"Windows More Secure than Linux"?

Unix/Linux users rejoice! This forum is just for you.

Moderators: EatMoreLead, Suck.

User avatar
pyrox420
Elite Member
Posts: 1147
Joined: Nov 4th, 2004 at 5:42 pm

"Windows More Secure than Linux"?

Postby pyrox420 » Feb 17th, 2005 at 2:08 pm

Hey all, anyone interested in linux will have probably noticed the Slashdot story ( http://linux.slashdot.org/article.pl?si ... 32&tid=172 ) about a study that said windows is more secure than linux.

I personally think the guys running the study had no idea what they were doing, but i digress. What do you all think?

User avatar
[Comrade]lanoldar
Senior Member
Posts: 375
Joined: Oct 27th, 2004 at 5:28 am

Postby [Comrade]lanoldar » Feb 17th, 2005 at 2:19 pm

I would agree with their study. Linux is purely open source, and as such is extremely easy to tamper with, and to develop ways of getting into things. Windows takes a bit longer to get to the inner workings, and with the backing of a large retail consumer base, rather than the few Linux distros that are actually retail, all done by different people (SuSE, Mandrake, Red Hat, etc.) there's not really a huge push in any one direction towards security. It's more of an amalgamation of whatever people want to put in their distro, rather than a spearheaded effort towards server security, as Windows has tried to accomplish in recent years. As far as the actual OS goes, however, beyond a shadow of a doubt Linux is less prone to viruses (meaning there are less out there that are targetted towards Linux machines), and depending on what you are running, it is much more secure than Windows.

I'm not a linux expert by any means, but I think most would people agree with what I have said.
Image
Image

User avatar
Burzum
Benefactor
Posts: 4291
Joined: Oct 21st, 2004 at 1:05 pm

Postby Burzum » Feb 17th, 2005 at 2:38 pm

I think one reason linux is less prone to worms is because people that h8 don't h8 linux. They're much rather see the big bad microsoft giant be driven into the ground than the poor helpless Linux they've all come to know and love.

I think motivation has a hand in security.
Do not meddle in the affairs of dragons for you are crunchy and taste good with ketchup.

User avatar
pyrox420
Elite Member
Posts: 1147
Joined: Nov 4th, 2004 at 5:42 pm

Postby pyrox420 » Feb 17th, 2005 at 2:54 pm

After reading the article a little more closely i noticed one part that i think totally blows the credibility of this report out of the water.

Part of their algorithm to figure out which one is more secure is to take into account the time between when a vulnerability is known and when a patch is released. Windows vulnerabilities took around 30 days to get a fix for them. Linux vulnerabilites took 72 days. WAIT A MINUTE!!! Are you telling me that slow moving microsoft actually get's security fixes out sooner than linux? Come on... That's a bunch of BS. There was a vulnerabillity released in the linux kernel a while back, not even 10 hours later they had a patch ready. I'd really like to know where they got that average....

Also, i think because both those guys mentioned they were noobs when it comes to linux their results might be skewed. I think it all depends on the system administrator.

If you had a l33t linux admin and a l$$t microsoft admin i bet those boxes would be very equal in security. (i think linux might tip the scales because of the more advanced control over system processes and firewalling stuff). It's all on the admins is what i'm saying.

User avatar
DocNsane
Moderator
Posts: 863
Joined: Sep 16th, 2002 at 9:20 pm

Postby DocNsane » Feb 17th, 2005 at 3:09 pm

I assume they get that number from how long it takes Redhat to rollout a corporate update patch, not just a simple kernel patch that you can pull down on your own. This is assumed based on the premise that the article seemed to be centered towards coporate systems. (win2k3 and redhat corporate server). It is very well known that Redhat Updates do take a significant amount of time to rollout in a distributable format.

User avatar
Phoenix
Elite Member
Posts: 1980
Joined: Nov 24th, 2004 at 3:13 pm

Postby Phoenix » Feb 17th, 2005 at 9:49 pm

Linux is more stable and has less worms, thus is pwns Windows, if they made client side games for it I would go to it for my main comp.
Former HF clan member, server admin, all around troll

"You don't do things right once-in-a-while. You do them right all the time."- Vince Lombardi

User avatar
Catalyst22
Elite Member
Posts: 3606
Joined: Sep 30th, 2004 at 8:21 pm

Postby Catalyst22 » Apr 8th, 2005 at 1:02 am

I reboot my server 2003 term server that also runs an accounting db every 2 months due to memory leaks. I previously ran a webserver without a reboot for over a year. This includes software updates and rpm installations.

There are people out there who run Squid boxes that have not rebooted in over 3 years.

Linux FTW!

However, support is hard to come by and it is expensive, but no more expensive for a SOHO than it is to buy server 2003 with a support contract.
“When you have the facts on your side, argue the facts. When you have the law on your side, argue the law. When neither is on your side, change the subject and question the motives of the opposition.â€

User avatar
pyrox420
Elite Member
Posts: 1147
Joined: Nov 4th, 2004 at 5:42 pm

Postby pyrox420 » Apr 8th, 2005 at 3:18 am

Catalyst22 wrote:There are people out there who run Squid boxes that have not rebooted in over 3 years. Linux FTW!
My roomate got you beat... he had our firewall/router box running for 4 years, 24 days... he has the thing on a UPS, so when we moved to our apt... he didn't have to unplug it! LOL!

