LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-13-2011, 07:27 AM   #1
harry142
LQ Newbie
 
Registered: Jul 2011
Posts: 1

Rep: Reputation: 0
Is Linux security better than windows security?


hello friends
Please give me the answer

Thank you
 
Old 07-13-2011, 11:25 AM   #2
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 2,994

Rep: Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737
Yes.

Why? Well, Unix and Linux systems do not permit privileged execution of programs by an ordinary user (that would infest the operating system, wipe out disk files, or the other "fun" stuff that, in Windows, is far too easy to accomplish); this, of course, presumes that system security is not compromised by the administrator fooling around with things better left alone.

You may want to take a look at http://en.wikipedia.org/wiki/Compari...dows_and_Linux for details.

Hope this helps some.
 
Old 07-13-2011, 11:30 AM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
for balance, i'll also say "no" as it's much more complicated that you can cover with a one word answer. The biggest security issue is usually the user, not the software.
 
Old 07-13-2011, 11:20 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
There is no way to answer this question properly without knowing what you mean by better security. For example, are you referring to the overall number of public vulnerabilities present in either OS in a given time frame? The speed at which the developers distribute security fixes? The amount of security features the OSes offer? Stuff like that my be quantified in such a way that a semi-objective argument could be made as to which one is better with regards to specific factors. But, as hinted by acid_kewpie, security is so much more (it is, after all, a continuous process), and in the end most of it will depend on things other than the OS software.

In the right hands, either GNU/Linux or Microsoft Windows can meet most administrators' and/or users' security requirements. If you pick either of those OSes over the other because "it's more secure", then I'd say you're off to a bad start and you should get your security posture evaluated, as you may have serious vulnerabilities in areas which have been overlooked due to focusing on the choice of OS.

Last edited by win32sux; 07-13-2011 at 11:39 PM.
 
Old 07-14-2011, 07:22 AM   #5
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,231

Rep: Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071
As usual, "that depends upon the system and its owner."

Windows has a very powerful security model that is effectively turned off in literally millions of "Home Edition" Windows boxes around the world. So, all that programming doesn't do a dam bit of good.

Linux has Pluggable Authentication Modules (PAM), which allows any sort of authentication scheme that you wish to use, to be, well, "plugged in" at strategic points just by editing a configuration file. (There are also, of course, PAM modules that can be fixed into the kernel so that no one can "remove the locks.")

Linux also normally has features, such as Access Control Lists (ACLs) and Extended Attributes, but many folks know about the chmod and chown commands and nothing more, as though nothing at all had actually advanced since the earliest Unix days.

The bottom line, though, is that effective system security is a human process, not a product nor an operating-system feature. The computer's great at enforcing rules ("yes" or "no"), but it's only a dumb machine, doing whatever it's been told.

Last edited by sundialsvcs; 07-14-2011 at 07:25 AM.
 
1 members found this post helpful.
Old 07-15-2011, 03:57 AM   #6
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,886

Rep: Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774
Quote:
Originally Posted by harry142 View Post
Please give me the answer
The answer? As you may have already noticed, you'll probably get as many answers as respondents, if not more. In the interests of trying to define some corner points:
  • there are a number of reasons that there is no such thing as Linux security: Technically, Linux is a kernel, and there is really no point in discussing the security of a kernel alone, because the system is so much more that the kernel, and a hole in the security of some of the non-kernel stuff can be just as fatal to your desire for security (mind you, you may not need anything very complex, or directly software-related, if you've got a user)
  • You were probably thinking of 'a distro' really, rather than 'kernel' and while all distros are variations on a theme, there can be enough difference in, say, how quickly problems are fixed to make a real difference (although, in this regard, MS is usually worse and less transparent, in speed of fixes)
  • In general (and this is a wild generalisation) most Linux distros do a decent job with giving you an install that is reasonably secure out of the box, but the builders of the distro itself don't know what you will do with it, and you will have to take responsibility of what you do from the point that you install it.
  • Whatever you think of the security of a system 'out of the box', usually the first thing that the user does when the system comes out of the proverbial box, is that they take measures to mess up the security. As a (vaguely related) example of this tendency, bear in mind that MS has recently turned off 'autorun' by default. This has been a well-known idiocy for a decade or so, but apparently MS thought if they turned off this 'convenience feature' there would be a revolt amongst the users (and they would all just turn it back on) so that it wasn't worth doing. It turns out that this has been actually a very significant improvement (although, anyone with any sense could have manually changed the autorun status)...so a big part of the problem was user laziness (or the perception of what the user would consider as excessively inconvenient...personally, I would consider cleaning up after an intrusion as a real inconvenience, but maybe these users consider this as 'somebody else's problem').
  • One part of the answer (I'd describe this as one canonical answer, if that wasn't open to too much misinterpretation) is that most Windows end users have problems with security and most Linux don't (as far as I can tell); you could regard that as conclusive, but it really isn't. If you fsck up your Linux security badly enough, you can make it as bad as the typical Windows user would make it. It is your computer, you can do that, but you probably shouldn't, if you know what is good for you. But, you probably don't know what is good for you, and you really need to know what you are doing to keep the system secure.
  • I'd also like to echo this, from win32sux, "either GNU/Linux or Microsoft Windows can meet most administrators' and/or users' security requirements"...but, while it is true, it is also true that most users will, if allowed, take their system in entirely the opposite than the one that leads towards security. Now, it isn't completely clear whether the cause is lack of knowledge, a feeling of 'it'll never happen to me' or plain, pig-headed, stupidity (but, it seems as if it is done most thoroughly when all of the above are brought to bear on the situation), but it is what happens.
 
