I've been using Linux now for long enough to have heard just about all the facts, opinions, babblings, and flame-wars about Linux security vs. Microsoft security.
*sigh*
It seems that every time I try to explain to people the added security inherent to Linux, they have all sorts of explanations why my explanations are bogus. Some of my favorites are:
- Security through obscurity isn't really security.
- Linux isn't any more secure. If Linux had 99.9% of the marketshare, it'd be as riddled with bugs as is Windows.
- The only real stuff that matters is the stuff in your home directory, and that isn't protected by root security.
- All operating systems are only as secure as the people who use them.
While most of these claims do have merit to some degree, all of them miss a huge,
huge,
huge, HUGE, HUGE point.
'Tis the point of
this article.
I suggest you read it. It's not very long, and it illustrates why Windows will *never* be as secure as Linux is, as long as Microsoft is its creator.
Just in case you didn't read the article, let me paraphrase.
Microsoft, for the past six years, has included a bug-riddled driver called secdrv.sys which is a DRM file for a company called Macrovision, in their Windows XP and 2003 products. This file can only be used for games; games created by Macrovision. Skilled hackers can gain full control of a Windows XP / 2003 computer through this file.
Now, in defense of Microsoft, the same thing could very well happen with any operating system. If a file included in Linux for the past six years had a flaw that nobody noticed, it could very easily unknowingly decrease the security therein. Yes. BUT!
I have one question:
Why, oh why, did Microsoft include a file for games which might never-ever be played, or even installed, or even allowed???!
That baffles me. This is one (huge) difference between Linux and Windows. My preferred distro (Gentoo) enables me to have
complete control over what is or is not installed on my computer. If I want to try to use my computer without installing the freaking kernel, I, in my infinite wisdom and knowledge, can certainly try. Albeit insane to try such a thing,
at least it is possible in Linux! Try doing anything similar in Windows.
I can assure you my Linux box is more secure than your Windows box because of that beautiful, glorious fact.
With Gentoo, I control what I install. With Windows, you don't.
If I know I'm not going to be playing games with my work web server, I don't have to install
a-n-y-t-h-i-n-g related to games - even a GUI. And less programs installed equals less possiblity of a vulerability. Try installing Windows Server 2003 with no GUI. Have fun.
Heck, try installing Windows Server 2003 without this stinking "included by default" file which is only for games by a specific vendor! Sure, you can delete it after-the-fact, but who's to say there isn't another one lurking in the midst of the system directory somewhere.... for another
game.... by another
vendor... installed by default on a computer which is going to be used as a freaking email server!
Yup... I'd say the case is closed. By this fact alone, Linux is indeed far more inherently secure than Windows is, and until Microsoft starts giving their users more control, Windows will always be inherently less secure. Period.
None of this even mentions the other added security bonuses in Linux such as not having to wait for patches to be written by a single corporation, rolled out on their behemoth updating program, which only rolls once a month.
Or not using the administrator as the default user.
Or allowing multiple competing programs on the same machine, thus making code cleaner, leaner, and meaner... (eat your heart out, Windows media player)
or......
ah.. you get the point.
Anyone who tells you Windows is just as secure as Linux, is filling you full of horsepucky.