digg

Facebook Connect Join Digg About

Why Linux Distros Are More Secure Than Windows

freewebsoftwarereviews.blogspo… Security in an OS refers to a process, not a product. This article discusses the features of Linux which makes a secure process possible when used by a knowledgeable user, namely better patch management, stronger defaults, modularity, better tools against zero day attacks, transparency and diversity of environment.

Who dugg this? Made popular Jan 2, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

273 Comments

show profanity settings
expand all
  • Rotzooi, on 01/02/2008, -13/+80In the end, it's the user who is the least secure part of any OS. Linux users generally know what they are doing when it comes to computers, whereas 95% of Windows users don't have a clue other than double-clicking starts Office.
    So it's no surprise Linux is 'safer'.

    Wait until everyone and their grannies start using Linux distros, all of a sudden they will be deemed unsafe.
  • shark615, on 01/02/2008, -5/+62No OS is secure whilest there are users out there that will click 'Yes' to install 'Ass ***** My PC Please, version 2.0'
  • razor150, on 01/02/2008, -3/+56You know, I was just thinking that Digg could use more Linux is better then Windows articles.
  • adhiza, on 01/02/2008, -14/+57*waits for Mac fanboys to argue Macs are better*
  • nfollmer, on 01/02/2008, -8/+51It's Open Source - anyone finds a security hole in the code, they can plug it.
  • theranjan, on 01/02/2008, -3/+31What you say is true. However, what is also true is the fact that you have to hack at Linux to compromise it,e.g to compromise Ubuntu, you have to use the command line usually, even if you are the main user. Apparmor and SE Linux even make the superuser have less control. So, it is more unlikely that a novice user of Linux will be capable of compromising Linux. That will take Social Engineering of a remarkable magnitude. Not saying it is impossible, the crackers are a smart lot, but very difficult.
  • STKD, on 01/02/2008, -2/+29You fell for that one too, huh?
  • TomFrost, on 01/02/2008, -1/+23This isn't even an argument. Mac and Linux both have their UNIX underpinnings, giving each one the superior filesystem-enforced permissions system that now *every OS _BUT WINDOWS_* uses. I use Leopard and Ubuntu and love them both dearly for the things they're good at.
  • jonshipman, on 01/02/2008, -0/+22because it is more secure
  • andycr512, on 01/02/2008, -2/+21Uh, no.

    "people can edit the source code and insert some viruses in it."

    Open Source != Wikipedia. Not everyone can modify the mainline code.
  • Wargalas, on 01/02/2008, -3/+21And you base your "OSX is better" on what now?
  • reazal, on 01/02/2008, -3/+20Don't forget that in Linux we don't login as admin. In Windows, most of the users login as admin. Spywares, adwares, viruses, rootkits, etc are only become highly dangerous when Windows users login as admin.
  • MrSarcasm, on 01/02/2008, -2/+19giggidy giggidy
  • andycr512, on 01/02/2008, -0/+17Crackers != Hackers. I'm not one to fight for the distinction, but it's important here.
  • STKD, on 01/02/2008, -2/+18The stupidity of that comment literally broke my laughter mechanism.
  • vade79, on 01/02/2008, -1/+16Also open source software has been audited more frequently and more effectively because ... it's open source. I still wonder what things remain under the hood in some windows apps.
  • MWeather, on 01/02/2008, -0/+12So the majority of the several billion websites on the planet = nobody?
  • CraigJ, on 01/02/2008, -0/+11I've read some ignorant things on Digg, but this has to be in the top 5 all time ignorant comments.

    If by "whole new paridigm" you mean Free BSD and Darwin, then you are right.
  • theranjan, on 01/02/2008, -0/+11Actually, the world of crackers has gone into the hands of professionals, who do not have any sentiment whatsoever as to which OS they are using.
  • brianary, on 01/02/2008, -11/+22Dear Microsoft,

    First problem: every time I install a program, icons are left all over my Start menu and desktop, mostly crap I don't need. Also, enough with the EULAs already!

    Most of all, I'm tired of some programs staying in memory (Java, WinAmp Agent, WinZip, etc.) to check for updates periodically, some programs adding separate Scheduled Tasks (Apple stuff, etc.), some programs checking at startup (often slowly, in the main thread: Adobe Reader, etc.), and most programs requiring I manually keep stuff up to date by watching their stupid website and re-installing when there is an update. I'm lucky if the auto-update checks even have the capacity to install the update, rather than just throwing the download web page at me to do myself. I'm also lucky if I don't have to uninstall the previous version, even this many years after the introduction of the MSI. Of course, I also have to constantly monitor vulnerability sites like us-cert.gov, since commercial entities can't be trusted to be honest about unpatched vulnerabilities.

