[clue-tech] Linux vs. Windows security
Nate Duehr
nate at natetech.com
Fri Jan 22 15:53:57 MST 2010
It's a religious debate.
In the end, the only thing that matters is whether or not what YOU'RE
doing with your computer is safe.
A Windows user with no Internet access is far safer than your unpatched
Apache server with a zero-day exploit in the wild.
When you start to talk about "which is more 'secure'" you have to add,
"for most types of users doing the most typical things".
Nate
On 1/21/2010 10:36 PM, Jason Ash wrote:
> Hi,
>
> My fiancee, Lisa, and I were discussing the security of Linux vs.
> Windows tonight. Not to drag you into it, but my position is that *nix
> operating systems are more secure by design and she (a Windows
> aficionado) just says it's security by obscurity. I tried to explain
> about the unlikeliness of user privilege escalation, and other
> features such as shadow, PAM, tripwire, libcrypt, secure password
> enforcement, etc., but I don't think it was very convincing. (She's
> also a non-techie). Moreover, over 60% of the world's Web servers run
> Linux, and Linux has no known viruses in the wild (only about 45 have
> ever existed vs. countless for Windows). If I'm correct, only 12 known
> root level holes have existed for Linux in the past eight years, only
> one for freeBSD, and countless holes for Windows. The open source
> development model also allows security holes to be fixed faster and
> for more transparent security auditing. Truly, anything made by humans
> can eventually be defeated by humans since we are imperfect and
> occasionally make mistakes. Moreover, a system is only as secure as
> the administrator overseeing it. In the end, every program you have on
> your computer is a potential backdoor, but nobody wants to live in
> complete paranoia. So, I was wondering if anyone had links to good
> articles or resources on the subject to let the evidence can speak for
> itself. Funny that she feels this way given that our Windows XP
> desktop has been hit by three viruses described as identity-stealing
> ones in the past year.
>
> Thanks,
> Jason Ash
> _______________________________________________
> clue-tech mailing list
> clue-tech at cluedenver.org
> http://www.cluedenver.org/mailman/listinfo/clue-tech
>
More information about the clue-tech
mailing list