1 members found this post helpful.
Old 07-15-2011, 02:42 PM   #7
tekhead2
Member
 
Registered: Apr 2004
Distribution: slackware/FreeBSD/Vector
Posts: 291

Rep: Reputation: 52
I think another point to consider is the costs of security in a Windows environment. Out of the box you will still require software to fully secure an environment or desktop. The open source community, this includes Linux , BSD, etc provides all of the needed tools you would require to secure an entire enterprise environment. Granted you have to consider the different software you will require and build out a setup for your purposes, but when you think about needing a spam filter for exchange environments, and needing corporate antivirus for all of your servers and desktops, then you add to that the malware and drive by attacks, and you find yourself spending a lot of time and money on security. With Linux and open source.. you just need time , maybe more time, but when you come away from it you really know that you know that your stuff is setup and secure to the best of your knowledge and understanding and you can do more with less resources.
 
Old 07-16-2011, 01:25 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
Let's remember that the OP has posted two near identical questions in a few minutes and not posted since...
 
Old 07-16-2011, 02:05 AM   #9
vandien76og
LQ Newbie
 
Registered: Jul 2011
Posts: 7

Rep: Reputation: Disabled
Smile

Quote:
Originally Posted by tronayne View Post
Yes.

Why? Well, Unix and Linux systems do not permit privileged execution of programs by an ordinary user (that would infest the operating system, wipe out disk files, or the other "fun" stuff that, in Windows, is far too easy to accomplish); this, of course, presumes that system security is not compromised by the administrator fooling around with things better left alone.

You may want to take a look at http://en.wikipedia.org/wiki/Compari...dows_and_Linux for details.

Hope this helps some.
To find the answer ask yourself what do you expect from Linux distros? Check carefully your needs, analyze them. I hope you will be satisfied.
For more details check this link with this question: Why Linux is better? http://www.whylinuxisbetter.net/. I hope you will find the correct answer and you will be satisfied when you read the argumentations. It depends according the users needs.
 
Old 07-16-2011, 02:40 AM   #10
kasl33
Member
 
Registered: Oct 2004
Location: Bremerton, WA
Distribution: Arch, Debian, Ubuntu, Ubuntu-Server, CentOS, OSX Lion
Posts: 350

Rep: Reputation: 47
security is only as good as the person implementing and maintaining it. To my knowledge, Windows 7's firewall has never been cracked. Linux is also secure if you run the proper software as well - however a good password really goes a long way - especially if you use an encrypted file system.
 
Old 07-16-2011, 03:23 AM   #11
dEnDrOn
Member
 
Registered: Jun 2011
Location: oMNipre$ent
Distribution: fedora 3.6.11-1.fc17.i686.PAE
Posts: 499
Blog Entries: 12

Rep: Reputation: Disabled
Thumbs up

Quote:
Originally Posted by harry142 View Post
hello friends
Please give me the answer

Thank you

i'd suggest not to indulge yourselves in these kind of questions...these can't be answered in a line.
its very foolish to draw some conclusions....every system has its own pros and cons.
But still if you want to research a bit,then take a look at these and then tell what you concluded (if you can)...

comparison of linux and windows security


Security Report: Windows vs Linux


good luck...^_^
 
Old 07-19-2011, 12:20 AM   #12
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
Quote:
Originally Posted by dEnDrOn View Post
i'd suggest not to indulge yourselves in these kind of questions...these can't be answered in a line.
its very foolish to draw some conclusions....every system has its own pros and cons.
But still if you want to research a bit,then take a look at these and then tell what you concluded (if you can)...

comparison of linux and windows security


Security Report: Windows vs Linux


good luck...^_^
so why are you indulging them?? Why is it that so often the worst questions attract the most answers? This dude is not coming back, why do people keep responding?
 
Old 07-19-2011, 12:29 AM   #13
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Even though the OP isn't returning, I see no reason why this discussion should be stopped. As far as I'm concerned, the topic is totally compatible with LQSEC and everyone is free and welcome to share their relevant thoughts and points of view here.
 
Old 07-19-2011, 12:59 AM   #14
kasl33
Member
 
Registered: Oct 2004
Location: Bremerton, WA
Distribution: Arch, Debian, Ubuntu, Ubuntu-Server, CentOS, OSX Lion
Posts: 350

Rep: Reputation: 47
Quote:
Originally Posted by dEnDrOn View Post
i'd suggest not to indulge yourselves in these kind of questions...these can't be answered in a line.
its very foolish to draw some conclusions....every system has its own pros and cons.
But still if you want to research a bit,then take a look at these and then tell what you concluded (if you can)...

comparison of linux and windows security


Security Report: Windows vs Linux


good luck...^_^
Everyone who goes to these articles should check the dates on them. One of them talks about Windows Server 2003 and is from 2004. That's highly outdated; Unless things have changed in about the past 2 months, Windows 7 / Server 2008 firewalls have yet to be cracked (if it has been cracked, please let me know!).