    Oh, there are many attempts to bring some measure of automation to installation and updates on Windows, but despite AppUpdater, win-get, app-get, UpdateStar, AppSnap, filehippo.com Update Checker, Secunia Personal Software Inspector, and others http://en.wikipedia.org/wiki/Package_manager#Windo ... , most of them fall pathetically short.

    In short: I spend all my time in Windows installing, monitoring for updates, updating, and cleaning up afterwards, and it **SUCKS**.

    Stop fighting with me about who really owns my machine (premium content DRM), putting lipstick on the pig (Aero), crippling network speed when music is played back (Multimedia Class Scheduler), implementing half-assed web standards (IE7), asking users what components of an application to install (MSI), and fix the real problem with Windows: installs and updates.

    Sincerely,
    Brian
  • FyberOptic, on 01/02/2008, -8/+18Vulnerabilities aren't discovered because a piece of software is open-source. It's rediculous that this notion continues to float around. People find vulnerabilties the same way they always have: banging on it until it breaks. They do this to Firefox exactly the same as they do to IE. Nobody in their right mind digs through thousands of lines of code trying to see if they can spot a vulnerability, especially when they're not that easily spotted. The developer probably wouldn't have made the mistake in the first place if that were the case. Much of the banging method is even automated to various degrees these days. When the application breaks, they then set out to find just what is happening, and whether it's exploitable. Source code will almost never tell you that up front.

    Windows is simply more vulnerable because it has a huge userbase. Linux/unix has always been vulnerable as well, but in different ways. People target it as a server and therefore attack it accordingly. They go after services like Apache and Postfix, or through web software like forums, then try to rootkit the machine (which is done successfully all the time). In Windows, you attack applications instead, like a browser or email client, and try to break out into the rest of the system from there. It's all the same. If software is vulnerable, open-source doesn't mean squat. Look at all the vulnerabilities Linux and its biggest server applications have had over the years. Check out cross-platform applications like Firefox, too. Then go take a look at Apple's track record for security. Same *****, different day.
  • Trixrox, on 01/02/2008, -3/+13If everyone would leave UAC on or run themself as a standard user that wouldn't happen. Then we need people to write apps that don't require an admin to run.
  • theranjan, on 01/02/2008, -3/+13If the open source service provider charged money for the software, e.g RedHat, I think they would be held responsible for any patches. Inspite of that, they do a very good job of checking and updating the patches.
    The Repository in Ubuntu is maintained by Ubuntu itself, as is the case with other large distributions. It is only fair they get the credit for a job well done.
  • ReallyDave, on 01/02/2008, -2/+12While I can agree with some of the author's points, the article is written with a predisposition favoring Linux and a lack of facts or technical reasoning ("Much better ..." ?).

