Is Windows more secure than BSD/Gnu/Linux/UNIX?

[VictorKaum]

I strongly think that two points are a main factor in choosing an OS with security in mind:

- first: knowledge of admins / powerusers
If you have no clue about *nix but are highly skilled in Win systems than choosing linux cause "it's more secure" is completly foolish and vice versa.

- second: function of the system
For instance, a few years ago I had a proxy-server/gateway/firewall running on a WinNT system, almost every 24 hours it crashed for some reason, mostly virus problems, DoS and other ****... I replaced that particular server with a linux box, almost the same functionality with half the hardware, and that little setup (once configured right) ran for months, even years without a crash.

It's all about use and perception...

for El-Half: about mainframes -> those things are stable and they evolved too, for instance look at the SYSTEM/390 (S/390) and Z series market... Although the market of those is declining, cause many entreprises are migrating to open platform environments. IBM is still going to offer support to at least march 2007.
S/390 and Z series mainframe-servers can be considered as the most reliable platforms around and you can run Linux on those big boxes! http://oss.software.ibm.com/linux390/index.shtml
About the advantages of linux on mainframe servers: http://www-1.ibm.com/servers/eserver...nux/about.html

[gore]

Man I miss this thread. Hmm, I'll bump it up and give people new here a chance too take part in it and et more opinions.

OK, How about this:

Slackware 10, no firewall, all services shut down.

Would someone be able too get in? Or would the fact that there is nothing running stop them? How do you break into something that isn't running?


OK, same machine:

Machine now has IPtables not allowing any traffic too the services. Does this really matter? Is it anymore secure now that it has that?

Again:

Machine is now running A Firewall for Linux, like, for example, the Shorewall application. No traffic is alloud, but remember the ports already have services shut down. Now the machine has already been updated and all patches are installed. Is this any more secure than without the firewall? Is it less secure? think about it, it's running MORE software now, the firewall. So is running the firewall actually possibly making it less secure because its another application running? Or does it make it more secure?

Heh, NOW discuss some more

[cacosapo]

Slackware 10, no firewall, all services shut down.

Would someone be able too get in? Or would the fact that there is nothing running stop them? How do you break into something that isn't running?

what do you mean on that config? a stand alone workstation perhaps? or it can start requests, such as http, telnet, etc?

did you comment out every port on *nix conf? inetd (or something like that) is down?

[gore]

Everything commented out, and any running services shut down that may be running before. No services are running, and upon boot up, after installation, SSH and Apache were shut off which sometimes run by default, they were shut down, and none no longer start up, as they were commented out and no longer start upon boot.

So what do you think? No services at all, but it's on a LAN with a connection too the Internet.

[AxessTerminated]

More people use Windows, therefore people take time to actually write viruses/exploits for the OS. Why would they exploit Linux when there's only 10% of the processing power in use when compared to MS boxes? Many Linux distros are far from perfect.

Windows insecurity is not a Microsoft issue, it's a retarded-user issue. If more people knew what "services.msc" was and what services were unneeded, the OS could become a brick wall assuming the firewall is enabled.

MS is still doing the best it can to suppress vulnerability issues. That's why SP2 does not check for pirated copies of Windows...because it is a necessary update for Windows.

A_T

[chsh]

Originally posted here by gore
Slackware 10, no firewall, all services shut down.
Would someone be able too get in? Or would the fact that there is nothing running stop them? How do you break into something that isn't running?

You can break into machines that aren't running services, yes. Remember, there's always two pieces to most networked code: Client software, and Server software. If you can't break in via the server software, you still have the client stuff as an avenue of attack.

Originally posted here by AxessTerminated
More people use Windows, therefore people take time to actually write viruses/exploits for the OS. Why would they exploit Linux when there's only 10% of the processing power in use when compared to MS boxes? Many Linux distros are far from perfect.

