Re: Security through wide system use?

From: Dale Dellutri (ddelQQQlutr_at_panQQQix.com)
Date: 12/23/03 

Date: Tue, 23 Dec 2003 19:41:00 +0000 (UTC)

On 23 Dec 2003 02:12:33 -0800, in comp.os.linux.security Andrew McCall <mccall@h2o.demon.co.uk> wrote:
>...
> I received an email today from my manager pointing me to an article on
> news.com.com[1] that states Windows gets hacked more because its
> popular, and Linux isn't as popular so it doesn't get targeted as
> much.
> Personally, I think this is a very simplistic view, from both Linux
> and Windows viewpoint, and would like to find references and articles
> discussing this so I can try and highlight this to the manager. One
> source of information I have already identify is the Netcraft[2] web
> server survey but if anyone else can help me gather more information
> please can you post the information for me.

I don't think it's just because MS Windows is more popular. There
are two main problems with MS software:

1. Insecure by design. Services, even those you'll never use, are
deliberately started by default for convenience sake, and this leads
to a dangerous situation. See (URLs will probably wrap):
  Linkname: washingtonpost.com: Microsoft Windows: Insecure by Design
  URL: http://www.washingtonpost.com/ac2/wp-dyn/A34978-2003Aug23
and
  Linkname: Safe Network Computing: Windows Desktop
  URL: http://www.columbia.edu/kermit/safe.html

To see how to disable services in two propular MS systems:
  URL: http://www.blackviper.com/WIN2K/servicecfg.htm
  URL: http://www.blackviper.com/WinXP/servicecfg.htm

2. Users are encouraged, again for convenience, to run as the most
privileged users on the system. In Windows XP Home, all users are
privileged. In Windows XP Pro and Windows 2000 Pro, users can be set
to have no privileges, but this is rarely done -- it's too
inconvenient. Thus worms, viruses and malware of all kinds can spread
everywhere at will.

By contrast, in Linux nearly all services are disabled by default, and
users are discouraged from running as root. This is much safer.

Finally, Linux is open source so many people are finding and FIXING
holes. MS is all closed source, so only MS can fix it. There are
still some dangerous holes in IE that have never been closed. 

-- 
Dale Dellutri <ddelQQQlutr@panQQQix.com> (lose the Q's)

Relevant Pages

  • Re: [opensuse] Who said Linux doesnot get Virus infections
    ... be bogged down with virus attacks as MS is now. ... The reason windows is attacked is because its EASY, ... Social engineering is always a risk, but with Linux you can even prevent ... Bill would like you to believe its JUST because his OS is popular. ...
    (SuSE)
  • Re: Security through wide system use?
    ... > I received an email today from my manager pointing me to an article on ... > popular, and Linux isn't as popular so it doesn't get targeted as ... > Personally, I think this is a very simplistic view, from both Linux ... I don't think it's just because MS Windows is more popular. ...
    (comp.security.misc)
  • Re: Security through wide system use?
    ... > I received an email today from my manager pointing me to an article on ... > popular, and Linux isn't as popular so it doesn't get targeted as ... > Personally, I think this is a very simplistic view, from both Linux ... I don't think it's just because MS Windows is more popular. ...
    (comp.os.linux.security)
  • Re: Why Linux is not getting poplular in Desktop in any Corporate world?
    ... > support only Windows. ... How Linux can be popular in Desktop world?. ... Shoot the CEOs or the windows salesmen? ...
    (alt.os.linux.suse)
  • Security through wide system use?
    ... I received an email today from my manager pointing me to an article on ... popular, and Linux isn't as popular so it doesn't get targeted as ... Personally, I think this is a very simplistic view, from both Linux ... I apprieciate that there are many factors in system security. ...
    (comp.security.misc)