On Windows XP, the default user (when the OS was installed) is given Administrator privileges be default. On Vista, 7, and 8, the default user is still given Administrator privileges, but the User Access Control feature of the operating system allows the user to run in [limited] access, while still being able to easily switch into Administrator access when needed/wanted (think of it like an instant Linux sudo).
However, if an account in Windows is set to limited access, then that account in Windows cannot access Administrator privileges, without having a username and password of an account with Administrator privileges currently on the computer.
Both Windows and Linux can accomplish the same thing: giving users limited access to the computer.
Linux is not superior, better, whatever, when it comes to security.
No amount of Linux will help you if you set all of your accounts to be able to sudo to root. Same for Windows (giving all accounts Administrator access).
Ubuntu Linux will automatically let the default user have sudo access to root. Where is the security in that???
If a virus executes under a limited user on either Windows or Linux, you have a better chance at saving the OS, than if a virus executed under Administrator enabled account (on Windows) or root account on Linux (possibly even a root sudo-able account).
Read this comment:
2. Social Engineering
If Windows users would run limited user accounts, they would be much better secured than running with an account that allows them Administrator privileges (UAC or not). However this is really user silliness.
If you got an e-mail and opened the attachment, you did it to yourself, not the OS or anything/anyone else.
Be smart…don’t open e-mail attachments in suspicious looking e-mails. Also, be careful of e-mails that look like they came from your bank, Facebook, Twitter, etc. If they request information and/or have an attachments, you can bet a 95% chance that it is a fake e-mail.
3. The Monoculture Effect
The 100+ of Linux distributions make it more confusing for new Linux users (and even users who have used Linux). Having 100+ Linux distributions is not necessarily going to give you much more security. All it takes is someone to write a virus (and is successful in implementing the virus) for the most popular Linux distributions and have you have probably a good 60%+ of Linux users affected.
4. Audience Size
Doesn’t matter how many people use an operating system (or the software running on it), the operating system’s (and program’s) security stays the same. Having 10 million people using Windows and its programs and 10 million people using Linux and its programs would not alter the security of either operating system or software.
Let’s pretend I wrote a program and it had a security problem. Now if 10 people used my program, would not the program be as insecure as if 1,000,000 people used it?
If one of your reasons that Linux is secure is because not everyone uses the same software program, that is ‘security by obscurity’. Since if there are security problems with a particular Linux software, the security problems are still there regardless of how many people use the software (they just may not be found and/or exploited as fast as if a lot of people were using the software).
5. How Many Eyeballs
Technically having many people looking though source code can help with fixing security problems and whatnot. However, this also allows attackers to see how the updated code runs, which I think would help them a lot.
Also, the idea of having everyone look at the code and fix it does not always work out the way it is expected to.
You still have security problems with running Linux. The idea of “Linux being secure” is just not what it is cracked up to be. Everyone is free to choose, but please don’t spread the idea that “Windows is less secure than Linux”.