MALWARE
The security aspect of Linux is much stronger than that of Windows. The Linux operating system has been around since the early nineties and has managed to stay secure in the realm of widespread viruses, spyware and adware for all these years. There has not yet been a widespread Linux malware threat of the type that Microsoft Windows software faces; this is commonly attributed to the malware's lack of root access and fast updates to most Linux vulnerabilities. Also the reason for such widespread malware threat for windows is poorly engineered software. Most people use Microsoft Windows and creators of malware want to do as much damage as possible: therefore, they target Windows.
Due to the strong separation between normal users and the privileged root user, Linux user would have to be running as root to really do any damage to the system. He could damage his /home directory, but that's about it. So for the virus to do some harm the steps become the following: read, save, become root, give executable permissions, run. The more steps, the less likely a virus infection becomes, and certainly the less likely a catastrophically spreading virus becomes. And since Linux users are taught from the get-go to never run as root, there is not much of a damage that the virus can do. Linux runs on many architectures, not just Intel, and there are many versions of Linux, many packaging systems, and many shells. But most obvious to the end user, Linux mail clients and address books are far from standardized. KMail, Mozilla Mail, Evolution, pine, mutt, emacs the list goes on. It's simply not like the Windows world, in which Microsoft's email programs - Outlook and Outlook Express - dominate. In the Windows world, a virus writer knows how the monoculture operates, so he can target his virus, secure in the knowledge that millions of systems have the same vulnerability. But Linux establish a more secure footing than Microsoft Windows, one that makes it far harder for viruses to take hold in the first place, but if one does take hold, harder to damage the system, but if one succeeds in damaging the system, harder to spread to other machines and repeat the process.
ANTIVIRUS
Anti-malware tools for Linux do exist but these programs are mainly intended to filter Windows malware from emails and network traffic traveling through Linux-based servers. The extreme rarity of this type of occurrence is such that it is not usually necessary to use anti-malware programs. The exception to this would be if the Linux-based system is connected to Windows-based systems, and only to mitigate the spread of Windows malware. Once malicious software is present on a Windows-based system, it can sometimes be incredibly difficult to locate and remove. As such, users are advised to install and run anti-malware programs.
FIXES
Linux operating system is open source and if there were a widespread Linux virus released today, there would be hundreds of patches released tomorrow, either by ordinary people that use the operating system or by the distribution maintainers. There is no need to wait for a patch from a single company like we do with Windows. With the hundreds of programs in a distro, there are thousands highly skilled and experienced developers along with a very large group of testers that spend hundreds of hours trying to find the errors and eradicating them. Another thing, if the Linux user community find something they missed, it will usually take just a day or two, when reported, to get a fix written and made available to the entire community. Unlike Linux, Windows usually has a waiting period of a month or more for a security patch.
OPEN VS CLOSED
All software has and will have bugs (programming mistakes). Linux has a reputation for fewer bugs than Windows. The difference in OS development methodologies may explain why Linux is considered more stable. Windows is developed by faceless programmers whose mistakes are hidden from the outside world because Microsoft does not publish the underlying code for Windows. They consider it a trade secret. In contrast, Linux is developed by hundreds of programmers all over the world. They publish the source code for the operating system and any interested programmer, anywhere in the world can review it. Besides the wide audience for peer review, there is likely to be pride of ownership on the part of the developers of Linux that cannot exist with Windows. Open source software works well because it taps into the true motivation of programmers in a way that corporations often don't. At most corporations, their best work is hidden behind locked and guarded doors.
Windows claims closed source offers a faster and more effective response to security issues, though critical bug fixes are only released once a month after extensive programming and testing and certain bugs have been known to go unpatched for months or even years. For linux bugs can be fixed and rolled out within a day of being reported (often within hours).
Also, as Windows is closed-source, consumers have to trust that Microsoft is not doing anything against them. However, for Linux the source code is available and nothing is hidden. Anyone can review the code and make changes to it.
AUTHENTICATION
In Linux, only root has the power to change or modify files. All maintenance tasks require to be logged on as root. Unfortunately, running as root (or Administrator) is common in the Windows world. In fact, Microsoft is still engaging in this risky behaviour. Windows XP, supposed Microsoft's most secure desktop operating system, automatically makes the first named user of the system an Administrator, with the power to do anything he wants to the computer. The reasons for this decision boggle the mind. Even if the OS has been set up correctly, with an Administrator account and a non-privileged user account, things are still not copasetic. On a Windows system, programs installed by a non-Administrative user can still add DLLs and other system files that can be run at a level of permission that damages the system itself. Even worse, the collection of files on a Windows system - the operating system, the applications, and the user data - can't be kept apart from each other. Things are intermingled to a degree that makes it unlikely that they will ever be satisfactorily sorted out in any sensibly secure fashion.