    This article won't convince anyone that Linux distros are more secure than Windows, the way it's written the only people who would agree with it would be those sharing the author's same dispositions.
  • CrackyJSquirrel, on 01/02/2008, -2/+12It has pretty colors and animations, of course its better.. Hopefully Mac people will start to use them for computers and not toys. They then can look past all the bells and whistles to see if an operation system is truly good without all the pizazz.
  • Unlgued, on 01/02/2008, -0/+10Disregard that, I use AFMPC since version 1.0 and it's never let me down.
  • mithrasinvictus, on 01/02/2008, -1/+10but i can choose to use another repository or set up one of my own whenever i want.
    while microsoft actually stops people who provide an update mirror with better accessibility.
    plus: linux distro's dont suspect all their users of pirating their software and i dont have to worry about receiving a spyware update (with all the security implications)
  • theranjan, on 01/02/2008, -0/+9That is covered undered transparency
  • JeroenVernooij, on 01/02/2008, -0/+8Not true. On Linux you will be asked for an administrator-password. Without that you can't do anything destructive.
  • nfollmer, on 01/02/2008, -0/+8No, open source is actually easier to fix, and usually takes less time. ANYONE that wants to, can fix the issue. It may effect a few people, but the word gets out and the issue is fixed a lot faster than it would be on closed source software.
  • mithrasinvictus, on 01/02/2008, -3/+11Thank your manufacturer.
  • MWeather, on 01/02/2008, -0/+8You just used it to make that comment.
  • richbradshaw, on 01/02/2008, -0/+8Saying a Cracker is a Hacker is like saying you like cheese with your favourite perl coder.
  • breckinshire, on 01/02/2008, -1/+8I think it never really hit its stride until 2.5.
  • ToadLeg, on 01/02/2008, -1/+8You read the article, particularly #2? Windows lacks an "_actual_ Permission System" partially because it is closed source, so nobody can add one, or as nfollmer said, "plug ... the security hole in the code".
  • PeachCobbler, on 01/02/2008, -1/+8You can modify open source code however you like, but it's not going to be contributed unless you're in the development team. You can make a nice little fork with your malicious code embedded, but unless you hack that project's server, your code isn't gonna go in. Let's put this into words you can understand. If Apple was open-source, Steve wouldn't take your code unless you were one of his groupies.
  • vibrokatana, on 01/02/2008, -5/+12probably because linux works for him and doesn't blow up in his face like windows.
  • andycr512, on 01/02/2008, -0/+7Yes, but the OP is obviously confused by common usage, since he saw white-hats as being the same people as black-hats.
  • TehDoctor, on 01/02/2008, -4/+11OSX is just like every other popular OS that's been written since the early 70s. Except that Apple mostly ignores the wealth of POSIX, wrapping it up in a braindead amalgam of BSD and Mach while layering their own in-house Obj-C APIs on top of it all so there are multiple layers of indirection and translation by the time you get down to the kernel's primitives, not to mention the amount of context switching it does because it tries to be a microkernel. Add to that Apple's disregard for the standard filesystem layout (using their own scheme with /System, /Library, etc.) IMO Apple should have ditched their Next carry-overs for C or C++ and straight POSIX. Those who fail to understand Unix are doomed to repeat it poorly... Apple has a Unix in name, but not in spirit.

    Apple is good at making pretty applications. Steve Jobs said this at the D5 conference. If they were good at OS's they wouldn't have hacked BSD and Mach together, they would have actually made "a whole other breed of OS"
  • salinemist, on 01/02/2008, -0/+7It's the only leading brand of peanut butter that has molasses in it.
  • CrackyJSquirrel, on 01/02/2008, -3/+9You dont read sarcasm well do you rolty125. Its ok, one day you will develop reading skills and you will look as cool as you thought you did when you replied to this.
  • GMorgan, on 01/02/2008, -5/+11The difference is Linux is secure by default. Windows leaves everything open because it's easier. Then people expect things to always be like that. Linux at least forces you to deactivate all the security features before you can be stupid.
  • infiniphunk, on 01/02/2008, -3/+9"linux is open source windows"
    WHAT??
    usability in OSX? spend a day or two using Gnome and then get back to me.
  • salinemist, on 01/02/2008, -0/+6The amount of hydrogenated oils that they put into "regular" peanut butter is so small it's not worth fretting over.
  • Myonosken, on 01/02/2008, -2/+8Depends on your linux distro.
  • brstilson, on 01/02/2008, -0/+6As someone else pointed out, Open Source is not Wikipedia. It is actually like the peer-review system in science. There must be a consensus in the Linux community before the Kernel is updated, so sneaking in a virus would require you literally post your code for the whole world to see, say "here is my code for a virus I'd like to sneak into the Linux kernel," and have everyone that sees it give the go-ahead.

    You can edit the source code yourself, but you'd have to convince other people to download it, and you'd have to keep your code open for everyone else to see as well. It's like trying to rob a bank with a platoon of marines aiming M-16s at your head.
  • theranjan, on 01/02/2008, -2/+8No actually, the Open source architecture makes it possible for anyone to find holes. Therefore, there is a high probability that the source code of open source products are examined by more people, at least for the popular programs. The strength of this open source philosophy is that while it takes lesser time to find holes, they are patched quickly too, making the time of risk very less. Also, since there is constant collaboration by a wide range of people, bugs may be ironed out more easily before release.
  • cmdrNacho, on 01/02/2008, -2/+8http://www.opensource.apple.com/darwinsource/
    http://en.wikipedia.org/wiki/Darwin_%28operating_s ...

    If this is true for Linux then it has to be true for Mac OS
    f'n fanboy
  • theranjan, on 01/02/2008, -1/+6Knowledgeable users make mistakes too. I have found viruses inside the computers of some careful users of XP simply because one day they forgot to scan their pen drives for viruses after inserting it into their computer. Windows can be made very secure, but it is a chore compared to Linux. And since it is more work to keep Windows secure, mistakes may occur more frequently than with Linux.
  • Fetching more discussions...
    Show 51 - 100 of 275 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.