What do you think?

In Windows (IE, oe Explorer, services) there are discovered very much bugs, which allow to install spyware, malware and so on. May be linux is so secure just because it is not able to get money from it's hack? (No users -> No spyware -> no money -> not need to find a bugs)



P.S. May be for this thread is more suitable to be in Linux-General :-\

Linux is more secure because of its security model. By default it does not run with administrator privileges, so its difficult to compromise the system unless you know the root password. File ownership also prevents things like malware, spyware etc, because usually if you are not the owner of a file, then you can't make any changes to it.

But there might be bugs with getting root privilegies

Yes, that is completely true. None of us here use Linux and that makes it very secure.

I'd really like to debunk once and for all the myth that more users means more crap (malware, virus, poor security), but I don't think that's possible; instead I'll just debunk you

An excellent argument has been made, but I can't remember where; I think it somehow included ESR--maybe check the halloween documents?

Anyways, the argument is:
about ~70% (+-10) of the servers run on the net is Apache. A somewhat smaller part is M$'s IIS (the Inconvenient Interruption Server or something like that). The highest (absolute, _not_ relative) number of attacks were made on IIS. The highest number of successful attacks, also IIS.

(iirc)

The conclusion was: no, fewer users doesn't mean that it's more secure. A good security model and policy gives a foundation for security. What you build on that foundation defines the quality of your security. Running things outside of kernel space is a good idea. M$ doesn't seem to understand this: they put graphics (=something between X and gtk) in the kernel. Crash that and you crash [or worse, take over] the kernel.

the short version:
Linux is safe because it's made to be safe.
Windows is unsafe because it's either (a) not designed to be safe; or (b) the safety is designed/implemented/made wrong.

hth --Jonas Kölker

Howzit

First take a look at my signature

Just to say that the safest OS in the world running on any platform is the one that is not powerd on. In my opinion i think that Windoze is less safer than Linux due to the fact that users can run with Admin rights. It also comes with a whole lot of services that are enabled by default which can cause tremendous amounts of problems.

I have read those white papers about Windoze vs Linux and my conclusion is that no matter what OS u run u have to have a good policy in place this is fundamental. This will encorporate OS lock down; Physical Lock down and recovery procedures when things do go wrong.

I also agree with the poster above about there are less attackes against Linux because there are not many people using it this is a lot of Hog wash, all systems can be made as safe as possible., but must say with my experiance there has been less problems with *NIX OS than with M$.

cheers

although im just a newby, i dont believe any of you have yet answered the question correctly and concisely.
linux is fundamentally more secure because of the structure of its file/permissions system. this system ensures that no code can be run nor files saved without the permission of the owner of the files(providing the permissions have been set correctly). older versions of windows(im not sure but i dont think the newest versions do this) do not have such security meaning that a web site can send any code it likes to internet explorer and IE will run it so that you can view the website(on the IE screen). in fairness, microsoft most probably did this in the beggining to allow for smoother and easier internet surfing, but evidently the plan backfired - these days you must have security, letting anyone run code on your pc is is quite obviously ludicrous.
(my say is said;P)

in other words.no, it is not because less people use it, it is actually more secure.

hi
Well you can make a windows box secure and you can make a linux box unsecure. I think a very important part is the user/admin. Windows was always the easy-to-use choice, so if it's too hard to maintain a linux box, people use windows, mostly not caring about security too much because of their lack of intelligence/commitment. There's also another thing that makes linux secure - because it's open source! If you feel you don't like/don't need a part of a program you can always rewrite/disable it. Try this on ISS.

you need to work on your `suspension of disbelief'

You all here speak about "security model" of linux. But what about hacking it and getting root account? What about such bugs?

no operating system is fully secure. any one can be broken/hacked. that is at least obvious, if not inevitable. the real importance of security is to make things less possible for the attacker. besides poorly written or evaluated code there are many weaknesses within windows to exploit. they are there from the oem install without most end users even knowing about them. there sum is greater that that of linux's weaknesses based on the fact that a clean linux install does not offer as many exploits. people using linux are more likely to educate themselves on security and in effect greaten linux's security because it is a community based operating system.

Is linux so secure just due to lack of users?

The answer is yes and no. The time a linux box will stay on line without a firewall and without beeing attacked is a lot more that it is with windows boxes. This has not to do with being more secure but with being less popular.

On the other hand a program can be considered to be more secure if it does not have the tendency to encourage users do security mistakes. Being root all the time, is really dangerous, and this is what all windows users do.

Sorry, but no ... Anything built on the NT line has more file permission control than an out of the box Linux. MACs were available on NT4 *long* ago.

Without SELinux (or one of the workalikes) UNIX filesystems are *less* secure than Windows ones. The reason that it appears the opposite is that

a) Windows users typically run as root (Administrator) all the time (the fact that M$ designed it so that you have to for all the functionality to work is *NO* help in curbing this behavior), and

b) Windows give "Everyone" full control by default. In the *NIX world this is roughly the same as setting your umask to 0000 ...

To answer the OP's question -- yes. You can bet if linux came installed on every off the shelf PC and the scum of the internet thought they could make a buck by exploiting it that they would at every possible opportunity. That doesn't mean that they wouldn't have to work harder to do so ...

Sounds interesting; could you elaborate on this? Which flags (and other mechanisms) does it have that *nix doesn't?

thanks,

Jonas

Google for "Mandatory Access Controls"

My earlier statement is based on the fact that Windows has had MAC for years while they're a fairly new addition to Linux (and still an add on)