Coffeehouse Thread

17 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Why is it more secure?

Back to Forum: Coffeehouse
  • User profile image
    Cornelius Ellsonpeter

    Okay. Once and for all, somebody PLEASE explain to me why Linux (pick a flavor) is so much better than XP on the desktop in terms of security. Please don't digress into zealotry, please tell me why on a fundamental level it's better. For instance, "well, it has file permission settings that just aren't found anywhere else" or whatever (I'm not saying that is true anymore, but you get the idea). Or, the OSS community tends to issue patches more often. Or....

  • User profile image
    MB

    Conceptually... it's not... the basic VMS derived security model is sound... the only serious arguments are about bugs, and how they are detected and managed.

  • User profile image
    blowdart

    MB wrote:
    Conceptually... it's not... the basic VMS derived security model is sound... the only serious arguments are about bugs, and how they are detected and managed.


    Plus what's enabled by default (pre 2003)

  • User profile image
    Pace

    I think I read somewhere once that XP was 54 million lines of code an Linux was around 7 or 8 million mark. So you potentially have more to exploit. Also there are more windows users than Linux so chances are you just hear more about it as its a bigger community. To be honest you cant believe everything you read so im not entirely sure.

  • User profile image
    AndyC

    If anything, it's predominantly a historical thing. Windows comes from a line of OS' that didn't have any built in security (3.11, 9x), so lots of applications were lazily written with the assumption that they can do whatever they like on the system. When run on an NT based version of Windows they tend to fail unless either run as Administrator (defeating the entire security model) or require a lot of permissions tweaking to get them to run.

    Linux, by contrast, started from the point of borrowing its feature set from an OS that had already had a security model bolted on and thus the majority of applications developed for it are better behaved when running with more restrictive permissions. The actual underlying security model is not inherently better and, indeed, has many issues of it's own.

  • User profile image
    W3bbo

    Pace wrote:
    I think I read somewhere once that XP was 54 million lines of code an Linux was around 7 or 8 million mark. So you potentially have more to exploit. Also there are more windows users than Linux so chances are you just hear more about it as its a bigger community. To be honest you cant believe everything you read so im not entirely sure.


    Depends, is that the entire Windows distribution or just the NT Kernel? What about all the Kernel extensions? There's more to the Linux project besides the kernel anyway, such as all the bundled programs (like "ls")

  • User profile image
    blowdart

    linux_guru wrote:
    The code is open and being reviewed at all levels of the OSS community.


    If that were true how come it's buggy and needs patches (look at firefox)? The advantage of many eyes is the "big lie" about open source.

  • User profile image
    Deactivated User

    Comment removed at user's request.

  • User profile image
    warren

    blowdart wrote:
    
    linux_guru wrote: The code is open and being reviewed at all levels of the OSS community.


    If that were true how come it's buggy and needs patches (look at firefox)? The advantage of many eyes is the "big lie" about open source.


    Heh... even Lynx has had two critical security vulnerabilities in the last year.

    Lynx!

    That browser has been open-source for something like 10 years, and even in 2005 there were still new vulnerabilities found.


    .... LYNX!


    There isn't a single open-source advocate out there who can defend this as a success story.

  • User profile image
    compugab

    linux_guru wrote:
    The code is open and being reviewed at all levels of the OSS community. 


    Everyone can but is everyone do?

  • User profile image
    pathfinder

    heres my 2 cents

    1.  Linux has a best practice of not using the root login.  From my experience, XP doesn't have this, since most users are full time admin.

    2.  Perception and expectation. Linux is free, thus you get what you pay for.

    3. Like DRM, no system is secure, but its a numbers game.  In reality, Windows XP is easier to come across and there are more Windows users.  When I was in school we used Windows computers and I studied the various ways to exploit the school network.  If it was Linux I would have learned Linux/Unix various exploits instead.

    4.  Both Kernels are secure, its the environment that isn't. I run a Linux server with Apache and PHP.  While I felt I had  very robust security on the Linux kernel, someone exploited a PHP bug and still comprimised my server.  (I didn't mind because it gave me an excuse to format the system upgrade to the latest kernel and upgrades are free!)

