Study: Linux Is Least Secure OS

My current system is Fedora Core + CentOS with Windows inside a secure Virtual Machine.

I am a regular home user but here's my views, if you have common sense you will not get viruses or *EVER GET HACKED*.

I have seen what others are talking about where viruses come out of nowhere, it only happens on a fresh 98/2000/XP install from an *original CD without any patches* and without a *hardware* firewall - people in that situation should use their brains and update their CDs.

On my PC I have never got a virus, and anyone who says that a secured Windows PC gets viruses out of nowhere is spreading FUD.

I have never had problems because removing the unnecessary cr@p that is (useless for home users) included with both Linux and Windows and hardening system permissions makes everything more secure.

The issue with Linux security is too many people are using systems like Ubuntu or SuSE OSS for servers and believing they are secure out-of-the-box for a server.

Who would use Windows XP SP2 for a server no-one would, because it isn't built to be used on a server.

I believe more people know how to use Windows (obviously, common sense right?) which means less people know how to use Linux properly (again, common sense).

So therefore more people are going to know all the precautions to take with windows (disable 3/4 of it's services, put on antivirus & firewall, fix sh!t file system permissions, login as limited account etc.)

Less people will know what to do on Linux (check for updates constantly, setup all server bits in a chroot etc.)

Each system has problems if you know what the problems are and use the built-in security each OS has you will be OK.

It's a matter of intelligence and mi2g obviously has none.

Sorry for the long post but you all sound like you either back Linux or Windows.

P.S When someone says Slackware vs Windows 2000 that is a fair contest because Windows 2000 still gets security updates making it as up to date as Slackware with regards to security.

I'm on the fence with this issue. I've admistrated RedHat for years as well as Windows and found that Linux is often broken into but ONLY when you don't keep on top of security updates. With the new RedHat Network it's rare that a common hacker will find a threat that hasn't been automatically patched. At my current job all of our Windows servers are behind firewalls while our Linux servers are the ones out in the DMZ or on the net all alone (with IPChains or IPTables running). Our Windows web servers go through a firewall as well.

I'd say that Linux is easier to break into if you don't do your homework but for me the biggest reason I prefer Linux for internet servers is becuase it's so much more flexible, faster and cheaper than windows.

Linux can be secure and so can Windows but so many people don't do their work and somehow expect that the OS will do it for them - those are the ones who get burned.

I've run RedHat 7.2 (yeah 7.2) on a crap laptop in my home for five years on DSL - I don't even patch the thing because it's just a little junk server - no one ever touches it becuase it's got a firewall something a lot of home users won't do.

I don't believe these reports much because MS obviously scared of Linux and putting lots of money into making it look bad. I've used Mac OS X and found it to be the wave of the future and MS is terrified of it all linux ports.

I use XP and have tried some linux distros that have disappointed me. Now I run mainly FreeBSD on a desktop and I would say it's just so GOOD. End to the endless package havoc and numerous XP reboots.

But lets talk about statistics. It is science anyway, so stop with the stupid jokes about it! It's not so hard to calculate the real percantege of how often the different OS's get hacked. Using the Bayes' theorem it's easy to calculate the posteriori probability a hacked system to be win/lin/bsd/mac/etc.
All the data needed is:
how spread an OS is. (example lin=60%, win=30%, bsd=4%, misc=6%)

What would be harder to find is how many machines running certain OS get hacked/breached/etc. For example of 10,000 linux servers worldwide, 4500 got hacked in a period of time, which is 45%.

Being provided with this data, everyone can calculate more realistic numbers, and not the obviously misinterpreted results from mi2g.

Another way to measure the stability of an OS is to compare it longest running times. If a system has been running for 2.5 years, doesn't that speaks for it stability? Of course it could have been hacked but the attacke wasn't able to break the system down. Think about it!
Go check this: http://uptime.netcraft.com/up/today/top.avg.html

To add abit more from my post above where I said:

"wow... ever think Linux is more exposed to attacks because it is used more??

Alot more servers are linux than they are windows."


I'm no programmer but give me a break. Welcome to the frikin spin zone.

Cpanel which has been the most used web control panel on the internet doesn't have a windows platform; only BSD and Linux... so go figure.

That's like saying "My city has the least crime in the world!" And leaving out: Population 52

A better example is this post below from November by greglara:

******************************************



C'mon, let's anylize this information realistically here. The majority of "permanently connected" systems are what? Web servers, right? So, Linux in this context is the largest attack surface, the frontline if you will, so they will inevitably be the hardest hit. Then you notice that medium and large businesses are the least hit. That's because they have people who know what they're doing. I can't tell you how many times I've gone to a site to see the default Apache "congratulations" page come up. I'm not a hacker, but that is basically a welcome mat that says "hey, come on in, the door's open."

So, it's not the OS that's to blame here, it's the people who don't know what they're doing.

Everybody and their mother knows that Windows is vulnerable, and, without having read the report, I'd guess that those malware attacks that caused "$202 billion in damages" were primarily directed against the Windows systems.

I too am sorry to see this spun in such a way to try and make Windows look more secure than Linux.


greglara -November 04, 2004

wow... ever think Linux is more exposed to attacks because it is used more??

Alot more servers are linux than they are windows.