As I was glancing over my iGoogle page, when something caught my eye. I saw a story, courtesy of Yahoo! news, which led me to Jeff Jones (MSFT technet) security blog:
His post shows a report by CSO, which details the days-of-risk per several operating systems. The four systems included in the report are Windows XP, Novell’s SUSE, Red Hat, Mac OS X, and Sun’s Solaris.
Interestingly enough, the report shows that Windows had the fewest days of days-of-risk. This I in a way do not find hard to believe, with Microsoft releasing patches almost every Tuesday. Microsoft takes this as Windows being the most secure — do they expect me to believe this!? There is no perfectly secure operating system, but, there are some that are more secure than others. The report details what it calls “days-of-risk”, or days that you are vulnerable to security issues, such as viruses, trojans, et cetera. Here is a chart showing the findings:
There is a piece of this report that can be misleading: The report does not disclose exactly how vulnerable you are to a malicious attack. For instance, you have a much better chance of getting a virus, or any other attack for that matter, on a Windows computer than on Linux. Windows is obviously a much larger target, and therefore the first place hackers look when finding a computer to hit.
However, Linux is also much harder to get into for hackers, thanks to several reasons. Linux has a built in firewall for most distributions. Linux is also a very modular system, since program files often have to work with each other, many of the necessary files are included in the program package. Windows programs, on the other hand, require use of the included library file in Windows, exposing your system. Almost all programs in Linux work separate of the core system, running using their own files. Applications are also not held in a single location (very much unlike Windows c:/programs), making it much harder for hackers and viruses to break into your applications. Thanks to a modular system as well, if one becomes infected, it is very simple remove the application, and then reinstall it, purging the virus.
Viruses can not get around in Linux very easy, while running into files spread across Linux. At the same time, it runs into something called “sudo”, which stands for “super-user do”. Basically, while running Linux, unless you sign into root (which is the base of the system, giving you full access), you are not running as a system administrator. Every time you try to change something in Linux that could affect the system, you must enter an administrator password. This feature blocks unwanted access/changes to your computer. This feature has been a part of Linux since it’s beginning in the early 1990’s. Mac gained this feature after it switched to UNIX for it’s base in 2001. Microsoft’s Vista also has something similar, called “UAC”, which stands for User Access Control, of which they believe every operating system should have, even though it is already (and has been for some time) implemented in Linux, and more recently Apple’s Mac OS X. That’s what I call superiority (sneaky…) marketing, which is a story for another day. It is the first time in that Microsoft has implemented such a feature in Windows.
The best example of Windows vs. Linux security that I have seen was in the June 2007 issue of Smart Computing magazine, pg.38. Smart Computing is a fun magizine for anyone who likes computers. For those of us who like Linux, there is a page devoted to Linux, with an Ubuntu Quick Tip of the Month in every issue! The article is entitled, “The Tethered Goat,” which gives reasons for why Linux is safer, many the same as the ones I have given above. As an experiment, they set up two computers, both on the same network. One was an Ubuntu machine, 7.04, and the other was a Windows XP machine with SP2 installed. After 30 minutes, both had been probed by outsiders. After several days, the Windows computer had a worm installed, and the Ubuntu computer was left clean.
There are many different reasons for the different security levels in operating systems. What I believe is the best security feature for Linux is its Open Source development model, which allows for security problems to be detected and fixes uploaded to the system much more quickly when compared to Windows’ (or even Mac’s) closed development cycle.