Badger Linux

Why Linux is More Secure Than Windows

In my last post, I showed how the vulnerability counts for Ubuntu Dapper LTS were lower than Windows Vista. However, I also mentioned that this should be used only to counter Microsoft FUD, and not as a measure of security. What, then, shows that Linux is actually more secure than Windows.

To answer this, we first have to look at what security actually is. Too many people make the mistake of calling a product secure, e.g Linux is more secure than Windows, Opera is more secure than IE etc. Now, security is not a product. It is a process with the user in a central role. Security is a state to be actively attained by proper interaction of the user and the software. Vulnerability patch management is just an important part of this process. What are perhaps more important are proper tools for patch management, stronger defaults and a multilayered approach to security keeping in mind the practical security scenario for that particular software, with the user forming both the first and last line of defence.

With this is mind, I turn to the reasons why an educated user using a Linux distro is in general more secure than while using Windows:

Much better patch management tools: In Windows, the automated update procedure just updates the components supplied by Microsoft. No third party applications are patched. Now, third party applications make up the bulk of the security vulnerabilities. Using Real player? You have to update separately. Using Flash? Update separately. So, for all applications, you have to regularly check for updates for each and every software. This is extremely cumbersome, (though, fortunately, this experience is made tolerable by use of the Secunia PSI) and most users just forget to do it. In Linux, you have automated update system which will update all your software. In Ubuntu, any product you have downloaded, if present in the repository, will be updated at the single click of a mouse. In other distros, if the downloaded software is not present in the repository provided by the distro, adding the product repository is a one time process. This greatly increases user compliance in staying fully updated.

Much stronger default configuration: Linux was designed to be a multi-user system. Therefore, the underlying system files will remain protected even if the user is compromised. If, unfortunately, any remote code execution takes place, it will only take place locally. This is to be contrasted to Windows XP, where the user logs in as administrator by default, and any compromise takes on a system wide character. Windows Vista has also moved to a limited user account by default, and therefore is more secure than its predecessor.

Modular Design: Linux is modular by design, that is, any system component may be removed if unnecessary. As a result, if the user feels that a part of the system is more insecure, he or she may remove that component. The same cannot be said of the Windows system. e.g If I feel that Firefox is the most vulnerable part of my Linux distro, I may remove it completely and replace it with another browser, say, Opera. In Windows, I cannot remove Internet Explorer.

Better tools to protect against zero-day attacks: It is not always sufficient to keep oneself fully patched. Zero-day attacks (an attack where the exploit code is released before the vendor patches the vulnerability) are increasingly becoming common. One study has also shown that it takes only six days for crackers to release exploits, it takes vendors much longer to release them. Therefore, a sensible security policy will make provisions for zero-day attacks. Windows XP has no such provision. Vista, in protected mode, though useful, provides only limited protection to Internet Explorer Attacks. Contrast it to the protection provided by AppArmor or SELinux, both of which provide finely granular protection against any types of remote code execution attacks. It is increasingly becoming common for Distros to ship with AppArmor (e.g SuSE, Ubuntu Gutsy) or SELinux(Fedora, Debian Etch, Yellow Dog) by default. In others, they can be downloaded from the repositories (e.g AppArmor in Mandriva 2008)

Open Source Architecture: In Linux, it is mostly “What you see is what you get” as far as security is concerned. The Open code means that vulnerabilities are seen by “many eyes” and fixed as fast as possible. What, more importantly, this also means, is that there is no scope to hide the patched vulnerabilities, there are no hidden fixes. The user, if motivated, may find out the security issues known for his Operating System, and take precautionary measures against potential exploits, even if the vulnerabilities are not patched. In the Windows world, however, many security issues are hidden. Internally found flaws are not publicly released, and the vendor waits for a major update or service pack to patch silently. While this may lead to lesser vulnerability counts, and better publicity using flawed statistics, this keeps the user in ignorance. As a result, an user may not patch a system if he finds that he is not vulnerable to the reported vulnerabilities, while he may, in reality, be affected by a hidden patch.

