LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 10-05-2003, 10:43 PM   #1
ryancw
LQ Newbie
 
Registered: Aug 2003
Distribution: Red Hat 9
Posts: 25

Rep: Reputation: 15
in what way is Linux less vulnerable than Windows?


I've had my new RH9 partition on my dual-boot machine for about a month now. Was a Win98-only user before that. In that time, I've received about half a dozen notices from RH about updates. Many of them were related to security vulnerabilities (open SSH, and some other things I didn't understand.) It was nice of RH to notify me, and the updates installed easily. But I'm wondering why, when a security vulnerability is discovered in Windows, it is much ballyhooed and decried in the media, whereas when RH makes a similar announcement, it goes unnoticed except by users. Is Microsoft getting the bad press merely because it is the "big dog on the block?" With RH needing to issue all these "updates" (aka "patches"), in what way is Linux less vulnerable?

Thanks.
 
Old 10-05-2003, 10:54 PM   #2
Kramer
Member
 
Registered: Aug 2003
Location: Somewhere south of sanity...
Distribution: Mandrake 9.1
Posts: 550

Rep: Reputation: 30
Basically Im going to cut it to you like this, because this is how it was explained to me. As a user, you have control over only your files. As Super User, you have control over the root tree. Basically a virus or worm would need root priviliges do deliver its payload. Seeing as how your not logged in as root constantly (at least you shouldnt be) a virus that affects Linux, which are few and far between I might add, can only destroy your personal files, but nothing in your operating system. In comparison, Window$ file system is always open, always exposed. A virus or worm can deliver its payload rather easily without much intervention on the part of the user, and sometimes in the case of the Blaster worm and such, without any part of the user at all. Now this being taken into consideration, Linux is much more secure that Window$ could ever think about being. The security updates that RH is releasing are probably minor patches, as compared to gaping security flaws in any of Microsoft products. Notice that while you have only recieved 6 updates this month, Microsoft pumps out about double that each month, with far more depth and security issue that RH. I think that pretty much covers it in a nutshell. Security stuff can be debated all day, but when it boils down to it, security is only as good as the user whos pounding away at the keyboard IMO.
 
Old 10-05-2003, 11:07 PM   #3
Scruff
Member
 
Registered: Oct 2002
Location: Stoughton, MA
Distribution: Gentoo x86_64 & PPC
Posts: 949

Rep: Reputation: 30
I'll probably get flammed to death for saying what I'm about to say, but linux is like any other o.s.. It takes a lot of work to make it secure. I read an article the other day on a major pro-linux site (linuxtoday, linuxnews... dont remember) that linux servers get hacked quite often. Windows is still #1, but linux isnt far behind. It's just impossible to be completely safe other than unplugging from the net. You have a group of people working to secure a system while you have a whole world of people banging at every door.

The difference as I see it, is you get the security patches MUCH sooner in the linux world than microsoft. Since linux is open source, anyone can work at fixing it and as a whole community of users like that it gets done quick. It's up to us end users to apply the patches.

Also, viruses and trojans are largely written for windows platforms because windows accounts for over 80% of the desktop market. A much broader target. That, and a large percentage of those windows users are uneducated about computers in general; they just use them for email, spreadsheets and uploading the latest family vacation pics.

I have a lot of friends that are passionate about some aspect of computers, be it for creating art, music or playing the latest game and I have yet to convince most of them that they NEED a firewall. At least a default install of the free ZoneAlarm...

Of course, none of these friends are using Linux
 
Old 10-05-2003, 11:24 PM   #4
Azrail
LQ Newbie
 
Registered: Oct 2003
Posts: 7

Rep: Reputation: 0
Here it is plain and simple.
Unline windoze linux is as secure as you want it to be. Take windoze it standard has many holes ports open... the works. And the standard windoze webserver is shotty as anything. With windoze the main problem is closed source, There are hundreds of things I would love to fix in windoze but since i cant get to it i cant. Now take linux pure and open i have gone ahead and altered a few tings with the kernel and the base OS with my server. Now we have servers on it, i use apache v. hack. v. hack is a version i made that is bases of 2.0.42. I altered alot of things and added a lot of fixes. With windoze you cant fix your problems. Now take ftp, i havent found a decent windoze ftp server but i know that linux has some (vsftpd for one) which was writen from scratch, and i have peruzed it and made sure it was ok.
So the platform it self dosent matter they both have problems but linux far surpasses windoze because you can make it unique and as good as you can.
 
