Is Windows more secure than BSD/Gnu/Linux/UNIX?

[AngelicKnight]

Tyfon, your view is horribly misguided I fear. Some points to consider:

1) You don't have to pay for AV, spyware detectors, etc., as there are plenty of freeware alternatives out there. I run an AV, firewall, and four different spyware-detecting programs and haven't spent a dime. The only real issue is the ridiculous price of Windows.

2) A true expert can harden any OS by mastering it. A Windows expert can harden his OS as well as any Linux distro; conversely, a Linux user with no understanding of his OS can render it far weaker than Windows. In the end, security is defined by the man behind the machine, not the kind of OS he's running.

3) Gore as an MS advocate...Now that's just darn funny. Perhaps you should pay a little closer attention to what you're reading.

[whiteghost]

I do think linux is more stable,They are less bugs in linux.

[littlenick]

I just read a quick tip on AO "lock your door by all mean but remember never to open windows".
To me linux is much better then windows by far and by all means just with one exception(may be coz they still have to discover it) all windows bugs that are discovered are patched within a week of discovery(may be funny to many of you, sure i didn't read it on microsoft.com i was discussing the same topic with a hacker on zone-h irc chat).
the bottom line is: "Security and microsoft don't go hand in hand".

[chsh]

Originally posted here by gauravjulka
No doubt *Nix OSes are more secure as compared to the WIdows because of the Open source factor.

*nix generally refers to Linux, BSD, and all unix derivatives (Solaris, AIX, et. al.). Only two of those bases are open sourced. Open Sourced software also does not necessarily corrolate to security, though it is conducive to catching severe mistakes.

It is harder to hide viruses in the code for *nix OSes. Windows is provided by a single party Microsoft, the so called giant inthe software biz. It is its own sole responsiblity to fix the bugs which remain in their software. But for *nix there is no one responsible out there for bug fixing issues. If there is someone out there, Then do drop a message about it.

Actually there are. The various linux distributors take on that responsibility when they charge you for the operating system.

But administration in Windows 2000 is more sophisticated because of Windows Active Directory Services. Does any *nix system has any equivalent to this thing.

NIS+. Or now, Netware on Linux I suppose.

The beauty that this costly OS has in it its marvellous support over the network. Integration of various security mechanisms in one wonderful framework called Windows Active DIrectory Services.

Yes, they've almost managed to catch up to 10 year old Netware technology.

No. of applications don't count for the usefulness of an Operating System. Consider them when it comes to ease of use, user friendliness, sole responsibily for the professional creators for any bugs. So windows provides all that. Keep in mind that upto this point Windows is many step ahead of other OSs. The need is there to make it a bit open sourced so that even the amateur programmers can also tweak the bugs for themselves

There isn't a need to open the source of Windows, I don't know on what basis you think this is the case. Amateur programmers are part of the problem with software in general, and that discussion is better left for a software development discussion targeting bad development practices in general. Check the General Programming Questions and Programming Security forums' histories for such discussions.

Originally posted here by AngelicKnight
A true expert can harden any OS by mastering it. A Windows expert can harden his OS as well as any Linux distro; conversely, a Linux user with no understanding of his OS can render it far weaker than Windows. In the end, security is defined by the man behind the machine, not the kind of OS he's running.

This applies up to a point, but falls apart when you consider that after a certain point, there is more security capability on Linux than there is on Windows. To my knowledge there is no included in the OS method of jailing a process using chroot-style wrappers/technology.
Windows also opens itself to vulnerabilities by tying so many extraneous applications into the OS. How many IE vulns have to be classified as an operating system vulnerability because of its ties to the OS? The same is not true of most other OSes.

At a baseline the statement is correct, but you will eventually hit a wall where Linux can do many security-related things that Windows can't.

[gore]

Hehe, don't forget the "Firewall" features. XP has a Firewall Built in, and Linux has had them with IPChains, and then with the 2.4 Kernels, IPTables, and they can do more than block just inbound traffic. I'd love too see IE done away with. That and well, I STILL wonder why Windows Server 2003 comes with Windows Media Player. I can't think of many reasons why a Server OS would have that Media player. Too me that would add in on security threats.

Now, I'm no guru of FTP Servers, far from it, but I do think my server here at home (Heh, OK, it's a PC with PureFTPD running but hey it works!) I think it's quite secure. You have too log in too use it, and not only that it has to be with a valid username and password on the local system, meaning I have too give accounts.

And then you're jailed in a way that you can't do anything outside of /home/you because it doesn't allow that either. I also keep it updated, and X isn't running, but sometimes does when I need too do something with an X application but I try not having X loaded all the time because that not only wastes system resources, but it opens up a security flaw, because X is another application running in RAM, and in theory could make the machine less secure and less stable. I'm not a "purist" in computing but well, a little elitist I guess.

Current uptime on that box:

15:12:15 up 49 days 21:47, 3 users

I have 3 processes running:

Fetchmail, Mutt, and IRSSI. IRSSI has an uptime of:

15:13 Irssi uptime: 23d 13h 58m 28s

Heh, my IRC client has a better uptime than my XP and 2000 Professional boxes have. And I'm on like 7 channels. Just proves what everyone already knows: Irssi is the best IRC client ever.

[cacosapo]

Yes, they've almost managed to catch up to 10 year old Netware technology.

Altough Im not a *nix lover (neither a Windows lover - both are weak O.S.) i disagree of you about above statement.

MS even reached the NDS of Netware 4.1

MS must go thru a very very very very long development path to deploy that OLD nds structure. That i couldnt never understand why.

and why they kept that crap domain strucuture hidden on AD.

But backing to Gore "reborn" ideas, i think that a stripped *nix is stilll weaker than a full crap load *nix with a correct iptables config.

BTW, lets another question to you Gore: if i strip a Windows XP workstation, removing all services (but not activating MS firewall) that can be accessed from outside, do you think that this windows station will be stronger or weaker (standing for outside attacks) than your stripped *nix?

[AngelicKnight]

This applies up to a point, but falls apart when you consider that after a certain point, there is more security capability on Linux than there is on Windows. To my knowledge there is no included in the OS method of jailing a process using chroot-style wrappers/technology.
Windows also opens itself to vulnerabilities by tying so many extraneous applications into the OS. How many IE vulns have to be classified as an operating system vulnerability because of its ties to the OS? The same is not true of most other OSes.

And who says we don't have good quality content on AO anymore? Learned something new!

[gore]

Originally posted here by cacosapo
BTW, lets another question to you Gore: if i strip a Windows XP workstation, removing all services (but not activating MS firewall) that can be accessed from outside, do you think that this windows station will be stronger or weaker (standing for outside attacks) than your stripped *nix?

Hahahahahahahahaha! It wouldn't even boot up! RPC You HAVE too have that. That's one of the things with Windows, there are services that are insecure that it has too have too be used. This box right now, has SSH and Sendmail running. Sendmail isn't allowed too be touched or accept requests, and SSH, well, heh, a little configuration in /etc/securetty makes it so only tty 1 and tty2 can take a Root log in. You have too use "su" for anything else.

One simple step you can use for Free BSD and Linux too make it harder for someone too get Root access. If someone can somehow break my 38 character password for user accounts and then get through to the 42 character password for root, which looks like it's already Encrypted, then hell, I've failed lol.

[chsh]

Originally posted here by cacosapo
Altough Im not a *nix lover (neither a Windows lover - both are weak O.S.) i disagree of you about above statement.

*nix is not an OS...

MS even reached the NDS of Netware 4.1
MS must go thru a very very very very long development path to deploy that OLD nds structure. That i couldnt never understand why.

Patent infringement and copyright violation in all likelihood. Remember, Microsoft is really a newbie when it comes to the server game. They've had serious server products for about 10 years. Compare that to IBM, Sun, HP, etc., who all have unixes with multiple decades of experience behind them, and it's kind of an unfair comparison, though it does smack of them not learning from others.

and why they kept that crap domain strucuture hidden on AD.

For the same reason AMD's Athlon-64 has 8 bit and 16 bit processing instruction sets: Backwards compatibility.

[chsh]

Thought I'd post this update and bump the thread. This page might generate some discussion:
http://www.theregister.co.uk/securit...dows_vs_linux/

IMO a pretty good read, and although the guy is somewhat biased in his approach, it's pretty darned accurate if you are looking just at security.