Is Windows more secure than BSD/Gnu/Linux/UNIX?

[pooh sun tzu]

I agree with everything said above, except this:

The next question is, what are you tying to protect?

This is similar to me asking you why you are wearing clothes inside of your house? Are you afraid of a mole? Is there some hair you don't want people to see? Moral of the story: Just because people enjoy privacy does not mean they are hiding something. Privacy isn't just about hiding, it's a psychological state in which one can feel comfortable being alone with themselves.

[albn]

I never said if anybody is hiding something. Rather I am asking "Is all that security worth all the work?" If yes, goodie. If not, ignire it. That is just me, but hey, who gives a **** about what I think? heh

[pooh sun tzu]

That is just me, but hey, who gives a **** about what I think? heh

I do, and many others To each their own of course, and since you put your comments in a new light for us to see (and thus a new question) I can see where you are coming from.

It's just how different "Is all that security worth all the work?" and "The next question is, what are you tying to protect?" those two are from one another.


But, to answer you "Is all that security worth all the work?", it's simple. As a computer user you have a responcibility to keep your box secure, clean, and solid. Why? Because if your box is infected and spreads viruses, if it suddenly becomes an IRC zombie for a massive DDoS attack, or is hijacked and then used to breech and FBI computer, it suddenly lands in your lap. Why didn't you make sure other's couldn't use your computer for harm?

This is similar to having a gun, and hanging it up on the wall without any sort of security or protection. You wouldn't want your little daughter to blow her face off, so why allow your computer to shut down yahoo.com or be the base for another Sasser virus?

Just about resoncibility as a computer user, and of course just my opinion

[Vorlin]

Preface: I'm a unix systems administrator of 8 years. Hence why my comments may sound a little leaning towards *nix. I've used everything of windows since 3.11 onward, back in the days of the cpl files, the DOS shell powering the whole show, and upwards to XP SP1 now.

Now, all that said, I'm not here to fuel any particular side. I've learned more about security since I've joined this site from the various members who are way more adept in their fields than I'll ever be. I used to be a linux zealot and proclaimed that windows sucked and that it always will and it won't change, etc...

I've seen two things happen in the past few years. I've seen linux distros look more and more like windows with GUI interfaces, a much simpler and cleaner install package that anyone smart enough to move a mouse could figure out, and overall more people trying it out. I've also seen MS come to the table more in their effort to make Windows better. In some ways, it's amazing how far they've come (and you can see this with various areas in XP) and at the same time, some things haven't changed that much.

Windows, in its base form w/o special packages or third-party programs, does not "serve" anything to the internet. One might consider Netbios a service, but that's more or less for sharing and I don't call that a real service. In that aspect, it should be more "secure" than linux, because linux has (with all packages) things like apache, sendmail, a telnet server (shudder), ftp server with default permissions/etc, and other things that make it talk a lot more.

Windows behind a configured home router with default passwords changed, updated, and netbios turned off can be just as secure as a linux box set up correctly with services disabled that aren't used, correct application configurations, etc...

It's in the eye of the admin and if their box gets compromised because of a known service port not being used is exploited, then that's the admin's fault. If it's because of something specific to a program, it's not necessarily the fault of the admin. I can't do anything in concern with IE. It's tied into my windows XP box whether I like it or not, it's having more bugs and exploits found than sendmail EVER had (and that's saying a lot because sendmail had some serious problems in the beginning), and I have to hope and trust that IE, a program that MS hasn't improved in the past two years, will be updated and patched and I really pray then that their patch doesn't break something else (as has been shown repeatedly with MS patches).

With linux, I'm more comfortable because it is Open Source and that means I can do something with it. That's not to say that *nix programs are more secure than windows. On the contrary, when you have OS progs, you're giving the farm away and anyone can dissect your program into tiny pieces and find every problem that exists with that current version or release. However, stuff can be done if one wants to...whether it's break it or make it better. I like that. I like knowing that there are OS win32 programs and forums for those that develop them...I really like that because the whole MS closed-source from the start thing just had me irritated for years because of my frustration to want to make a program they have rights to better and more secure. Now it's turning around and others are changing their programs to OS. That I believe in more than an operating system choice.

Give me a choice, whether it's windows or linux and I'll choose linux by default because I can do what I want, how I want, when I want....the freedom is there. However, give me a windows box and I can do a lot in the same direction, but I'm not able to do everything I'd like. That's ok though as long as I can do something to make my life as an admin easier.

I don't agree with things that people put out where "operating system XYZ IS TEH BEST BECAUSE!!!!!1111" nor do I agree with websites who flaunt something about their program or whatever saying it's better than competitor XYZ with no proof. Especially in the light of glaring issues, bugs, exploits, or the like with said program...

Give me whatever, I'll work with it to make it better and secure...after all, it's all about the gaming!

