Is Linux more Secure than Windows?
 

Hellow Everybody,
Would like to know if the System Linux itself is more secure than the Windows one.

For Example, some some of the security benefits that Linux has over Windows come from better User training and also from Linux not being targetted by attacks as much.

With Windows I have the experience that the Security is very good when a new version comes out, but it is hopelessly exposed at the end of its life-span, but I don't know how it is with Linux.

O.T: Hopefully "Linux beginners" is the appropriate Section even though the guidelines advise to post anything that contains the word "Windows" into General.

Also, I am aware of similair topics existing, but maybe after six to eight years things have changed

Windows and Linux are always as secure as they are set up. Windows can be really secure, it has some fairly good security mechanisms. Sadly, Microsoft almost always decides to turn them of in the consumer versions. Depending on which distro you use Linux has almost every time their basic security turned on, but may be not the more sophisticated ones, like SELinux.

Current OS versions can be made secure, whether Linux or Windows. If you look at something like the below you'll see the Mac was the first system hacked in one recent contest:

http://apolyton.net/showthread.php/1...s-hacked-first

In this case, attacking systems over the network didn't yield any success, so they changed the rules to let people direct the target systems to various web sites etc. The Mac was quickly compromised, but it highlights that one of the most popular methods of compromising system security is via "social engineering" of users. So at the end of the day the security on any system can be compromised and my point is that quite often it is the user who will open up the front door and lay down the welcome mat. You shouldn't under-estimate the role of the user in regard to system security. Just thought I'd add a something else to consider instead of just a straight Linux vs Windows.

Not sure any OS is secure. The main reason an OS becomes less secure is the applications running on them. Other main issue is the physical access to them.

I'd guess that professional hackers can attack either (all) pretty easily.

A determined attacker can break into any system. Linux systems are harder to break into than Windows systems but, in both systems (and in Macs), the weakest point is PEBCAK (problem exists between chair and keyboard).

No amount of security can protect against stupid.

A system is secure as you make it, with a few caveats:

Microsoft still uses some nonsalted hashes for storing passwords. This drastically decreases the time needed to crack passwords. Linux has always used salt in the password hashes, increasing by many orders of magnitude the number of possible passwords for any given password. Worst case is every Windows machine uses exactly the same hash, so each possible password can be cracked using exactly ONE possibility, which is why Windows password crackers are so amazingly successful and fast.

But a good eight-character Linux PW is still pretty secure, because you have guess both the hash and the password. The largest security risk with everything is the user. Pretty much whatever pops into mind as something no one else can figure out, like taping the password under the keyboard, has already been discovered.

I recently repaired some systems at a University, and I had to pass through the command center for network security. It was two guys who looked like you and me, viewing monitoring software and programming small adjustments to the network security system. After the threat passed, they opened the hole back up, with a few exceptions. If they safeguarded against every possible threat 24/7, the network would be useless.

Specific threats come and go, you just never know exactly when it will occur. The moral is: diligence. Probably the most underrated security measure with PC-based Linux systems is rebooting. Linux generally survives attempted vandalism. Most Linux firewalls should be rebooted at least weekly. Just a heads up: Intel designed the last few generations of processors so that use of hardware by virtual machines is transparent (can't be detected).

Consequently, rootkits can now operate as hypervisors and do pretty much anything, without any means to detect them. But you can still find them by examining cold drives using a live CD.

The best thing one could do is keep handy 'known good' tools. If you get a rootkit, which happens in both Wondows and Linux, it can run rogue versions of 'ls' and 'locate', or any other program, so those tools then display the rootkit files. If you have at least a 'known good' '/bin' directory on CD, you can pop it in, change the PATH variable, and the rootkit can't hide anymore.

Causes much debate and argument; you won't get a single, agreed, answer. There are some reasons that Linux has an edge in certain specific areas, but whether they have more influence than other more practical matters is a matter of debate.

Practically, Linux security is better, but how much of that is down to Linux and how much the users aqnd other non-fundamental factors causes much discussion.

