Why are Linux-based operating systems considered safer than Windows? [closed]

I hear that Linux-based systems are better for security. Apparently they don't have viruses and do not need antivirus software. Even my university claims this - they refuse to have Windows on their servers, which is a real shame because we wanted to use the .NET framework to create some websites.

The only reason I can see Linux being safer is because it's open-source, so bugs theoretically would get caught and fixed sooner.

I know a bit about how operating systems work, but haven't really delved into how Linux and Windows implement their OS. Can someone explain the difference that makes Linux-based systems more secure?

Solution 1:

I don't think an operating system is "secure". A particular configuration of an operating system has a particular degree of resistance to attacks.

I'm probably going to get flamed for being a "Microsoft apologist" here, but this thread is very stilted toward generalizations about "Windows" that aren't true.

Windows 1.0 - 3.11, 95, 98, and ME are based on DOS. This lineage of operating systems didn't have any security in the formal sense (protected address spaces, kernel / user mode separation, etc). Fortunately, when we're talking about "Windows" today we're not talking about these operating systems.

The Windows NT family of operating systems (Windows NT 3.5, 3.51, 4.0, 2000, XP, 2003, Vista, 2008, and 7) has had a very reasonably security system "designed in" since the initial release in 1992. The OS was designed with the TCSEC "Orange Book" in mind and, while not perfect, I do think it is reasonably well designed and implemented.

• Windows NT was "multi-user" from the beginning (though the functionality of multiple users receiving a graphical user interface simultaneously from the same server didn't happen until Citrix WinFrame in the Windows NT 3.51 era). There is a kernel / user mode separation, with address space protection relying on the underlying hardware functions of the MMU and CPU. (I'd say that it's very "Unix-y", but actually it's very "VMS-y".)

• The filesystem permission model in NTFS is quite "rich" and, though it has some warts relative to "inheritance" (or the lack thereof-- see How to workaround the NTFS Move/Copy design flaw?), it hasn't been until the last 10 years or so that Unix-style operating systems have implemented similar functionality. (Novell NetWare beat Microsoft to the punch on this one, though I think MULTICS had both of them beat... >smile<)

• The service control manager, including the permission system to control access to start/stop/pause service programs is very well designed, and is much more robust in design that the various "init.d" script "architectures" (more like "gentleman's agreements") in many Linux distros.

• The executive object manager (see http://en.wikipedia.org/wiki/Object_Manager_(Windows)), which is loosely analagous to the /proc filesystem and the /dev filesystem combined, has an ACL model that is similiar to the filesystem and much, much richer than any permission model that I'm aware of for /proc or /dev on any Linux distro.

• While we could debate the merits and disadvantages of the registry, the permission model for keys in the registry is far more granular than the model of setting permissions on files in the /etc directory. (I particularly like Rob Short's comments re: the registry in his "Behind the Code" interview: http://channel9.msdn.com/shows/Behind+The+Code/Rob-Short-Operating-System-Evolution Rob was one of the main people behind the Windows registry initially, and I think it's safe to say that he's not necessarily happy w/ how things turned out.)

Linux itself is just a kernel, whereas Windows is more analagous to a Linux distribution. You're comparing apples and oranges to compare them like that. I would agree that Windows is more difficult to "strip down" than some Linux-based systems. Some Linux distributions on the other hand, ship with a lot of "crap" turned on, too. With the advent of the various "embedded" flavors of Windows it is possible (albeit not to the general public) to build "distributions" of Windows that differ in their behaviour from the Microsoft defaults (excluding various services, changing default permissions, etc).

The various versions of Windows have had their share of poorly-chosen defaults, bugs that allowed unauthorized users to gain privilege, denial of service attacks, etc. Unix kernels (and plenty of Unix-based applications running by default as root) have had the same problems. Microsoft has done an amazing job, since Windows 2000, of making it easier to compartmentalize applications, run programs with least-privilege, and remove unneeded features of the OS.

In short, I guess what I'm saying is that the specific configuration of a given operating system for your needs, with respect to security, matters more than what type of operating system you are using. Windows and Linux distributions have very similiar capabilities with respect to security features. You can apply solid security techniques (least-privilege, limited installation of optional components, cryptographically secure authentication mechanisms, etc) in either OS. Whether you actually do or not-- that's what matters.

Solution 2:

One other thing that's not mentioned is that security in Windows is much more opaque than in Linux.

For example, I can look at a couple of text files, and see exactly what my web server is running. IIS? Not so much - you can see the results of the configuration thru the GUI tool, but there are hidden settings. Then you have to use a different set of tools to review the ACLs on the files, etc.

It's the same with most programs in the windows world - it's very difficult to quickly understand exactly what's affecting the run-time environment, between the registry & ACLs.