AUTHORIZATION
Linux implements a multi-user environment where users are granted specific privileges and there is some form of access control implemented. To gain control over a Linux system or cause any serious consequence to the system itself, the malware would have to gain root access to the system. In Windows the user (and any program installed) usually have the right to do pretty much anything to the system. If a user can delete system files arbitrarily, other programs can, too. On the other hand, Linux doesn't allow that. Every time you request to do something that has to do with maintaining the system, root password is required. If you're not root on the system, you can't change or erase a thing.
In a similar respect, viruses, Spyware, and Malware can't travel haphazardly around the system and delete or modify files happenstance -- and that's simply because these programs don't have the authorization. In fact, most (around 90%) of all system configuration files can only be changed by the root -- and only if he has the root password.
FIREWALL BUILT IN THE KERNEL
A firewall can be used to block any ports that you do not want to be open to your systems inside the firewall. Application security for Linux is enhanced with firewalling built into the kernel. In windows, firewall is not as closely integrated with the kernel. It is more of an addition to the Windows operating system. However, in Linux firewall forms an integral part of the kernel. In windows system, the problem with the firewall security is that regular user can manage it which is not possible in Linux. In Linux, only root can configure the firewall. Also, in windows even the applications can open ports and expose the system to a security threat.
ACTIVEX OR PLUGINS
ActiveX can be potentially harmful as they have much higher level of power and have the ability to modify the system files. The tendency for Microsoft to mix data and program code in its applications, that is, ActiveX, can allow untrusted data from outside the system and can cause the activation of arbitrary code with untrusted data. Linux doesn’t support ActiveX. However, it supports plug-ins in some applications like Mozilla firefox. But these plug-ins have no control over other applications. They can only run within that workspace and do not escalate to higher levels of the system.
USER PERMISSIONS
Windows can be configured to either ask for the userid/password at startup time or a default can be set instead. Linux do not allow the root user to login automatically. Windows, in contrast, is happy to let an Administrative user auto-login. Windows XP Home Edition supports Administrator class users that have full and total access to the system and restricted users that, among other restrictions, can't install software. Very often Windows users use an Administrator class userid which gives viruses total access to their system. In contrast, Linux users often run as regular non-root users which not only means better security it also means that, if they get a virus, the operating system greatly restricts what the virus can do.
ADMINISTRATIVE CONTROL
Linux has an administrative (root) user that maintains and operates the system, and desktop users who only run the software on the system, is completely ingrained in most Linux distributions. The system defaults to protecting the operating system components from its user’s actions (intentional or otherwise). That feature alone must account in large degree for the dearth of viruses and other malicious vermin on Linux. All the tasks other than administrative tasks are done in non-root accounts. The root user is called a superuser because it has powers far beyond those of mortal users. The permissions system in Linux is set by default to prevent access by ordinary users to critical parts of the system and to files and directories belonging to other users. Windows users, on the other hand, are accustomed to bypass this permissions system on their personal computers by logging directly into their administrator account. Although this provides momentary relief, it should be avoided and ordinary work on the system should be done via an ordinary user account. This makes windows a weak permissions system.
It is possible to operate Windows and Linux with administrator and regular user accounts, but many third-party Windows applications don't strictly adhere to this distinction, and often need to be run by users with administrator privileges to operate correctly. Viral attacks initiated by these users therefore become more damaging. Linux applications usually respect this security requirement and are therefore less susceptible to such exploits.
SECURITY MECHANISM
Microsoft and Linux both provide support for authentication, access control, audit trail/logging, Controlled Access Protection Profile, and cryptography. The user of a Linux system can decide to add additional security mechanisms to a Linux distribution without having to patch the kernel.
Various access control mechanisms that keep applications separate from each other and from the base operating system, which limits the impact of a security problem with an application. Linux base security is further enhanced by solutions that enable System Integrity Check functionality to periodically verify the integrity of key system files and warn those responsible for system security whether a file's contents or properties have been changed.
Microsoft's model focuses on providing one build of a product that can enable weak or strong encryption simultaneously. Although modules are not all signed by one key, it only takes one key to be compromised to make the entire system vulnerable to attack. This can happen either by having an authorized code signer accidentally disclosing their private key, or by having a certifying authority issue a certificate in error.
NETWORKING SECURITY
Linux and Windows support for network security and protocols are comparable. OpenSSH, OpenSSL, and OpenLDAP are available on Linux and corresponding closed source implementations -- SSH, SSL, LDAP -- are available on Microsoft systems (although some not by default). Linux is somewhat superior due to continuing security issues with Microsoft IIS and Exchange/Outlook. Apache and Postfix are cross-platform applications and tend to be more secure than corresponding Microsoft products. And Snort is an excellent intrusion detection system.
Microsoft is taking strides to redesign the security of its products and provides patches for its installed base. Still, security issues in legacy Windows products persist and complicate this task. This leaves many Microsoft users exposed to security threats since patches must be well documented prior to deployment.
| | |
