and it wasn't in the database, I was told I need to type in a command to install it. That is far from user friendly.

So really until Linux becomes user friendly for the average user, it's security means nothing. After all security only matters if your using it, right?

[kirovs]

"After all security only matters if your using it, right?"

LOL!
Like when your bank account is empty?

"Ever since UAC started with Vista, all users run with their least level privileges. "
Yep. And then most things do not work so people grant themselves admin privs and still run their computers as admins.

[haydoni]

Linux is essentially like marmite (you either love it or you hate it) - the default is hate (as we've all been brainwashed by Microsoft) until you've actually tried it, when it becomes love.

People who say you must be tech savvy to use linux, only say this as they think of themselves as "experts" in Windows, forgetting the learning curve they went through to get where they are (e.g. @MattPerkins installing a beta version of firefox - it's just not something an average user would want to do - and you don't want a beginner downloading and installing software from random websites, however there's a one-click way of doing it if you know what you're doing). You're posting on a PC World forum: you're not an average user.
To progress to a similar level in linux you must expect to have to progress through another learning curve - it's a different operating system! It's much easier for the average user (who just uses a browser, looks at pictures, or word processing) than you think.

If you don't like how Ubuntu looks, the beauty is that it's easily configurable - you could even make it look like Windows 7!

[antize]

"And then most things do not work" this has not been my experience at all. Granted there are quite a few old applications out there that do things against the UAC guidelines such as write to protected areas, or other things that only work with full administrative privileges. In my experience however, all of the applications I used function properly under UAC with minimal elevation prompting in Windows 7. In Vista I remember it being very annoying when UAC prompted for everything, however they have tweaked the UAC settings in Windows 7 and it is a much more seamless experience. Also newer versions of applications are being developed with UAC in mind which further reduces UAC prompting. Microsoft has published many articles to provide Windows platform application developers guidelines to follow to create applications that work properly in UAC protected environments: http://msdn.microsof.../bb756922.aspx.

[haydoni]

@antize We have no idea how many bugs are being worked on in Windows, none at all. I'd prefer to know, and if it's one I want to fixing, I can either have a go - or pay someone to fix it for me. The vast najority of bugs aren't security related.

The thing that pisses me off about closed source software is not being able to make changes:
In my old work every month the accounts were exported, from the closed source database, into Excel, where they are fiddled with (this took - and still takes - everyone in the team, who each looked after their own projects, a couple of days and much stress), to fit a certain template.
If it was open source the company could pay someone to write the code to simply export it as it's actually needed, saving (I would estimate) 72 working days a month!

The database company won't do it, even though they are being paid - a *lot* - to provide the database.

[kirovs]

"...this has not been my experience at all. "
Well it was mine in Vista, before I upgraded to Ubuntu. One of my colleagues has Vista, his experience is the same as mine.
I don't know about Win7- I am done with Windows.

[antize]

"Well it was mine in Vista" Vista was quite the culture shock as Microsoft radically changed the execution model to address security concerns with the OS. Granted these changes should have been implemented in the base design of the operating system in the 90's, however that just didn't happen.

"We have no idea how many bugs are being worked on in Windows" Microsoft has a policy that there can only be X number of known bugs with the operating system before shipping. The last I heard X was 500, and they cannot be major functionality bugs. The bugs are discovered and tracked in Microsoft's public "Connect" website (http://connect.microsoft.com/) during the OS beta and release candidate periods. If you encounter a nasty bug after the system ships, go ahead and submit it at the connect site, you might just get your fix soon enough in a Windows update.

[haydoni]

@antize You say Microsoft "should have been implemented [these changes] in the base design of the operating system in the 90's, however that just didn't happen." It didn't *just* happen, MS *chose* the lazy route of doing very little to the OS, since they have (and still pretty much have) a complete vendor lock-in. So why bother making the system more secure?
Windows didn't really move on in ten years (since Windows 98)!

You've got to take Microsoft's word that that's how many bugs there actually are/ that the ones they publish are the only ones - but why should they be honest?? I don't trust them, and there is no way of knowing.

If you think a "culture shock" to Vista is acceptable, why wouldn't you accept the "culture shock" to Ubuntu? Double standards!
Anyway, people can make up their own minds by giving Ubuntu a try.

I work on a IT company as a Software Packager. My daily work is to grab bug fixes from a variety of OS and prepare them to install without user intervention on servers. I work on Windows, Linux and Unix servers (RHEL, SLES, Solaris, AIX, HP-UX, and a couple more), and i see the bugs of each OS every day. There is a big true: the most part of the fixes comes from *nix system. The ppl from RHEL, releases fix everyday, and a bunch of them. The ppl from MS, usually releases between 5 and 20 advisories from month. This could say a couples of things, or MS has less bugs than RHEL, or the ppl from RHEL work twice as MS does.

Im a *nix fan and user (at least at home). Isnt true that *nix doesnt have bugs, nor security problems, and isnt true that *nix its 100% open source and all the ppl can see all the code. Try to get the open source of a RHEL

In conclussion: Dont trust all the things you read on Internet, if u want to know the truth behind, install it

Sorry about the typos, this isnt my mother language.

Regards

[antize]

"why wouldn't you accept the "culture shock" to Ubuntu" I never mentioned anything about UBuntu... To be fair I install every new major build of ubuntu to keep up with the new improvements, but I've just never really been impressed with the out of box experience which I think is important to increase platform adoption. To be fair you could run as a regular user in previous versions of Windows however application developers wrote applications that required administrative privileges for certain tasks and there was no way to elevate so they wouldn't work. This is likely why it become common for end users and organizations to run as administrator. Vista never saw wide spread adoption in business. Many businesses just skipped Vista. However Windows 7 is seeing an increased business adoption rate so we shall see how the reputation of UAC evolves.

[kirovs]

I think antize is right in many ways.
Out of the box is actually better with other flavors, such as Mint.
For me the big difference between Windows and Linux are- once you get around the quirks and the workarounds (if any) in Linux you are pretty much done. I do next to nil maintenance (I have 5 home computers to maintain and one at work). When I had Windows it was easy to start (relatively speakings), but the maintenance (both XP and VISTA) were pure nightmare.
I think I recouped the overhead I put in Linux set up in less than 6 months.