Diverse Environment: The Windows environment has been likened to a monoculture. There is great homogeneity which makes it easier for crackers to write exploit code, viruses and the like. Compare this to the Linux world. Here, a program can be a .deb, .rpm, or source code, to name a few. This heterogeneity makes it difficult for crackers to have the widespread impact that is possible on Windows

Badger Linux Net

wwww.badgerlinux.net

If this sounded very familiar , it is because this point had been reached in Linux to some degrees. At the heart of the United Linux project as well as other Linux distro projects was the Linux Standard Base (LSB) which was set up to define common specifications for Linux distributions ( Linux distros) and Linux application programs. The LSB had the support of all the major Linux makers. Its stated aim was to develop and promote a set of standards that would promote compatibility among Linux distributions and enable the software applications to run on any compliant Linux systems. The stage was set for a major computer OS software platform for functionality and some standardizations.

This was a fairly big overlap , for the United Linux project, but it went a lot further. The LSB specification covered the Linux application programming interface with a view to allowing software and project developers to create applications that could well be deployed across all LSB compliant operating system platforms.

Badger Linux Net

Realty Tax Consultant

wwww.badgerlinux.net

These individual distros and their partners hoped that other distros of Linux would be marked under their respective brands, but would be powered by a consistent United Linux which mean that the user could be confident that the user would be published with a United Linux and thus a measure of consistency and user functionally would easily exist across a customer and user base – for the first time in the Linux unix user base and communities.

Thus the UI ( United Linux) brand would thus of reduced the amount of mainstream Linux distros to the well managed group of five (5) – that at the time being Red Hat, Mandrake , United ,Debian and Slackware. The bets were on that time that in the enterprise sector tht Re Hat and United Linux would come to dominate. Well at the time those were the predictions of the Linux market share dominant distros.

Badger Linux Net

wwww.badgerlinux.net

In June 2002 four of the largest Linux distribution vendors joined forces to break down what they had identified as the main barriers to the widespread adoption of Linux in an enterprise- Caldera , SuSE, Conectiva and TurboLinux announced that they would collaborate on a common Linux fore to create the next generation of a Linux Distribution ( distro) to make deploying and supporting software easier and resolve the common problem of binary incompatibility between Linux distributions.

Badger Linux Net

wwww.badgerlinux.net

desktop linux users doubled

Some great news from desktop linux.com! They recently revealed the desktop survey results. The facts are there, the number of desktop linux users has doubled the last year!

And what is the desktop linux users distribution of choice? The Ubuntu family (Xubuntu, Kubuntu, Ubuntu, Ubuntu Studio, Edubuntu) leads on, and SuSe is the second runner up.

The survey shows us that more and more people are trying out a GNU/Linux distro, more and more people are getting aware that they can choose their OS. Up until Dell started to cooperate with Ubuntu, we had to accept that a PC you ordered came with a MS OS install (unless you bought parts and built your own pc).

Badger Linux Net

wwww.badgerlinux.net

Back in the early days of Personal Computers ( 1980’s era) a workstation was a high end , large , heavy computer with 1,000 k ( a kilobyte which is 1/000 of a megabyte, a gigabyte is 1,000 megabytes).

Cost approximately $ 10,000. A PC was small and insignificant in comparison – 64 k of memory ( versus 1,000 k) , a tiny small computer screen, a floppy or two. Cost $ 4,000 vs $ 10,000.

Even though modern computers are speed supercomputers in comparison to yesteryear’s computers the modern workstation is ahead of the Joneses as well. You can never keep up.

Maybe it is the software the workstations use. Most workstations are designed to run UNIX or Linux based operating systems. PCs run Microsoft Windows or Apple Macintosh software.

Nothing said in stone that your new computer cannot run Linix or a Linux distro as well as Windows and be dual boot.

Sell Gimli Cottage

Lake Manitoba Narrows Chalet

www.badgerlinux.net

Badger Linux