I've had my new RH9 partition on my dual-boot machine for about a month now. Was a Win98-only user before that. In that time, I've received about half a dozen notices from RH about updates. Many of them were related to security vulnerabilities (open SSH, and some other things I didn't understand.) It was nice of RH to notify me, and the updates installed easily. But I'm wondering why, when a security vulnerability is discovered in Windows, it is much ballyhooed and decried in the media, whereas when RH makes a similar announcement, it goes unnoticed except by users. Is Microsoft getting the bad press merely because it is the "big dog on the block?" With RH needing to issue all these "updates" (aka "patches"), in what way is Linux less vulnerable?

Thanks.

Basically Im going to cut it to you like this, because this is how it was explained to me. As a user, you have control over only your files. As Super User, you have control over the root tree. Basically a virus or worm would need root priviliges do deliver its payload. Seeing as how your not logged in as root constantly (at least you shouldnt be) a virus that affects Linux, which are few and far between I might add, can only destroy your personal files, but nothing in your operating system. In comparison, Window$ file system is always open, always exposed. A virus or worm can deliver its payload rather easily without much intervention on the part of the user, and sometimes in the case of the Blaster worm and such, without any part of the user at all. Now this being taken into consideration, Linux is much more secure that Window$ could ever think about being. The security updates that RH is releasing are probably minor patches, as compared to gaping security flaws in any of Microsoft products. Notice that while you have only recieved 6 updates this month, Microsoft pumps out about double that each month, with far more depth and security issue that RH. I think that pretty much covers it in a nutshell. Security stuff can be debated all day, but when it boils down to it, security is only as good as the user whos pounding away at the keyboard IMO.

I'll probably get flammed to death for saying what I'm about to say, but linux is like any other o.s.. It takes a lot of work to make it secure. I read an article the other day on a major pro-linux site (linuxtoday, linuxnews... dont remember) that linux servers get hacked quite often. Windows is still #1, but linux isnt far behind. It's just impossible to be completely safe other than unplugging from the net. You have a group of people working to secure a system while you have a whole world of people banging at every door.

The difference as I see it, is you get the security patches MUCH sooner in the linux world than microsoft. Since linux is open source, anyone can work at fixing it and as a whole community of users like that it gets done quick. It's up to us end users to apply the patches.

Also, viruses and trojans are largely written for windows platforms because windows accounts for over 80% of the desktop market. A much broader target. That, and a large percentage of those windows users are uneducated about computers in general; they just use them for email, spreadsheets and uploading the latest family vacation pics.

I have a lot of friends that are passionate about some aspect of computers, be it for creating art, music or playing the latest game and I have yet to convince most of them that they NEED a firewall. At least a default install of the free ZoneAlarm...

Of course, none of these friends are using Linux

Here it is plain and simple.
Unline windoze linux is as secure as you want it to be. Take windoze it standard has many holes ports open... the works. And the standard windoze webserver is shotty as anything. With windoze the main problem is closed source, There are hundreds of things I would love to fix in windoze but since i cant get to it i cant. Now take linux pure and open i have gone ahead and altered a few tings with the kernel and the base OS with my server. Now we have servers on it, i use apache v. hack. v. hack is a version i made that is bases of 2.0.42. I altered alot of things and added a lot of fixes. With windoze you cant fix your problems. Now take ftp, i havent found a decent windoze ftp server but i know that linux has some (vsftpd for one) which was writen from scratch, and i have peruzed it and made sure it was ok.
So the platform it self dosent matter they both have problems but linux far surpasses windoze because you can make it unique and as good as you can.

no, to me, it will always be windows, i dont wuna waste time messing about with my X11/ config files to fix monitor problems or som crap like that, i dont wuna hav to always boot into rescue mode and type in all sorts of crap to get my computer fixed,

iv been using windows since 95, and iv neevr ever had a virus, been attacked, any problems, i jus dont like the fact i cant see wot im donig (commands, visual interface, etc.)

but i do like linux, and the good thing is its Open Source, so if i wuna change something, i can,

i like linux, hell, i even use linux to browse the net, play music, etc.,

but the only problem is, its hogs ur memory, i can install the same equivelent in windows 2k, xp, or Me and in windows i wud save much more space,

in linux redhat 9 rite now, i had to remove almos all stuf i wudnt use yet, wich wus web servers, graphics tools, etc.,

and the size wus like 1.7 i mean even KDE and GNOME are like shell replacements,

anyway, it will always be windows for me, heck my KDE even looks and acts like windows, my taskbar looks like windows as well, my windows r like windows as well,

becuz i like windows, i dont hate linuix, i like linux 2, but i like my windows even better,

and although i do disagree with microsoft, but i agree with windows,

why shud windows be open source ? its up to them, they dont wuna jus show anyone all their hard work,

but look at me, i havet had a single problem in ma life, with windows, only when i installed linux, it took me 2 weeks to get it booting up properly, now im learning linux 2, so i can be part of the linux community, but i will always use windows,

for sodftware deelopemtn, windows, graphcs design, windows,

also, the gimp is aloada shit, compared to adobe photoshop, i tried to use it, the interface isalot of crap, y do ppl design such shit interfaces,

anyways, im goin into a rant here,

* The file system is secured against viruses, because you can't alter binary files.

