[clue-tech] Linux vs. Windows security

[Jason Ash]

Hi,

My fiancee, Lisa, and I were discussing the security of Linux vs.
Windows tonight. Not to drag you into it, but my position is that *nix
operating systems are more secure by design and she (a Windows
aficionado) just says it's security by obscurity. I tried to explain
about the unlikeliness of user privilege escalation, and other
features such as shadow, PAM, tripwire, libcrypt, secure password
enforcement, etc., but I don't think it was very convincing. (She's
also a non-techie). Moreover, over 60% of the world's Web servers run
Linux, and Linux has no known viruses in the wild (only about 45 have
ever existed vs. countless for Windows). If I'm correct, only 12 known
root level holes have existed for Linux in the past eight years, only
one for freeBSD, and countless holes for Windows. The open source
development model also allows security holes to be fixed faster and
for more transparent security auditing. Truly, anything made by humans
can eventually be defeated by humans since we are imperfect and
occasionally make mistakes. Moreover, a system is only as secure as
the administrator overseeing it. In the end, every program you have on
your computer is a potential backdoor, but nobody wants to live in
complete paranoia. So, I was wondering if anyone had links to good
articles or resources on the subject to let the evidence can speak for
itself. Funny that she feels this way given that our Windows XP
desktop has been hit by three viruses described as identity-stealing
ones in the past year.

Thanks,
Jason Ash