Roberto C. Sanchez wrote:
Honestly, Roberto, while I wouldn't dispute the basic contention that Linux and any other UNIX-based OS's are more secure by design than flavors of Windows, there is a smugness in the tone of your reply that bothers me. Most Windows malware that affects desktop users exploits security holes that Microsoft has already patched, in many cases months before the exploit appears. Windows malware is as successful as it is at least as much because of user inattention as because of any other factors. The typical Aunt Matilda Windows User is someone who hears "virus" and opens a can of chicken soup. Contrast that with the typical Desktop Linux User, who even if he or she is not a tech god/guru, is at least sophisticated enough to read some documentation, download and burn a bootable ISO, and install an alternative operating system. Aunt Matilda is only vaguely aware of what an operating system is, and has no idea that any alternatives exist.Kamaraju Kusumanchi wrote:On Friday 21 April 2006 04:19, Johannes Wiedersich wrote:Also linux viruses occur only very seldom -- probably because of linux's different security approach.Could it be because there are less number of desktop users using Linux than windows? rajuNo. It is because Linux was designed from the very beginning to: - support multiple users - have a sane security policy - operate on (dangerous) public networks OTOH, Windows was designed to: - support a single user (not just at a time, but on the whole system) - have no security policy whatsoever - operate on Microsoft's also-ran version of AOL/CompuServe/Prodigy Of course, you can look at Apache and IIS as good comparison. Apache has 66+ % of the web server market (depending on how you measure). However, the percentage of compromises/viruses/whatever are mostly toward IIS. Also, even if Linux and Mac had only 1% of the desktop market each, and there are (optimistically) about 30,000 windows viruses, where are the 300+ Mac viruses and 300+ Linux viruses that should be out there? That says nothing of the server market, where Linux has much more than 1%. -Roberto
The point is that Linux users as things stand now are a self-selecting bunch, and as such are more aware of and informed about the basics of system administration and security than Windows users, who range from the savvy and sophisticated to ... well, Aunt Matilda. Were that not the case, I have yet to be convinced that Linux OS's would be more protected from being p'wned than Windows OS's. Surely you subscribe to Debian's Security Announcements? Surely you are aware of the hundreds ... no, thousands ... of vulnerabilities discovered in apps that are practically ubiquitous across most or all Linux distributions, including all of the most popular? Many of these vulnerabilities are every bit as dangerous and exploitable as anything that exists in the Windows world, many of these will cede control of (at the very least) your user account to any script kiddie who comes along. The difference is that these vulnerabilities are fixed and *the fixes are applied* in the Linux world, while the fixes are too often left unapplied in Windows. Any computer, no matter how well designed the OS that runs it, is only as secure as the person administering it. The fact that Windows is not terribly well designed coupled with the overwhelmingly uninformed Windows user base makes it a particularly attractive and easily exploitable target. But the better design of most Linux OS's would not, in and of itself, be enough to prevent much the same thing happening to Linux if or when its user base becomes equally as clueless.
-- Michael M. ++ Portland, OR ++ USA "No live organism can continue for long to exist sanely under conditions of absolute reality; even larks and katydids are supposed, by some, to dream." --S. Jackson