How secure is Linux compared to windows?
 

one reason why I use linux for day to day pc work is I got fed up of downloading and installing virus defs,firewall updates,antispyware updates,etc in windows.
I am relatively new to linux and I want to know if I still have to do such things in linux.I have a dialup connection and it is a pain to do these security updates.

Totally my views here:

1. Use an anti-virus for linux even though I believe linux virus's to be rare.
2. Linux has just as many updates as windows. They may not be as critical as MS updates.
3. I don't care what OS you use, a firewall should always be somewhere on the network.
4. If your using firefox, keep an eye for their security warnings. A risk came up within the last week or two.


I'd say out of the box, linux is more secure. Security is only as good as the maintainer(aka You). If you simply load linux and then let it run for days,weeks,months, then it probably isn't secure because you haven't updated or monitored the system. This is why Network Security people get paid a ton of money.

The only thing you really need is a firewall. A couple of simple GUI firewalls are Guarddog and Firestarter.

Installing and running Bastille is also a good thing to do.

Take a look at Securing Debian Manual

1. Setup your firewall (tools like Firestarter or Guarddog make this very easy)
2. Keep up with updates. All software has bugs and vulnerabilities and open source is no exception. The good thing is that the update program that came with your distro will update all the software on your machine, not just the OS like Windows update, the bad thing is that these updates will probably be quite large in size. I heard that some distros (maybe latest Suse and maybe Mandriva 2006 when it comes out soon) will have delta-rpm updates - ie. it only downloads the part of the binary RPM file you need. You might want to investigate these distros if you find the updates unmanageable on dialup.

Really this is all you need to concetrate on for the average home system. If you get packages through your distro's package management system you'll never get a virus, spyware or any other type of malware. Viruses for Linux don't really spread anyway - they are so rare as to be almost non-existant in the wild.

I hooked op a hardware firewall, now I don't have to do any of that :)

I don't believe in that "vulnerability" crap people are hyping. I'm not gonna waste precious cpu cycles on a virus scanner.

My opinion, set up some form of firewall and you're set.

You're right about the virus scanner being a waste of time but vulnerabilities can still bite you even if you are a home user with no ports or services exposed to the outside. A perfect example of this is Firefox vulnerabilities - your firewall, wether its on your machine or external on a router or something isn't going to protect you from that.

Thanks everyone.I've tried installing firestarter before but got bogged down on dependencies.When I tried installing the dependencies I think something got written over and I ended up being unable to download anything.(I have a previuos post regarding this).
Is there any site where I can download an installer for a linux firewall?I use kanotix installed on the hard disk which I think is debian (sid?)

Doesn't kanotix have a package manager? Ie. Synaptic which is a frontend to apt. That's what you should use unless you want to have to comile stuff from source.

Overall, any computer is vulnerable. Fortunately, Linux gives you more control over your vulnerability than windows does. iptables (Available in kernel 2.4 or later) is an extremely powerful firewall, allowing you complete control over what comes in and goes out. Furthermore, there are few viruses that will affect linux.

Bottom line, comparing windows to linux is like comparing Bagdahd to Fort Knox - each is only as secure as you make it, but there's a lot more heat on one than another.

I want to learn installing using the tarball but am wary about dependencies.I also tried apt-get and the same dependency problems came up.
Maybe I'll try guarddog.It seems "newbie friendly" compared to firestarter(?).

What dependency problems came up? Apt-get automatically resolves dependencies for you.

To build from source you will often need to install the -devel packages for each library or program that the configure script complains about.

I'm not on my pc(laptop) right now.I'll reply later when I try gain to do apt-get.
I successfully installed from source the drivers for my modem so the devel packages that are there should be sufficient(?).

The -devel packages contain the include files (C/C++ header files mostly) required to link one application against another. So you will have to install the -devel package for <i>each</i> library or other program that firestarter links against.

Not for my linux distro(kanotix hd installed).I get "unmet dependency" or "wrong version of dependency" type of errors.there is also something like do apt-get -f install and I cannot afford to do that on a dialup connection as that would take ages to finish.

This is what is so frustrating about linux.There is no easy way.I mean for example browsers like opera and firefox can be installed without dependency problems whatsoever.why not programs that are so important like firewalls?

I'll disagree just for the fun of it. There are two types of computers that are invulnerable

1. Computers that don't have any cables connecting them to a network. (in reality, I suppose they are vulnerable to some poor fool screwing it up)
2. Computers that are plain turned off.


Both options don't really help anyone though.