Old 10-06-2003, 06:15 AM   #5
abbasakhtar
Member
 
Registered: Sep 2003
Posts: 89

Rep: Reputation: 15
no, to me, it will always be windows, i dont wuna waste time messing about with my X11/ config files to fix monitor problems or som crap like that, i dont wuna hav to always boot into rescue mode and type in all sorts of crap to get my computer fixed,

iv been using windows since 95, and iv neevr ever had a virus, been attacked, any problems, i jus dont like the fact i cant see wot im donig (commands, visual interface, etc.)

but i do like linux, and the good thing is its Open Source, so if i wuna change something, i can,

i like linux, hell, i even use linux to browse the net, play music, etc.,

but the only problem is, its hogs ur memory, i can install the same equivelent in windows 2k, xp, or Me and in windows i wud save much more space,

in linux redhat 9 rite now, i had to remove almos all stuf i wudnt use yet, wich wus web servers, graphics tools, etc.,

and the size wus like 1.7 i mean even KDE and GNOME are like shell replacements,

anyway, it will always be windows for me, heck my KDE even looks and acts like windows, my taskbar looks like windows as well, my windows r like windows as well,

becuz i like windows, i dont hate linuix, i like linux 2, but i like my windows even better,

and although i do disagree with microsoft, but i agree with windows,

why shud windows be open source ? its up to them, they dont wuna jus show anyone all their hard work,

but look at me, i havet had a single problem in ma life, with windows, only when i installed linux, it took me 2 weeks to get it booting up properly, now im learning linux 2, so i can be part of the linux community, but i will always use windows,

for sodftware deelopemtn, windows, graphcs design, windows,

also, the gimp is aloada shit, compared to adobe photoshop, i tried to use it, the interface isalot of crap, y do ppl design such shit interfaces,

anyways, im goin into a rant here,
 
Old 10-06-2003, 07:02 AM   #6
yapp
Member
 
Registered: Apr 2003
Location: Netherlands
Distribution: SuSE (before: Gentoo, Slackware)
Posts: 613

Rep: Reputation: 30
* The file system is secured against viruses, because you can't alter binary files.

* your home directory is the only place you can alter files, but install files as well.

* the diversity of software

* modularity of software. exploit's of outlook often have deep roots in the 'Windows Explorer Shell', VBScript, ActiveX, 'Internet Explorer', 'Addressbook', and 'MSN Messenger' features. I still don't get the fact why they've linked these all together without any good security.

* chroot(), create a mini-root inside some directory where your deamons (background processes) can't escape from easily.

* You effectively run your Windows operated system as root.

* freedom to choose another piece of software that does the same thing.

* more eyes viewing the source


@abbasakhtar: please use your spell checker. I don't care if someone dislikes Microsoft Windows or Linux, but please do it with style both have their place in this world.
 
Old 10-06-2003, 07:12 AM   #7
nephilim
Member
 
Registered: Aug 2003
Location: Belgium
Distribution: Debian (server), Kubuntu (desktop)
Posts: 248

Rep: Reputation: 30
http://www.theregister.co.uk/content/56/33226.html
 
Old 10-06-2003, 07:48 AM   #8
Kramer
Member
 
Registered: Aug 2003
Location: Somewhere south of sanity...
Distribution: Mandrake 9.1
Posts: 550

Rep: Reputation: 30
Quote:
Originally posted by nephilim
http://www.theregister.co.uk/content/56/33226.html
I think that pretty much sums it up.
 
Old 10-06-2003, 08:18 AM   #9
fatgod
Member
 
Registered: Mar 2002
Location: Edinburgh, Scotland
Distribution: Suse 7.2, Gentoo 1.4, Solaris 9
Posts: 661

Rep: Reputation: 30
Just read that myself, sums up the virus issue quite nicely, it also trancendes to other aspects such as malicious users. For example, If I had an account on your machine and I wanted to nuke it, in windows I would delete hal.dll or something like that, and at the next reboot your machine will blue screen, and require rebuilding, I would only need a second to do it, so so long as I had keyboard access for a minute while you went to the loo or something it could be done. In linux though, I couldnt do any damage to the system at all because I dont know the root password that you obviouly keep secret.