User avatar
Catalyst22
Elite Member
Posts: 3606
Joined: Sep 30th, 2004 at 8:21 pm

Postby Catalyst22 » Apr 8th, 2005 at 9:13 am

lol. I hear so many stories like that where people refuse to reboot their linux box. There is prob a site somewhere dedicated to the longest recorded Linux uptime.
“When you have the facts on your side, argue the facts. When you have the law on your side, argue the law. When neither is on your side, change the subject and question the motives of the opposition.â€

User avatar
Campsalot
Senior Member
Posts: 911
Joined: Jul 20th, 2003 at 7:17 pm

Postby Campsalot » Apr 8th, 2005 at 10:06 am

I run both Linux and Winders in my environment at the office. I have servers running all flavors of Winders server OS and I just recently put in a Linux box running Mandrake 10 on the 2.4 kernel. I really like the stability of Linux, but statistically speaking, if you take an unpatched Windows XP box and an unpatched Linux box running the 2.4 kernel and stick them both on the Intarweb thingy, it takes an average of 9 minutes for the Winders box to be exploited compared to 7 minutes for the Linux box. That is statistics, but in reality, I ran a test whereby I installed Windows 2000 server with SP4 on a box (no additional patches or updates) and put it on a DMZ port with all ports open. Within 3 minutes, the processors in the box were pegged and the system was unusable. I took it off the wire, rebooted, and upon examination it had 23 exploits (viruses, trojans, keyloggers, etc.) on it. Haven't tried the same test with Linux, but 3 mins. is gonna be hard to beat. I understand that if Linux was as widely distributed in corporate and home environments as Winders, the tables would probably be equal or maybe even favor Winders.

Camps

User avatar
pyrox420
Elite Member
Posts: 1147
Joined: Nov 4th, 2004 at 5:42 pm

Postby pyrox420 » Apr 8th, 2005 at 12:06 pm

Campsalot wrote:Haven't tried the same test with Linux, but 3 mins. is gonna be hard to beat. I understand that if Linux was as widely distributed in corporate and home environments as Winders, the tables would probably be equal or maybe even favor Winders.
Uhm... linux is widely used in the corporate networks... my work is a microsoft shop (i dispise that...) but most of the other jobs i went into interviews for all were linux shops. Usually linux is all on the backend stuff and windows for the frontend.

And.... we did a test at work with a linux box and put it out their with a default install of FC3.... it still hasn't been hacked yet. It's going on 3 months now. Pretty sweet huh? ;)

User avatar
Campsalot
Senior Member
Posts: 911
Joined: Jul 20th, 2003 at 7:17 pm

Postby Campsalot » Apr 8th, 2005 at 1:08 pm

Actually Pyrox, what I meant by that comment was that Linux is not *as* widely distributed in the corporate world as MS. The majority of the servers and desktops in the world run MS NOS's. Linux is widely distributed, but not as much as Windows. They have made great strides, especially with IBM, but they have a ways to go.

User avatar
Catalyst22
Elite Member
Posts: 3606
Joined: Sep 30th, 2004 at 8:21 pm

Postby Catalyst22 » Apr 8th, 2005 at 1:55 pm

From my experiences I believe that you could have a more secure linux box running as a software firewall and webserver than you could a windows 2k3 box running same. There are alot of exploits for linux webservers and root kits that now gain access to 2k3 boxes fairly easily. I think the key to a true linux success is support. I have been trying to find a reasonable support package for a linux distro and have been sorely disapointed.

Suse has email only support and Redhat is $799 ($699 for nonprofits like us) and comes with 9-9 phone support that tells you to email them any questions. There is alot of linux information on the web, but when you have my degree of linux experience you will find that you often times follow missinoformation on accident. The sheer number of Linux guru (wannabe's) is astounding. If it wasn't for bad information and outdated support documentation on the web there would be no documentation at all.

Suse and Yast is pretty slick. Used it for the first time recently... My only gripe is their support is nill. Their email support is almost as bad.

I love mandrake with webmin. Quickest and easiest way to get a web server up, but I have been told to stay away from mandrake in the corp environment and I have not bothered to reseach it any further as I respect the knowledge of the person who told me this.
“When you have the facts on your side, argue the facts. When you have the law on your side, argue the law. When neither is on your side, change the subject and question the motives of the opposition.â€

User avatar
Campsalot
Senior Member
Posts: 911
Joined: Jul 20th, 2003 at 7:17 pm

Postby Campsalot » Apr 8th, 2005 at 2:32 pm

Actually, Mandrake with only base services is good for certain implementations. I run Snort and ACID and use Webmin for administration remotely. Works nicely and runs quite well. It is not accessible from the web and does not respond to pings so it is fairly secure.

Camps


Return to “*nix”

Who is online

Users browsing this forum: No registered users and 1 guest