[Eug-lug] EDITOR'S NOTE:

Bob Crandell bob at assuredcomp.com
Tue Aug 3 21:49:48 PDT 2004 

Hi,

Let me fan this flame a little:

-----------------------------------------

1. EDITOR'S NOTE: Linux Is More Secure Than Windows. It Just Is.

Evans Data recently provided more proof that Linux is more secure
than Windows. The researchers surveyed 500 Linux developers and
found that 92 percent had never had a machine affected by
malicious code. Fewer than 7 percent said they'd been victims of
three or more hacker intrusions.
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-aax1304x12765&

Only 22 percent said their systems had EVER been hacked.

By comparison, last spring Evans did a study that found that 60
percent of non-Linux developers had been victimized by security
breaches, and 32 percent said they'd been hit three or more times.

There's a reason that Linux developers get hacked less. It's not
entirely, as Windows advocates say, because Windows is a more
attractive target for hackers.

Oh, that's part of the reason, sure. Windows is a bigger target,
it's easier to hit. It has more users which means attackers can
do more damage. Also, many hackers just don't like Microsoft, and
target the company's products as a means of hurting the company.

But, really, who cares why Linux is more secure, so long as it
is? Windows will continue to be a more attractive target for
attackers for a few years at least, and a few years is about as
far ahead as any IT manager can plan a deployment.

And Linux isn't secure only because it presents a small target.
Linux is inherently more secure than Windows. While Microsoft is
working hard on making Windows more secure, it remains to be seen
whether the company will be successful.

When compared with proprietary software, the open-source process
is an advantage to developers looking to write secure code. This
doesn't make sense to advocates of proprietary software, who note
that distributing the source code to software allows crooks to
examine the code for security holes.

The error in that argument is the assumption that, with
proprietary code, the crooks don't have access to the code. With
proprietary code, crooks can find security holes by examining
illicitly obtained source code - Microsoft source code has been
leaked many times. And with either proprietary code or
open-source code, crooks can examine the behavior of running binaries.

But where open source is different from proprietary code is that
open source encourages honest people to access source code, and
find security holes and patch them fast. The large open-source
community can find and patch security holes faster than teams of
proprietary developers - even when those developers work for
Microsoft - simply because the proprietary developers are hobbled
by their need to keep secrets.

Another reason for Linux's inherent security is its user model.
End-users run with limited privileges; only systems
administrators have access to the all-powerful root account.
Mostly even systems administrators run as limited-privilege
users, unless they absolutely need root access. By limiting
users' access to systems, Linux limits the amount of damage a
user can do.

Linux's lower vulnerability, compared with Windows, isn't just a
function of its smaller popularity. Linux is breached less often
because it's more secure. Microsoft has a lot of catching up to do.

Mitch Wagner
mwagner at cmp.com
Linux Pipeline
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-aax1302x12765&

--
Assured Computing, Inc.
When you need to be sure.
http://www.assuredcomp.com/
P.O. Box 40814
Eugene, OR 97404
Voice - 541-868-0331
FAX - 541-463-1627

More information about the EUGLUG mailing list