[cacosapo]

above excellent post from Vorlin show us a lot of "points" that make some guys love one and hate other O.S.
I.E. on the opposite way, I hate to take care of systems that allow "too many changes" from the standard way. Just because of this: When you need to take care of hundreds of servers (and thousand of stations) you really dont want that local admin starts to "customize" the O.S.... you want that every server looks the same, has the exactly same parameters, etc..
But i do like linux because i can customize it at home....

Windows, the way that it "plugs" on hardware and turn installations "easy" is a pro. Of course, sometime it doesnt work and its a pain ....but most of the time its works. And save time... When you find a problem and starts to google (or go to MS) and find a solution, you can (most of the time) apply the same solution WITHOUT modification to your system.
On linux i have other experience.
"find a solution"
"oh i need the recompile some routines"
"damn ive changed other routines that affects this one and it wont work"
"start to find a solution for the new problem"
"and so on"
OR
"hum that solution applies to slackware but it wont work exactly on conectiva distro. Damn, i need to adapt the solution"
at 3:00 am? i dont like it.
Some stats: (from my clients portfolio)

99% percent of small business i use to deploy linux as servers (including fw)
70% of large companies dont want linux anywhere
90% percent of all clients i use to deploy windows as workstations.

I just hate both O.S.

[kryptonic]

The way I see it an OS is secure as the one running it. Like its been said before I have windows XP and its prolly more secure than my Red Hat Linux.

As for the virus thing. Like Enkrypt This said windows has more viruses because more people use it.

[xierox]

Originally posted here by kryptonic
The way I see it an OS is secure as the one running it.

Ya, I'm understanding this more and more. I used to be on the "Windows is Microsoft crap and it's their fault that there's so many viruses and that it's easy to hack" bandwagon, but I'm seeing that I was wrong. Microsoft has made a good OS with XP and as with any program there will be flaws. We humans are very prone to this sort of thing. These flaws will be, in turn, discovered. It's up to the user to update the computer, not Microsoft. (I must agree with pooh sun tzu in saying that is their duty to update if they have an internet connection so that they are not just spreading viruses and the like.) Linux also has flaws, nothing is perfect. (I've never worked with Linux although I plan to in the near future, but I've read a little on it and some guys at work use it.)

Regards,
Xierox

P.S. I'm not saying here that I agree with Microsoft's business strategy or anything. From what I've seen (and heard) of it, it's extremely aggresive about holding off compeditors.

[mohaughn]

If I had some good cooling for my boxes, I could easy have my network up for years at a time. Security updates would be installed on one box, then that one rebooted. And then when it came back on, I would update and reboot the others. That is how easy it would be to have a cluster up for years. It still counts as "up" as long as one box stays on while the others get rebooted.

As I run an extremely large farm of Exchange clusters at my work, and also have a fair bit of MVS experience I can tell you the the uptime of a windows clustered system pails in comparison to an MVS system... With windows clustering if you want to move resources from one node to the other the resource is unavailable while it is switched between nodes.. For exchange on an high powered system this downtime is about 4 minutes for a failover.. Not what I would call great uptime.. Add to that the fact that there are still applications being written that have to be installed on the active node, and not the passive node, you get even more downtime... The cluster may be up, but the resources are not available. That is not up to me.

I'd love to see how you would break into a MVS system running RACF... Everything, and I do mean everything, is segmented... Unhackable??? no... but to say that MVS isn't broken into because it isn't in use is also false.. Almost all major banking, telecommunications, and investing firms still use MVS.

[cacosapo]

I'd love to see how you would break into a MVS system running RACF... Everything, and I do mean everything, is segmented... Unhackable???

One of my clients (the big one) runs MVS/RACF... and is were i born on I/T (VM/MVS System Programmers and RACF Administrator.

Just to add some info on mohaughn post:

Yes, Mainframes are breakable.

as this: http://www.nigelpentland.co.uk/cracf.htm

how?

Just hiring dumb administrators...

hey!

it is the same problem as Intel, inst it?

[LeeBkr311]

Although what I'm saying is totally and completely bashing Windows at the same time I want to say I have given windows a chance I didn't just start bashing it without any experience with it (Notice no security bashes though. I know it can be hardened with 3rd party programs... I do it myself). And, yes I am using it at the moment and it is on my computer at home too (along with RedHat7.2 and OBSD 2.9).

FAULT #1: If windows is so great why does it take up nearly 50% of processing power on a 2.8 ghz processor when it isn't doing anything? (That was before services tweak but, should I really have to do that on a fresh install?)

FAULT #2: XP phone home!?! Need I say more (And I know that can be stopped but that's yet another hoop to jump through)

FAULT #3: How about the outrageous hard drive space it takes? RH can fit a full install and two different GUI's in what 1.5 gigs. Or OBSD which is less then 500mb. Windows with updates is about what 2.5 maybe 3gb. And then there's the memory usage. If you let it Windows alone would use a gig of memory. [What I mean is with my original 512 it used half of that now that I'm at 768 it uses half of that... And I know people at 2g of mem and they say windows uses nearly half of that (This is without anything running)]

Now I could keep going and list some more but I'm at work and should probably go actually do some work.

-_LeeBkr_-