 
Old 10-06-2003, 09:31 AM   #10
motub
Senior Member
 
Registered: Sep 2003
Location: The Netherlands
Distribution: Gentoo (main); SuSE 9.3 (fallback)
Posts: 1,607

Rep: Reputation: 46
Quote:
Originally posted by Scruff
I read an article the other day on a major pro-linux site (linuxtoday, linuxnews... dont remember) that linux servers get hacked quite often.
A server is a completely different animal. I don't think it's fair to compare server hackability with desktop hackability.

Furthermore, the issue of security is a bit broad. When one says that the Linux desktop is more secure than the Windows desktop, we mean both from user error as well as outside influence.

A Windows user can trash important system files with very little interference from the OS, whereas the Linux user can't. That is also an aspect of security.

As far as being hacked from outside, user permissions do help to reduce that to some degree, but beyond the virus issue, protecting oneself from port scanners and intentional hacks are the same as in Windows insofar as you need a good firewall and that firewall needs to be properly set up.

I think that the issue is that when Windows users hear that Linux is "more secure" they get the idea that it's "completely secure" which is of course untrue. Nothing is completely secure.

But Linux definitely provides a higher level of global basic protection than Windows does, and that is often sufficient to protect against most potential annoyances and difficulties.

Quote:
Originally posted by abbasakhtar
no, to me, it will always be windows, i dont wuna waste time messing about with my X11/ config files to fix monitor problems or som crap like that,

So what, you'd rather have to reformat and reinstall because Windows is totally unuseable if the GUI doesn't work?

Maybe you never have problems with Windows, then. Lucky you.
 
Old 10-06-2003, 09:58 AM   #11
yapp
Member
 
Registered: Apr 2003
Location: Netherlands
Distribution: SuSE (before: Gentoo, Slackware)
Posts: 613

Rep: Reputation: 30
Quote:
Originally posted by fatgod
In linux though, I couldnt do any damage to the system at all because I dont know the root password that you obviouly keep secret.
I'd just like to mention, that you shouldn't give a shell to all your friends. It's easier to hack a machine if you have direct access to it. You could choose the program you want to exploit. For example, the Linux 2.4.20 kernel has a ptrace exploit.

Exploiting a service remotely gets more complicated. An administrator could secure this a lot more, even chroot() it sometimes.

.. a piece of exploit code is usually a small .c file, compile it with gcc, and if you run it the service could be exploited/hacked. (and you gain root access) such programs often 'exec' a shell.
 
Old 10-09-2003, 06:59 AM   #12
dekket
Member
 
Registered: Oct 2003
Location: sweden
Distribution: debian
Posts: 47

Rep: Reputation: 15
counter-rant

Quote:
Originally posted by abbasakhtar
no, to me, it will always be windows, i dont wuna waste time messing about with my X11/ config files to fix monitor problems or som crap like that,
Say what? I've never had a single problem, might be because I read howtos and guides, but I donno.

Quote:
Originally posted by abbasakhtar
i dont wuna hav to always boot into rescue mode and type in all sorts of crap to get my computer fixed,
ehrm... why would u go into rescue mode? Because u performed a hard shutdown or what?

Quote:
Originally posted by abbasakhtar
iv'e been using windows since 95, and iv neevr ever had a virus, been attacked, any problems
lucky bastard...

Quote:
Originally posted by abbasakhtar
hell, i even use linux to browse the net, play music, etc., but the only problem is, its hogs ur memory, i can install the same equivelent in windows 2k, xp, or Me and in windows i wud save much more space
Which is it? Memory or harddrive space? As far as memory goes, I am 100% sure anything gnu/linux does, it uses less memory than any windoze client. And space? pfft... if you dont select every package on the CD (as you should never do, you wont need half of them anyways,) and besides, WinXP took almost 800mb after a fresh install, my deb sys is around 90mb.

