Microsoft vs Linux: More Secure?

In a convoluted fashion, I happened upon this blog post as a refutation of this study funded by microsoft, thanks to Slashdot. jandrugs.com

While reading the above blog post, I was struck by the comments stating that “…it is far better to start off with the assumption that a systenm is insecure, and that it is your job as the admin to defend and secure that system. This assumption applies equally to both Linux and Windows systems…”. While it is a reasonable assumption that any given operating system needs some tuning out-of-the-box, it has been my experience that windows is much harder to secure than most distributions of Linux.

Microsoft Windows less secure because there’s less that can be done to make it secure. While I’m a big fan of firewalls, I’ve been forced to look to third party applications for my network security. But even that is not enough, with the multitudes of adware, spyware, viruses, worms, and other malware that can and often do bring down the entire system. That disregards the little hiccups and quirks that windows is completely willing to do to itself that causes a break in the workday via reboot.
Everything in windows is inter-related. This makes windows fairly quick when booting up, but also means that when something is patched it probably breaks three other things. This in itself can be a reason for attempting to rollback the patch, or (in the worst case) require a completely new installation - with the attendant loss of data, time, patience, etc..

Linux, on the other hand, is more secure by design. It is a modular approach, where everything is effectively third-party-software, that makes Linux so secure. If one application goes belly-up, or is comprimised by an outside attacker, or is otherwise not doing what it’s supposed to, then it’s a simple matter to kill off the offending process and either restart it, replace it, or patch it. Nothing else is touched. Your webserver application doesn’t affect your fileserver application, which doesn’t affect your game of solitaire.
Then there is the open source model of software, which most of the Linux software falls into. (I say most, because there is closed source software in the linux world. They aren’t evil for being closed, it’s merely the choice of the developer.) Open source software is a program that has the source-code (the program code in a form that is human readable) available so any tom, dick, or harry can see what makes this program tick.
It is exactly this ability to review the software that makes open source software so secure. Open source software is generally looked at by dozens or hundreds of people, looking for ways to improve it, see how it will break thier system, or accellerating the patching process by finding the flaws faster than can be done in closed-source software. These people are doing it on thier own time, from the comforts of home, when they want to. As opposed to proprietary, closed-source software, which is generally coded as fast as possible by half a dozen people in order to get it out the door as fast as possible.

Windows machines are inherently less secure, because microsoft doesn’t want it more secure. While Linux is more secure because the people who use it can make it more secure.


1 Comment »

  1. Dave said,

    November 22, 2005 @ 5:16 pm

    Just as a timely reinforcement, notice that a fully patched and updated Windows box provides complete access to the operator of any web site it browses to, even root/admin access, and Microsoft has been aware of it for months.

RSS feed for comments on this post · TrackBack URI

Leave a Comment

Your first comment is human moderated to reduce spam. It can take us a while (hours) to do that. Subsequent comments will appear much faster. We greatly sympathize with any frustration this causes, but given the amount of spam we have to deal with already we're not likely to change things soon.

You must be logged in to post a comment.