jump to navigation

Windows v Linux security October 23, 2004

Posted by rjdohnert in Software reviews.

This and this are from the Register. A nice couple of articles with very flawed “facts”, here is my response to both:

With this article I find the flaws in the authors reasoning and technical details. The author asserts:

” Windows has only recently evolved from a single-user design to a multi-user model ”

This would be true if Windows XP had evolved from DOS, it did not. Windows XP is derived from the NT/2000 kernel, which has always been multi-user from day one.

“Windows is monolithic, not modular, by design”

Windows has a Microkernel, not a monolithic kernel as the author suggests. Windows is a modular Operating system only Microsoft has never used it as such and they plan to make it more modular being able to add and remove features with Longhorn Server.

” Linux is based on a long history of well fleshed-out multi-user design ”

The author does a really good job to not say linux is based on UNIX, which it is. i wouldnt call the UNIX or Linux system well designed or even superior.

” Linux is mostly modular by design ”

Linux is not modular by design, you cannot add or remove functionality without recompiling your kernel. If Linux was a proprietary product such as UNIX thenyou would be stuck with a what you see is what you get system. Linux has a Monolithic kernel like DOS had a monolithic kernel.

” Linux servers are ideal for headless non-local administration ”

My Windows Server 2003 racks at work are headless and I have no problem with system administration from home or anywhere else.

” This exposes that server to any browser security holes. Any server that encourages you to administer it remotely removes this risk. ”

Any administrator that sits there and uses the server as his own personal desktop to surf the web is not a real admin. I use IE on my server to access Windows Update and to use web apps that I have. this is common sense, are you open to the browser security flaws? Sure but your chances of getting hit by an IE flaw on the server is less probable than on the desktop. As I stated before you can administer a Windows Server remotely.

the author then goes on to mention the severity ratings from Microsoft. I agree Microsoft should not classify the severity but Microsoft has to decide what it should patch first.

I personally dont put that much consideration into this security report. I find it more of a marketing tool.

The bulleted list contained these remarks:

” Myth Windows only gets attacked most because it’s such a big target, and if Linux use (or indeed OS X use) grew then so would the number of attacks.
Fact When it comes to web servers, the biggest target is Apache, the Internet’s server of choice. Attacks on Apache are nevertheless far fewer in number, and cause less damage. And in some case Apache-related attacks have the most serious effect on Windows machines. Attacks are of course aimed at Windows because of the numbers of users, but its design makes it a much easier target, and much easier for an attack to wreak havoc. Windows’ widespread (and often unnecessary) use of features such as RPC meanwhile adds vulnerabilities that really need not be there. Linux’s design is not vulnerable in the same ways, and no matter how successful it eventually becomes it simply cannot experience attacks to similar levels, inflicting similar levels of damage, to Windows ”

I do think popularity does play a big part in this issue. If Linux tommorrow was to become the dominant OS does this guy actually think virus and malware writers intend to take their ball and go home? If he does then I have some ocean fron property in colorado I want to sell him. Crackers will get into systems regardless of if its Mac, Windows, Linux or UNIX. They will write viruses for these systems. It doesnt matter.

The only real security is education. Teaching people to protect their systems is key. I have run Windows Servers for 3 years. I have yet to have an intrusion or a virus. is it magic? No, I know what I am doing and I try to educate users.



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: