Michael M. wrote: > > Honestly, Roberto, while I wouldn't dispute the basic contention that > Linux and any other UNIX-based OS's are more secure by design than > flavors of Windows, there is a smugness in the tone of your reply that > bothers me. Most Windows malware that affects desktop users exploits > security holes that Microsoft has already patched, in many cases months > before the exploit appears. Windows malware is as successful as it is > at least as much because of user inattention as because of any other > factors. The typical Aunt Matilda Windows User is someone who hears > "virus" and opens a can of chicken soup. Contrast that with the typical > Desktop Linux User, who even if he or she is not a tech god/guru, is at > least sophisticated enough to read some documentation, download and burn > a bootable ISO, and install an alternative operating system. Aunt > Matilda is only vaguely aware of what an operating system is, and has no > idea that any alternatives exist. > > The point is that Linux users as things stand now are a self-selecting > bunch, and as such are more aware of and informed about the basics of > system administration and security than Windows users, who range from > the savvy and sophisticated to ... well, Aunt Matilda. Were that not > the case, I have yet to be convinced that Linux OS's would be more > protected from being p'wned than Windows OS's. Surely you subscribe to > Debian's Security Announcements? Surely you are aware of the hundreds > ... no, thousands ... of vulnerabilities discovered in apps that are > practically ubiquitous across most or all Linux distributions, including > all of the most popular? Many of these vulnerabilities are every bit as > dangerous and exploitable as anything that exists in the Windows world, > many of these will cede control of (at the very least) your user account > to any script kiddie who comes along. The difference is that these > vulnerabilities are fixed and *the fixes are applied* in the Linux > world, while the fixes are too often left unapplied in Windows. Any > computer, no matter how well designed the OS that runs it, is only as > secure as the person administering it. The fact that Windows is not > terribly well designed coupled with the overwhelmingly uninformed > Windows user base makes it a particularly attractive and easily > exploitable target. But the better design of most Linux OS's would not, > in and of itself, be enough to prevent much the same thing happening to > Linux if or when its user base becomes equally as clueless. > You raise some valid points. But first, let me address my tone. I did not intend to come off sounding as smug. I was merely making a statement of fact based on what I have read and my own first-hand experiences. The fact is that regardless of the user's level of sophistication, everyone should understand that some minimal level of maintenance is required. For example, if you own an automobile you know that you should take it to a mechanic for maintenance (oil change, balance and rotate tires) every few months. Of course, if you have the expertise, you can do the maintenance yourself. Your average computer user wants to treate the computer as a maintenance-free appliance. This is just not realistic. Of course, the consequences are a bit more serious. For example, the worst thing that can happen if you never take your car for an oil change is that the engine gets ruined. You must have it rebuilt or get a new car. If you fail to maintain your computer, you can compromise your personal data, become a source of spam and phishing attacks, and become a general nuisance to other users on the 'net. As far as the "inherent security" of Linux and Unix-based systems, I still think that it is a major advantage over Windows systems. As part of its business strategy, Microsoft has insisted on preserving backward compatibility over all else. This has only recently begun to change. That long legacy has caused no end of grief. In addition to that, the homogeneity of Windows systems ensures that a particular hole or vulnerability is exploitable on nearly all Windows systems. This is simply not the case with Linux and Unix-based systems. Different kernel version, different glibc version and different available applications for every conceivable function ensure that impact of most vulnerabilities are relatively limited. Of course, this is no silver bullet, but it still helps. Think "defense in depth." -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto
Attachment:
signature.asc
Description: OpenPGP digital signature