  • User profile image
    Cornelius Ellsonpeter

    AndyC wrote:
    If anything, it's predominantly a historical thing. Windows comes from a line of OS' that didn't have any built in security (3.11, 9x), so lots of applications were lazily written with the assumption that they can do whatever they like on the system. When run on an NT based version of Windows they tend to fail unless either run as Administrator (defeating the entire security model) or require a lot of permissions tweaking to get them to run.

    Linux, by contrast, started from the point of borrowing its feature set from an OS that had already had a security model bolted on and thus the majority of applications developed for it are better behaved when running with more restrictive permissions. The actual underlying security model is not inherently better and, indeed, has many issues of it's own.
    That's what I was kind of thinking more or less. I know the historical angle and yes, by default, XP starts you off as an admin user (aka "Owner") which is not the right approach for the typical home user. Those are the very same people who will probably go on the internet within an hour of firing up their new machine for the first time...although I seem remember that automatic updates are turned on by default, which makes a dial-up connection run like molasses. Plus, from my Debian/KDE experiences, you are forced (on setup) to put login passwords in place for your average user and your root user. This is not the default setup in XP Home from what I've seen.

  • User profile image
    Sourcecode

    I would say one of the points to mention is user base. The fact that windows is 95+% of the world user base leaves it open and is the more revered target for attack. Now we could turn that around and say if linux was the 95% it would not be the same, however I feel that it would be even worse then windows when it comes to security if that was the case. In large part due to the open source ness of it.

    The idea that if a security problem does arise I have no one to call is scary.
    The fact that the correction may or may not be properly implemented/tested etc..
    The fact that there are several flavours.
    Etc..

    It doesn’t mean Linux is a bad OS at all, far from it. If the tables where turned I think we’d still have the same problems.

    With that, I would say Linux is more secure not because it’s better, but because it’s less sought after as a target.

  • User profile image
    Rotem Kirshenbaum

    linux_guru wrote:
    
    The code is open and being reviewed at all levels of the OSS community.  Microsoft's code is closed and being reviewed by the same people responsible for Vista.  Need I say more?


    Yeah. I think you forgot to add facts and reasoning.

    Rotem

  • User profile image
    julianbenja​min

    The security of each OS can be related directly to the sensibility of it's user and the software installed on the OS.

    Been using Windows since 3.1, and never had a virus hit my machine.

    I've had it crash, but then, I've had linux crash as well.  So, it's all perception and your own experience.

    Sure, Linux will go out of it's way to prevent you from doing stuff, but it shouldn't have to.  Windows keeps a lesser check, but you're still allowed to install buggy drivers and applications on both systems, which will crash both systems no matter what.

  • User profile image
    julianbenja​min

    linux_guru wrote:
    
    warren wrote: .... LYNX!


    There isn't a single open-source advocate out there who can defend this as a success story.

    I can.  You see if it wasn't for the OSS nature of Lynx, it seems clear that these bugs may have never been discovered at all.  I and other OSS evangelists, have never claimed that our code is less buggy, only that bugs and issues are resolved much more quickly due to the open nature of the process.

    Your comment presumes that these bugs have existed in Lynx since day one.  While that may or may not be true*, you only need to consider just how many bugs have been in Microsoft products for years and years before realizing the the Open Source way is the better way.  Can anybody say WMF exploit?

    * Alas I am not properly equipped with the details to combat that particular point.


    Much more quickly?  10 years is quick?  BUT, the real question is, how many people have taken advantage of this bug in Lynx that's presumably been around for a while? 

    Being open source has it's draw backs as well, as not everyone reviews every piece of code.  Do you go over the code for every package you download and install?  I think not.  The code is reviewed by the developer (and maybe a couple of other people if lucky).

  • User profile image
    Sourcecode

    julianbenjamin wrote:
    

    The security of each OS can be related directly to the sensibility of it's user and the software installed on the OS.



    Good point, and as the user base grows the perception becomes louder. Windows gives the user enough rope to hang them selves (and they often do). A large part of security is knowledge based.
    Most linux users are tech people so that curve fits the bell. Windows is the opposite.

    A large part of it boils down to education.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.