I prefer to use Linux, but Windows has come a long way and is working their way slowly away from everything being set in the registry.
 
Old 07-20-2011, 07:41 AM   #15
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 2,994

Rep: Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737
This morning's mail included a Technical Cyber Security Alert, number TA11-200A (available at http://www.us-cert.gov/cas/techalerts/TA11-200A.html). Although not specific to platform, the content may be of some interest:
Code:
                    National Cyber Alert System

              Technical Cyber Security Alert TA11-200A


Security Recommendations to Prevent Cyber Intrusions

   Original release date: July 19, 2011
   Last revised: --
   Source: US-CERT


Overview

   US-CERT is providing this Technical Security Alert in response to
   recent, well-publicized intrusions into several government and
   private sector computer networks. Cyber thieves, hacktivists,
   pranksters, nation-states, and malicious coders for hire all pose
   serious threats to the security of both government and private
   sector networks. A comprehensive security program provides the best
   defense against the full spectrum of threats that our computer
   networks face today. Network administrators and technical managers
   should not only follow the recommended security controls
   information systems outlined in NIST 800-53 but also consider the
   following measures. These measures include both tactical and
   strategic mitigations and are intended to enhance existing security
   programs.


Recommendations

   * Deploy a Host Intrusion Detection System (HIDS) to help block and
     identify common attacks.

   * Use an application proxy in front of web servers to filter out
     malicious requests.

   * Ensure that the "allow URL_fopen" is disabled on the web server
     to help limit PHP vulnerabilities from remote file inclusion
     attacks.

   * Limit the use of dynamic SQL code by using prepared statements,
     queries with parameters, or stored procedures whenever possible.
     Information on SQL injections is available at
     <http://www.us-cert.gov/reading_room/sql200901.pdf>.

   * Follow the best practices for secure coding and input validation;
     use the secure coding guidelines available at:
     <https://www.owasp.org/index.php/Top_10_2010> and
     <https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/305-BSI.html>.

   * Review US-CERT documentation regarding distributed
     denial-of-service attacks:
     <http://www.us-cert.gov/cas/tips/ST04-015.html> and
     <http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf>.

   * Disable active scripting support in email attachments unless
     required to perform daily duties.

   * Consider adding the following measures to your password and
     account protection plan.* Use a two factor authentication method
     for accessing privileged root level accounts.

   * Use minimum password length of 15 characters for administrator
     accounts.

   * Require the use of alphanumeric passwords and symbols.

   * Enable password history limits to prevent the reuse of previous
     passwords.

   * Prevent the use of personal information as password such as phone
     numbers and dates of birth.

   * Require recurring password changes every 60-90 days.

   * Deploy NTLMv2 as the minimum authentication method and disable
     the use of LAN Managed passwords.

   * Use minimum password length of 8 characters for standard users.

   * Disable local machine credential caching if not required through
     the use of Group Policy Object (GPO). For more information on this
     topic see Microsoft Support articles 306992 and 555631.

   * Deploy a secure password storage policy that provides password
     encryption.

   * If an administrator account is compromised, change the password
     immediately to prevent continued exploitation. Changes to
     administrator account passwords should only be made from systems
     that are verified to be clean and free from malware.

   * Implement guidance and policy to restrict the use of personal
     equipment for processing or accessing official data or systems
     (e.g., working from home or using a personal device while at the
     office).

   * Develop policies to carefully limit the use of all removable
     media devices, except where there is a documented valid business
     case for its use. These business cases should be approved by the
     organization with guidelines for there use.

   * Implement guidance and policies to limit the use of social
     networking services at work, such as personal email, instant
     messaging, Facebook, Twitter, etc., except where there is a valid
     approved business case for its use.

   * Adhere to network security best practices. See
     <http://www.cert.org/governance/> for more information.

   * Implement recurrent training to educate users about the dangers
     involved in opening unsolicited emails and clicking on links or
     attachments from unknown sources. Refer to NIST SP 800-50 for
     additional guidance.

   * Require users to complete the agency&apos;s "acceptable use
     policy" training course (to include social engineering sites and
     non-work related uses) on a recurring basis.

   * Ensure that all systems have up-to-date patches from reliable
     sources. Remember to scan or hash validate for viruses or
     modifications as part of the update process.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux security versus Windows security garylmartin Linux - General 2 09-11-2009 09:41 AM
LXer: Firefox security (Really Windows Security or Lack Thereof - ED) LXer Syndicated Linux News 1 10-18-2008 09:32 PM
Linux security Vs Windows security keene General 50 11-01-2003 11:22 PM


All times are GMT -5. The time now is 10:12 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration