Lets say for a moment, that they are equally secure and installed on identical hardware, just for the sake of this question.

now I ask you Which machine performs better after being secured ? the Linux box, or the Windows box with it's plethora of Active anti-virus / Anti-Spyware / Software firewall / etc..

I think the thing I find most annoying about Windows is receiving a nice shiny new PC that runs blazingly fast. I get everything setup, updated and configured how I want, then I install all the security software after which the PC runs like a dinosaur through a tar pit.. The Linux box doesn't have this issue and speeds along happily.

meanwhile I have a 5 year old P4 with Linux at home that is humming along, and outperforms the shiny new Dual Core Windows machine I set up.

Pretty much the same scenario here.

I completely agree.


As the saying goes, the only 100% completely secure computer is the one turned off(with no hard drives), locked in a safe, encased in concrete, buried 6 miles underground on Titan...

well something like that...do the world at large a favor and just use Linux.

You said that perfectly! Especially that security is a process. It takes work and self discipline on the user's part to implement and maintain the security of their computer and data. Same with backups. Microsoft always makes their OS so controlling that the user really doesn't have to do anything except turn the power on. I think that helps to demotivate the users from learning anything about their computer including security.

Some of those users who "react without thinking" also surf under the impression that "I've got Norton Antivirus so I'm invincible!" One of my friends did that until his system began to take 30 minutes from power on to usable desktop (seriously, no exaggeration). I found out that Norton's definitions were 2 years old and there was no anti-spyware software installed. Another friend once tried downloading Autodesk 2004 from Kazzaa, leaving the computer on all night. The next day I was helping him do a system restore because he'd picked up so many viruses.

Absolutely true! The free ones, AVG and Antivir and ClamAV, are more resource-friendly and are at least as good as Norton and are much better than McAfee. And these days anti-spyware is almost more important. Ad-Aware is good, but Spybot provides a background registry monitor.

If I had a nickel for every time I've been asked "Why is my new computer so slow after installing Norton Antivirus?"... I also hear a lot of "I removed Norton Antivirus because it slowed my computer, but now I've got viruses."

I know what you mean. I try to warn people about how easy it is to get viruses/malware. I try to give them advice and suggestions to keep themselves safe. Do they listen? No. They later bring their infected computer to me to clean and then ask how to keep it from happening again. Why do they wait until after they get infected to ask how to prevent it? It's kinda' like driving a car into a tree before asking for driving lessons.

I can honestly say I've never had a virus or malware infection in 15 years of using computers. I was told about viruses and antivirus software when I started with a 286 running DOS 5 (circa 1993). From then through Win9x I used Norton Antivirus religiously. I always pay attention to news about new viruses and other cyber-threats. I still have a Windows installation running Win2K Pro with Zone Alarm, Ad-Aware, Spybot with Tea Timer, Antivir and AVG. Firefox has the AdBlock+ and NoScript extensions. I turned off various services such as Windows Messaging and Remote Registry Access.

But I think the biggest reason is common sense and browsing habits. I download files only from trustworthy sources, I don't use P2P software, I don't visit warez sites, I don't allow my browser to remember usernames/passwords, I don't use online services that involve transmitting sensitive personal information, I don't open email from unknown senders, and if a suspicious message claims to come from a friend/family member I ask them before following any links.

Awesome...very informative.

I hate all that extra crap windows needs to be "secure" to.

Seriously,if anyone hacked my computer and got into my account they'd probably feel sorry for me and deposit a few bucks anyway ;p

I just picked rabbit2345's to quote, because it was short. However, several of the posts mentioned online banking, saying that it didn't really matter for that.

I would seriously beg to differ. If your machine has been compromised for any reason, it could have a trojan, and it could have a keystroke logger. Then your online banking could be exposing your bank accounts. I would never do online banking from a public location, from a PC, or from IE. And, when using Firefox on my own Mac at home, I have it set to never remember passwords and to erase all personal information when I quit. I also shred bank and credit card statements so that they don't go out in the trash or recycling.

So, if you must use XP, use Firefox. But, really, use Linux and Firefox. Also, don't just assume security. Work to ensure it. For starters, check out http://www.nsa.gov/snac/ for your OS and applications. Unfortunately, the only case they have for Linux is RedHat, but I would guess that a lot of it would still apply. They have XP as well. Some of the applications are dated, and they don't have Firefox. It's interesting to see that the guide to securing NT is larger even zipped than the others.

You can also just google "linux security guide" or "<your-distro> security guide" and take it from there.

This thread is growing long. OK, one member mentioned using Firefox eliminates security problems. There was an article in BBC a couple of weeks ago. Commercially offered toolkit is claimed to breach every Windows computer regardless of browser used. Buyer of this toolkit is also guaranteed to have updates if MS fixes something to keep his/her copy functional. You know what I think? I think lots of sysadmins out there still are deceiving themselves thinking: Eh, this cannot happen in my backyard, may LAN is clean. And in reality your LAN is part of orchestra performing DoS attacks, and so on. With fast broadband connection you won't notice that computers on your LAN are hijacked, and you come here to LQ and tell everybody: This depends on user, Windows can be secured. Maybe IIS can be secured, behind some external firewall, only port 80 open. With desktop you are at mercy of criminals.

In any case, to answer the question of OP. Whether Windows can be secured or not is arguable, you can see different opinions here. POSIX compliant systems generally are practically secure right out of box. Of course, bad user can make any computer vulnerable.

It's true that Windows-targeting trojans and keyloggers are a threat to personal information. Linux can protect from that, but that only protects your information between the keyboard and the your modem because the keylogger can't work to grab the strokes, log them and send the file. The point is that after typing into a web page field once you press Enter the data is in cyberspace and it doesn't matter what OS or browser sent it. If there is anything between points A, the page you typed in, and B, the destination, that can grab and sniff packets your information could be at risk. If the computer at point B is already compromised you could unknowingly be sending your information to an unintended recipient. There are also numerous spoof sites setup to masquerade as real banks. Anyone with experience or with their bank's site bookmarked should be ok, but a user uneducated in online security doesn't pay attention to their typing or responds to a clever phishing email they may end up at such a rogue site. I've personally reported such emails to eBay, Paypal and my own bank.

You would hope that a bank, or other institution that handles the personal information of thousands of people, is secure and could catch a trojan, hacker or rootkit before it can do any damage. You trust that it is but do you know for sure? As Emerson so recently mentioned, sysadmins can make the mistake of thinking they're perfect and their network is untouchable. I personally think that online banking, shopping and bill paying was a bad and dangerous idea from the beginning.

I don't think it was implied that Firefox is invulnerable, just that the FF dev team produces a product that is less holed. They are also more aggressive in patching. Compare the two (and not the browser segment) and its obvious that FF is the better choice...not the best on the whole but in comparison to IE. FF won't get rid of the PEBKAC phenom though.

It should be a given that you should not do your banking at an internet cafe. Maybe you shouldn't even do banking online...that's debatable. The object is to lessen the risk, knowing that you'll never get rid of the risk totally. We have to remember that we here in this forum are niche. We've the knowledge on our side. Gramma/Grampa at home are pretty much clueless on the average.