I'm not sure that you can say very much positive about the training of all Linux users, but you can be very negative about the behaviour of many Windows users. Linux not targeted? Well, there are clearly fewer desktop users, but there really aren't fewer server users, and servers are more highly-prized for some kinds of exploits, so if Linux is less targeted, it may be because Linux is harder to target, it is difficult to say definitively.

In practice most Windows users have security problems and most Linux users don't (as far as can be told from the various reports), but what causes that difference could be many factors, and probably several factors are involved, to greater or lesser extents.

Have you been keeping your system and the applications fully and promptly patched? Without that, any system will become vulnerable over its lifetime. Now, usually, it is easier under Linux within the support period of a distro, but it is one of the requirements, whatever system you use.

@TobiSGD
Have to agree with that, but, if I were given the task of keeping a system secure, I would far rather be doing that with a Linux system (or, arguably, a BSD...no one has mentioned them) than a Windows one. Maybe that's just my preference...

@maccas17
You may be over-interpreting. As seems to be common in these contests, the prize includes the machine that you 'pwn'. So, would you rather walk away with a Windows box or a Mac? Which would be cooler? For many people, the answer to that question is very clear, and it isn't the Windows box.

Hi
I could say both Linux and windows are secure.Its based on the application running on the platform of operating system.Every operating system has its security features of its own kind there is nothing to compare with linux is better or windows is better . (Its depend on user , how we ensure and utilies the security feature to ensure security for our server )

Disagree. Windows (client version, because I don't know about Windows Server) can't be secure ever. You can install antivirus and firewall software but if you need to be sure that for example your keyhits are not keylogged - go with *nix. I mean come on, how can you rely on Windows and it's "security" solutions? Antivirus find just a portion of malware. There are tonns of cases when you have antivirus and some other stuff monitoring and you visit this webpage that instantly screws up the whole OS and only reinstallation can fix it. My father have XP SP3 with antivirus and behind the hardware firewall and NAT. Scanning the system with the second antivirus (not installed in OS) often gives me 1-3 trojans...

Really? Really. C'mon...

May be you should get your facts right. At first, comparing Linux with an outdated version of Windows is not really fair. Also, I have stated that most of the security features of Windows are disabled by default. Do you have enabled one of them in the Windows installations you maintain or do you just go with the default? If you set up Windows in the right way (sundialsvc can tell you a lot about this) it allows a fine grained security model that is far better than if you only use file permissions as security model for Linux (which most of the distributions are doing). As stated before both OSes are as secure as you set them up. If you decide to go with the default security model (which in fact is unarguably bad in Windows) then you are doomed to clean up the consequences, like you do with cleaning up viruses. By the way, most malware are drive-by-downloads (which in fact also says more about the browser as the OS) or even actively installed by the user, so that neither a firewall nor a NAT play into that in any way. Also, if one antivirus software finds malware that another doesn't find that says something about the antivirus software, not the security model of the OS.

In short: Windows can be as secure as Linux can be, if you set it up ion the right way. If the admin, for whatever reasons, decides not to use the possibilities that are given to him to secure the system you can hardly blame the OS.

By the way, there are rootkits for Linux, too, so if you don't regularly check for them you aren't any safer regarding keyloggers than on Windows.

Am I wrong if I say that they cannot be installed without the user installing them manually?

Yes you are. There are always ways to exploit security holes in your browser and other apps to get remote connections to your machine and root access.
Saying that you automatically don't have to fear key-loggers because you use Unix/Linux is simply false. As is to say that Windows automatically is not as secure as Unix/Linux.

Well yes - there are no 100% invulnerable OS.

Have you ever gotten real malware on any UNIX/Linux machine?

is linux more secure than windows? yes and no
imho Linux has the potential to be more secure than windows, but then again Linux hasn't really been targeted as much as windows so it hasn't shown as many of it's vulnerabilities

Linux is an open source peer reviewed software system that undergoes checks and balances from the community, so vulnerabilities can be fixed more quickly than with windows, where only micro$oft has access to the code, that and Linux is designed from the ground up to be stable and secure, whereas windows is a patch on top of a patch on top of a patch on top of a leaky foundation

that being said, both Linux and windows are only as secure as the practices of the users in charge of the system, Linux is more flexible and has more configuration options which can also lead to being miss-configured in such a way as to open a hole in the system the administrator is unaware of, so really security is up to the administrators not the Operating system, though personally if I were to chose which is more secure 'out of box' I would go with Linux hands down.