Quote:
Originally posted by abbasakhtar
In linux redhat 9 rite now, i had to remove almos all stuf i wudnt use yet, wich wus web servers, graphics tools, etc., and the size wus like 1.7 i mean even KDE and GNOME are like shell replacements,
Well thats probably because you installed them, isn't it?

Quote:
Originally posted by abbasakhtar
Anyway, it will always be windows for me, heck my KDE even looks and acts like windows, my taskbar looks like windows as well, my windows r like windows as well,
Fine, then what are you doing here?

Quote:
Originally posted by abbasakhtar
And although i do disagree with microsoft, but i agree with windows,
Same thing.

Quote:
Originally posted by abbasakhtar
Why shud windows be open source ? its up to them, they dont wuna jus show anyone all their hard work,
Hard work? A stolen Operating System is "HARD WORK"? pfft.

Quote:
Originally posted by abbasakhtar
Also, the gimp is aloada shit, compared to adobe photoshop, i tried to use it, the interface isalot of crap, y do ppl design such shit interfaces,
Yes thats true, PS owns Gimp to hell and back.
 
Old 10-09-2003, 07:35 AM   #13
yapp
Member
 
Registered: Apr 2003
Location: Netherlands
Distribution: SuSE (before: Gentoo, Slackware)
Posts: 613

Rep: Reputation: 30
Quote:
Originally posted by abbasakhtar
but the only problem is, its hogs ur memory, i can install the same equivelent in windows 2k, xp, or Me and in windows i wud save much more space,
do you mean main memory or disk space? I'd like to share some personal experiences with you, I hope you don't think this is a flame or something

I've installed slackware as server recently, even installed all compilers, development stuff, etc.. (and removed the rest), and I has a system of 400MB.. it could have been 200 MB I guess.

about memory space, take a look at the buffers/cache totals. Linux uses 99% of your memory, but the memory that windows tents to keep free with anxious measures, is used by Linux as disk cache. (my system with 500MB of main memory uses 200 MB as cache!, and doesn't need a swap drive at all!)

and indeed, the KDE is a memory monster. Consider using xfce4 if you're out of resources.
 
Old 10-09-2003, 07:42 AM   #14
arioch
Member
 
Registered: Aug 2003
Location: Playing Frisbe with an XP cd with my wall.
Distribution: Red Hat 8.0, Slackware 9.0
Posts: 73

Rep: Reputation: 15
Quote:
Originally posted by abbasakhtar
iv been using windows since 95, and iv neevr ever had a virus, been attacked, any problems, i jus dont like the fact i cant see wot im donig (commands, visual interface, etc.)
Dude tell me how.................I'll bet your winbloze partition looks like a bunch of scrambled shit...

Last edited by arioch; 10-09-2003 at 07:57 AM.
 
Old 10-09-2003, 07:47 AM   #15
Toz
LQ Newbie
 
Registered: Oct 2003
Posts: 11

Rep: Reputation: 0
if youre gonna moan about linux and windows, seeing pros and cons of both, do wot i do. have both.

im very much a linux newbie, but i like it and i wanna learn it. i use linux on my home pcs and windows on my ones at work. (simply because all the games and stuff like that are designed for windows) and also because photoshop and dreamweaver only work on windows (or osx but i cant afford a mac)

linux guis are set up like windows anyway, you just have a lot more control. linux set up my pc in a helluvalot less time than it took xp to... all i need is a nvidia driver. and f-all-else. sure theres alot of typing involved... but thats what all that time chatting on irc was for. to learn how to type well

anyway im gonna stop now as i dont know much of what im goin on about.

i know im certainly never gonna miss the virus, or the blue screen of death
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
if linux becomes popular, won't it become more vulnerable than windows lynchpin9 Linux - Security 8 01-25-2006 05:24 AM
Why Windows is so vulnerable to Virus and Worm ? TigerLinux Linux - Software 2 10-15-2005 07:04 AM
does wine make me vulnerable to windows virii? drigz Linux - General 3 08-03-2004 07:29 AM
Linux servers were the most vulnerable????? xgreen Linux - Security 12 02-23-2004 07:55 PM
How vulnerable is Linux Vincent_Vega Linux - Security 7 01-18-2004 06:44 AM


All times are GMT -5. The time now is 01:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration