Linux or Windows- the security issue

I'm going to knock some of the bad notions here:

1) Linux is more secure because of less marketshare.

Not in the server market, where public machines get slammed by bots, viruses, hackers, etc. all day:

http://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Servers

2) Windows is more secure in recent versions.

At least at the kernel level, you're seeing more CVE reports of remote execution exploits and privilege escalation in Windows, more local DoS attacks to a multi-user environment in Linux, also you'll find more critical CVEs on Windows (I had a bunch of statistical breakdowns from a CVE database but I can't find that post I made months ago, so frustrating! Google isn't helping me find it...).

As you can see Server 2008 has a much higher weighted average of CVE severity:

http://www.cvedetails.com/top-50-product-cvssscore-distribution.php (plus, all Linux vulnerabilities from the 1.2 days vs the past 5 years of 2008 development!)

Of course you run with something like Ubuntu that comes with a bunch of software and pre-configuration on top of it, they're at the whim of the software running on it.


My opinion on the subject: Linux is built around a lot of Unix concepts, 40 years of software development and people beating these boxes to death, it is secure mainly by Unix's trial by fire, and this has helped immensely, lots of lessons were learned and directly applied to Linux.


Has this got anything to do with the Open-source nature of Linux?

A lot of it has to do with that, at least with the speed at which the higher volume of CVEs are addressed. This also allows a lot of smaller issues to be found and fixed (mainly due to it's popularity, because open-source with no popularity means few eyes on the code and little interest to fix).

Its underlying architecture (and the difference from Windows)?

Being built up around a multi-user environment helps a ton, these systems were built to have tons of people on them at once, and no one user should be able to interrupt another.


Valid Reasons:

  1. Smaller userbase in Linux makes desktop Linux a less attractive target. If only 0.1% of computers are running Ubuntu 10.04 and your trojan horse only works on that specific version of Linux, it will likely never catch. If your trojan horse only works on Windows XP, you still can attack ~25% of the market.
  2. Often (not always) more knowledgable and more security conscious userbase. That said, OSes like Ubuntu have made Linux more accessible and you can find people doing dumb things on it.

Furthermore, somewhat debatable reasons you could argue that Linux often has a more secure design (that may not be so true any more as other OSes have played catchup).

  1. Good privilege separation and access controls with su/sudo, that don't really exist in older versions of Windows.
  2. Say you need some new software (image editor, LaTeX, or Python, etc) that doesn't come pre-installed in your OS. In Linux, 99% of the time you use your package manager to automatically download and install cryptographically signed software validated from a chain of trust. It will automatically use this for updates as well (so its easy to keep all software system-wide up to date, quickly patching security holes). In Windows, the majority of the time when I need to install something new, I have to search the web for it, download and install from some random http website that could load their software with spyware/bloatware/trojan horses or I could be subject to a MITM attack and download/install some virus instead, and each application has its own (different) installer/automatic updater. (That said I find people too trusting of PPAs, random scripts on the internet, or adding browser extensions as major security vulnerabilities of both Linux/Windows).
  3. ssh. Your standard connection to another remote machine through ssh is very convenient and powerful, which is vastly superior to any windows remote authentication in terms of security. Whenever you connect to an ssh machine, you cryptographically check that the host key of the other machine hasn't changed from the previously used key; you can use your ssh private key to respond to a challenge token without letting eavesdroppers use replay attacks or keyloggers see your password. Then all traffic is sent encrypted between the two machines; furthermore its trivial to set up on a Linux box.
  4. A variety of free Linux security tools: SELinux, AppArmor, wireshark, iptables (or a wrapper like ufw), ssh, cron, top (really htop), fail2ban, tripwire, GPG, OpenSSL, md5sum/sha256sum, etc. It's also very easy to setup scripts, scan a log file and email an alert, and do everything from the command line, etc. Granted most (all?) of these probably have Windows equivalents, but they tend to either not be free or change a lot between versions. Setting up a cronjob is basically to automate some task is pretty much the same as it was for the past 20 years; while setting up an automated task in Windows will have dramatic changes between OSes.

Not valid reasons:

  1. Linus's law: "given enough eyeballs, all bugs are shallow" hence open-source being more secure than closed-source software. I don't find this argument particularly convincing as significant security holes have been found to have existed for months/years in open-source stuff (e.g., Debian OpenSSL). Its even worse as attackers can read the source, look for bugs (or even try to introduce disguised bugs into the codebase ). However, I don't believe that close-sourced software is intrinsically more secure either -- people still make mistakes and you can easily pay someone to introduce holes into a proprietary codebase (and with less eyeballs it may be impossible to notice); clearly security bugs and backdoors often do exist in close-sourced software and are attacked as well. (I consider this one more or less a tie.)

I suspect that the virus/malware situation on Linux is pretty much what would be "normal", and that the virus/malware situation on Windows is a statistical freak, more of a "Dragon King" than a Black Swan.

Windows has an unusually baroque set of APIs, Win32, NT native API, on and on and on, and there have been some problems between them, like Win32 being basically an ASCII interface while NT native is Unicode. This has at least facilitated malware. As an example of a Rococo detail, think about the magic device file names, AUX, CON, LP that work in any directory.

The Windows native API has never really been documented, and this lack of documentation flows though to other things, such as: what set of file name extensions is for executable files? Why does the file name determine whether a file is executable or not? Didn't the NIMDA worm spread via some problem with ".eml" files, as an example. Nobody knew that .eml files were executable at the time.

Windows has no tradition of separation of privileges, indeed it has a tradition of single, root-user. Lots of applications still assume this. Windows has no tradition of separation of data from executables. I give you Word macros embedded in the .doc file as an example of un-separated data and instructions that have historically caused virus problems.

Linux has at least traditions opposite to all the above points: mildly effective discretionary access controls, simple enough to be applied on a day-to-day basis, yet comprehensive enough to keep traditional file-type viruses at bay. The system call interface is only moderately complicated, and since source code is freely available, multiple sources of documentation exist. Executables typically live in "bin" directories, and data lives in another. Each executable has its own configuration file, rather than sharing the big ol' Registry. Data files live in per-user directories, and almost never contain the kind of all-powerful macros that Word, etc, data files contain.

Also, "linux" doesn't really exist as "Windows" does. Hundreds of distros exist, each customizing almost every aspect of low-level details. Different compiler versions, different linux kernels, some all-modular, some without modules. That's true of virtually every software aspect of a system, from the kernel, to email clients. Where "Windows" users by-and-large use Outlook email clients, Linux users use an array of hundreds of different clients, each in tens of versions. There's no user base for any given version of any given piece of software: the user base is not just fractured, it's shattered. This makes it a lot harder to find a vulnerability on a suitable number of hosts, or to write an exploit that would work on a large enough number of instances of software.

Tags:

Windows

Linux