Umm, Linux isn't only 10% of the processing power in the server world. In fact, it is a large portion of all webservers, which are among the most popular targets. Estimating installed base with Linux is hard, and even with Windows the numbers are inaccurate, and generally referenced by OEM Desktop sales bundled with Windows.

Windows insecurity is not a Microsoft issue, it's a retarded-user issue. If more people knew what "services.msc" was and what services were unneeded, the OS could become a brick wall assuming the firewall is enabled.

I'd argue the opposite with references to bugs like the IIS exploit that allowed privilege escalation. It is really a combination of the two.

[!mitationRust]

I don't think any linux system has been formally validated at this time to handle data above unclassified. As I am sure you are aware there are standards that organizations must follow when dealing with data above the unclassified level. (By the way, NT does qualify)

[gauravjulka]

No doubt *Nix OSes are more secure as compared to the WIdows because of the Open source factor. It is harder to hide viruses in the code for *nix OSes. Windows is provided by a single party Microsoft, the so called giant inthe software biz. It is its own sole responsiblity to fix the bugs which remain in their software. But for *nix there is no one responsible out there for bug fixing issues. If there is someone out there, Then do drop a message about it.

But administration in Windows 2000 is more sophisticated because of Windows Active Directory Services. Does any *nix system has any equivalent to this thing. The beauty that this costly OS has in it its marvellous support over the network. Integration of various security mechanisms in one wonderful framework called Windows Active DIrectory Services.

No. of applications don't count for the usefulness of an Operating System. Consider them when it comes to ease of use, user friendliness, sole responsibily for the professional creators for any bugs. So windows provides all that. Keep in mind that upto this point Windows is many step ahead of other OSs. The need is there to make it a bit open sourced so that even the amateur programmers can also tweak the bugs for themselves

This is an important thread initiated. There must be some discussion on the issue. Further comments are awaited. I

[cacosapo]

Originally posted here by gore
Everything commented out, and any running services shut down that may be running before. No services are running, and upon boot up, after installation, SSH and Apache were shut off which sometimes run by default, they were shut down, and none no longer start up, as they were commented out and no longer start upon boot.

So what do you think? No services at all, but it's on a LAN with a connection too the Internet.

so you have an "equivalent" config of an firewall protected machine that allows connections (being started) from inside, but not from outside.

However, since you start connections from inside, you open your "guard" and you can get some kind of malware on those connections. And because you dont have any other protection, that malware can OPEN connections to outside and doom your machine.

On the other hand, i cant see an easy a way to attack you machine if you dont have a previous "channel" with the attacker. BUt you can receive DoS attacks, since your machine has tcp/ip stack active. Im not sure if anyone can compromise tcp/ip stack per se and get some kind of priv escalation since you dont have anything inside it to be "valuable" to be infected (such as a daemon).

[tyfon]

blah blah blah!Why do you care so much about what your box is going to run???I use linux for about a year,I don't understand why gore is so stupid to start discussions about meaningless,infinite.time-consuming,ball-cracking subjects...I ve learnt that if a guy (or a girl) or even better a company still wants to use windows after having the opportunity to see what linux looks like then you should let them...I don't care about convincing anyone that linux is better....stay with your commercial,closed source('i got bugs,i got useless code that wastes your memo,i send info of yours to M$ but you will never going to find about it!!'-programs) memory-wasting,Gates-enriching,poor-performance,IE-infected,WMP-infected,crappy,buggy,shitty Windows and just remember:
-you will alway have to reboot
-you will always have to re-install them
-you will always have to see svhost-eating your memory
-you will always have to run antivirus checks on Sunday mornings
-you will always have to purchase good antivirus software,good firewall software,good spyware cleaning software,a good program to watch movies, burn CD's,record audio,edit images,partition your hard drive,listen to music(media player SUCKS)
-you will always have to pay
-you will always have to be screwed
-you will always be a loser
-you will never get the chance how it is to work on a real Operating System not on an accident called windows...
PS:just keep on supporting M$ suckers!