No, the same on my Vista installation.
But asking me is not fair, I think that I am more educated regarding security as the average user. Ask the same question the uneducated Ubuntu/Mint/whatever user that mindlessly adds PPAs to the system, installs DEBs from obscure sources, puts sudo in front of every command and tries to run the system as root (or setup password-less sudo) to get rid of those annoying questions about passwords. The same thing uneducated Windows users do it with installing software from obscure sources or disabling the UAC.

Disclaimer: I am not intending to start a flame war here. There are educated and uneducated users on any OS, especially when it comes to security. Naturally the percentage of uneducated users is higher on mainstream OSes, but the OSes with smaller communities don't lack uneducated users also.

No flamewar TobiSGD. Just a productive conversation. :D

I would say that GNU/Linux gets hacked when it's a public server that catches crackers' eyes. It has to have something interesting to be targeted. When it's targeted - it (a server) CAN be hacked no matter what software it runs. Remember Comodo being hacked? Noone is invulnerable.

However, as frieza mentioned - Linux is way better secured out of the box. Apply some knowledge here and you get pretty secured system which can also be easily updated. Updates overwrite working kernel (in case of rootkit). Software is installed from repos (most of the times) which contain only approved packages. It reduces chance of installing infected program drasticly (again - I never say 100%). Add package signing here. In Windows you download exe/msi installer, run it and hope for the best. Not only because it can contain malware but also because it can bring your system down after the installation is complete.

It gets even more interesting if you dig in it, go under the hood. Windows restricts you more and more from version to version to the point where you're not allowed to know anything. Just click with your mouse. In UNIX/Linux you can study anything and tweak it on extreme level. You can create wild configurations. This gives you perspectives in building you security. Can Windows give you this?

indeed, any system can be hacked, given enough time, the operative word of security is to simply make the system resistant to attack enough for a random attacker to give up and move on, nothing, but nothing can stop a directed attack with enough determination, especially on a physical front, thus a good disaster recovery plan is essential when dealing with critical systems.

indeed, repos are often more secure, but they can be poisoned, not easily mind you but they have been in the past.
another problem with exe/msi installations is some of them come with their own versions of libraries they require to run, which could overwrite existing versions, and thus break already installed software, whereas linux doesn't do this, it packages everything separately for the most part.

ironically, some of said restrictions make securing the system even harder, instead of easier

but as i have said before, security is the responsibility of the user, not the operating system

The people that attack linux systems are a very different type than those that attack windows.

To think that any system is secure is foolish.

that depends on your definition of 'secure', you can leave a house unlocked with all the windows open and put a sign on the door that says 'rob me', or you can lock the doors and windows, add a burglar alarm with motion sensors, glass break detectors and magnetic sensors in the doors, lock all your valuables in a safe and you will be 'secure' since you will be able to deter the casual thief/burglar, but if someone wants to get at your valuables, there is no stopping them, this does not mean that there isn't a degree of security, the whole point of 'secure' is protection from all but the most determined of attackers, and even then you can take steps to mitigate what damage they can do.

as i have said, security is up to the user, not the operating system, I will amend that statement to say that security is an ongoing process, which must be monitored, updated, and revised, not a static entity that can be set and forgotten, not only that but it is a multi layered approach that encompasses several fields, from network, to software, to OS to physical access to machines, as well as the people who use them (the most important part), therefore yes it is foolish to say i've installed linux, done x,y and z, yep, i'm secure is an incredibly foolish thing, but to toss up your hands and say that you can't be 'secure' is also foolish.

As a rule, no.

I strongly suspect that this notion originated back when the main competition was still Win9x, Outlook Express, and Internet Explorer with ActiveX.

i would have to disagree to a point, true modern windows has gotten significantly more secure than it's predecessors, however windows still has a good deal more 'automation' to it for the purpose of making the user experience more transparent than linux does, this automation does make operating the system more simple for the end user, but comes at the price of security, though i would have to say that the gap in security betwen out of box systems is far, far less significant than it used to be, imho linux is still in front.