IT Security Information

What sort of Security does Linux provide? How does it compare to Windows security.?

When you answer the question, can provide the references.

Public Comments

1. yeah... there's a wiki for that: (link in next section) under the heading of security... "Secure software should therefore have a small user base to discourage malware development, rapid updates to neutralize new threats, and a compartmentalized structure that isolates damaged sections. Linux is superior to Windows in all three areas. The last is achieved by separating user and root privileges." hth :)
2. First off, Wikipedia contains information from and biases of the person writing the article, so them saying that Linux is superior to Windows is hogwash. Second, I don't want to get into any Linux vs Windows rants because I find them useless and biased. It's like arguing that "my team" is better than "your team." Even a strong argument there is only momentarily true and can change overnight until the next major flaw is discovered. I love Linux and would prefer to use it over Windows in almost any situation you can name, but that does not mean that it's security is superior to Windows. The security of the operating system relies primarily on the competence of the developer, the security facets they build into it (and the soundness of those facets), as well as the IDIOT behind the keyboard who's driving it. Considering that none of us here have access to the code behind Windows, we cannot verify the competence of the developer and how sound it is. Linux is open source, therefore either making it more vulnerable to exploits or more secure. This depends on many factors - trustworthiness, competence, and availability to search for flaws in the code being my chief reasons. For example, the developer working on a piece of it could have just graduated high school or he could be a seasoned professional working on the project in his spare time. Either way, the junior or senior programmer could make mistakes (bugs) or intentional flaws. For example, Ken Thompson, one of the original coders of UNIX admitted that in 1984 he added a back-door in the C compiler that would allow him into the UNIX system as any user. This was supposedly done on a system to test whether it could be done and was never supposed to have made it to production... However, this is a proof of concept that it could be done without being able to be detected. I think the biggest security risk in any computer system relies on the user behind the keyboard. I'd place money that a monkey could be taught to install either Windows or Linux. However, that's just the first step, and it's also where most people stop. The security of any computer system relies on it being locked down (secured), updated, physically protected, accessible only by those that are authorized, protected from malware with up-to-date definitions, and protected from those that are physically sitting at the keyboard. I don't have the time to go through each of these steps, but I think they're self explanatory. I'll take one of these security facets and expand it: up-to-date malware definitions. There was a recent survey that said that most users (87%) say they have up-to-date malware definitions, yet only (51%) of their systems were up-to-date. There are other percentages for anti-spyware and having a firewall installed on the page that I'll let you read yourself (third link). This shows the lack of understanding, care, or possibly blatant lying in the survey... However, I doubt people care to lie about such things considering that 90% of them will give their passwords away for a cheap pen (fourth link)... Anyway, if you're asking for a homework question, I know I didn't come close to answering it, but if it's for your own knowledge or because someone is arguing that Linux is better, I think I did a decent job. WG