* your home directory is the only place you can alter files, but install files as well.

* the diversity of software

* modularity of software. exploit's of outlook often have deep roots in the 'Windows Explorer Shell', VBScript, ActiveX, 'Internet Explorer', 'Addressbook', and 'MSN Messenger' features. I still don't get the fact why they've linked these all together without any good security.

* chroot(), create a mini-root inside some directory where your deamons (background processes) can't escape from easily.

* You effectively run your Windows operated system as root.

* freedom to choose another piece of software that does the same thing.

* more eyes viewing the source


@abbasakhtar: please use your spell checker. I don't care if someone dislikes Microsoft Windows or Linux, but please do it with style both have their place in this world.

I think that pretty much sums it up.

Just read that myself, sums up the virus issue quite nicely, it also trancendes to other aspects such as malicious users. For example, If I had an account on your machine and I wanted to nuke it, in windows I would delete hal.dll or something like that, and at the next reboot your machine will blue screen, and require rebuilding, I would only need a second to do it, so so long as I had keyboard access for a minute while you went to the loo or something it could be done. In linux though, I couldnt do any damage to the system at all because I dont know the root password that you obviouly keep secret.

A server is a completely different animal. I don't think it's fair to compare server hackability with desktop hackability.

Furthermore, the issue of security is a bit broad. When one says that the Linux desktop is more secure than the Windows desktop, we mean both from user error as well as outside influence.

A Windows user can trash important system files with very little interference from the OS, whereas the Linux user can't. That is also an aspect of security.

As far as being hacked from outside, user permissions do help to reduce that to some degree, but beyond the virus issue, protecting oneself from port scanners and intentional hacks are the same as in Windows insofar as you need a good firewall and that firewall needs to be properly set up.

I think that the issue is that when Windows users hear that Linux is "more secure" they get the idea that it's "completely secure" which is of course untrue. Nothing is completely secure.

But Linux definitely provides a higher level of global basic protection than Windows does, and that is often sufficient to protect against most potential annoyances and difficulties.


So what, you'd rather have to reformat and reinstall because Windows is totally unuseable if the GUI doesn't work?

Maybe you never have problems with Windows, then. Lucky you.

I'd just like to mention, that you shouldn't give a shell to all your friends. It's easier to hack a machine if you have direct access to it. You could choose the program you want to exploit. For example, the Linux 2.4.20 kernel has a ptrace exploit.

Exploiting a service remotely gets more complicated. An administrator could secure this a lot more, even chroot() it sometimes.

.. a piece of exploit code is usually a small .c file, compile it with gcc, and if you run it the service could be exploited/hacked. (and you gain root access) such programs often 'exec' a shell.

Say what? I've never had a single problem, might be because I read howtos and guides, but I donno.

ehrm... why would u go into rescue mode? Because u performed a hard shutdown or what?

lucky bastard...

Which is it? Memory or harddrive space? As far as memory goes, I am 100% sure anything gnu/linux does, it uses less memory than any windoze client. And space? pfft... if you dont select every package on the CD (as you should never do, you wont need half of them anyways,) and besides, WinXP took almost 800mb after a fresh install, my deb sys is around 90mb.

Well thats probably because you installed them, isn't it?

Fine, then what are you doing here?

Same thing.

Hard work? A stolen Operating System is "HARD WORK"? pfft.

Yes thats true, PS owns Gimp to hell and back.

do you mean main memory or disk space? I'd like to share some personal experiences with you, I hope you don't think this is a flame or something

I've installed slackware as server recently, even installed all compilers, development stuff, etc.. (and removed the rest), and I has a system of 400MB.. it could have been 200 MB I guess.

about memory space, take a look at the buffers/cache totals. Linux uses 99% of your memory, but the memory that windows tents to keep free with anxious measures, is used by Linux as disk cache. (my system with 500MB of main memory uses 200 MB as cache!, and doesn't need a swap drive at all!)

and indeed, the KDE is a memory monster. Consider using xfce4 if you're out of resources.

Dude tell me how.................I'll bet your winbloze partition looks like a bunch of scrambled shit...

if youre gonna moan about linux and windows, seeing pros and cons of both, do wot i do. have both.

im very much a linux newbie, but i like it and i wanna learn it. i use linux on my home pcs and windows on my ones at work. (simply because all the games and stuff like that are designed for windows) and also because photoshop and dreamweaver only work on windows (or osx but i cant afford a mac)

linux guis are set up like windows anyway, you just have a lot more control. linux set up my pc in a helluvalot less time than it took xp to... all i need is a nvidia driver. and f-all-else. sure theres alot of typing involved... but thats what all that time chatting on irc was for. to learn how to type well

anyway im gonna stop now as i dont know much of what im goin on about.

i know im certainly never gonna miss the virus, or the blue screen of death