Originally Posted by
gore
Joe:
I'll give you 50% of that ;)
I used to say that the argument that "If more people used Linux it would have just as many viruses as Windows" was flat out crap, but there is a little truth in that. If Linux had 90% of the Desktop market or whatever Windows has right now (Probably dropped after Vista) but at the same time, it's REALLY hard to get infected with Spy ware, Mal ware, and viruses if you so much as read the screens during an installation of anything else.
In Windows, which is actually harder to install than Linux since Windows had a text based installer for a long time and REALLY bad partitioning tools built in, it didn't really ask you for any type of user names for extra users. I'm not going to talk about Windows 9X since it's not fair to the Windows users here, but the NT line, you'd install, and, to my shock, the thing didn't ask for any extra users if you didn't tell it you wanted that, and it even auto logged you in with Windows XP.
Now, that means that anyone running Windows without customizing anything, was auto logging in as Admin.... That's bad. My Mom bought a new computer a few years ago with XP, I set up an account for Her as a basic user, and set the admin password, and to this day She doesn't know it. It's made fixing things easier since She can't access system files.
If you install Linux, you're told that you should make a non root account for yourself because there are security implications for not logging in as a normal user for your day to day computing, and that you should only use root when you have to do so for patches and so on.
That means during an install of Linux or BSD, you're told up front that you should not only make a different account for yourself, but why you should, and that if you don't security would be a joke. So why is it that Microsoft haven't made it default to "OK now make a user account that's not admin for yourself because the admin account has system wide access and you should not use this without needing to" and whatever else.
I've been using Linux and FreeBSD for some time now, and I've yet to have even ONE infection of anything. No intrusions (I read logs and so on, have firewalls, have a hardware firewall for when I'm doing a fresh install and so on and my passwords aren't easy) and when I install one of those, it tells me to make an account for myself and that I shouldn't log in as root unless I need to install or change something and that when I do use root to take caution because nothing is stopping me from unlinking a file system.
I don't understand why Windows lets you log in as admin without so much as a password. My own cousin one day was having troubles with his XP machine. I saw there was no password and put one on there so there was at least a password required. This machine was used to run their own business, had all their axes and legal documents, NO patches installed, no password for admin, nothing.
When I put one on there.... My aunt actually told me not to touch her computer because "we use this to run our business on here and you putting a password on here messed with it"...
I was shocked... And again, during the install, if it so much as mentioned that you should make an account for yourself that doesn't have admin access, at least people could know SOMETHING about the implications of that. But they don't. The average room temperature IQ user has no idea why there is a problem with looking at underground porn on their computer while being logged in as admin, and having no patches installed. At least they did put an update thing into XP that would tell you about updates and actually install them, but still, when something annoys a user they turn it off, like those pesky firewalls telling them that a Trojan is trying to upload it's pay dirt and they're tired of clicking on buttons so they shut the firewall off.
Apache is used on more Web Servers than any server software out there. You can look at the source code for it. So how can Microsoft claim that seeing source code is bad because people can find exploits and not tell anyone, when really, everyone looking means they can be fixed faster, and on top of that, since more people use it for servers, why isn't it being taken out more?