The Last Watchdog

on Internet security by Byron Acohido

Windows vs. Linux security strengths and weaknesses

Posted on | October 23, 2009 | 13 comments

linux_windows2

With the launch of Windows 7 on Thursday 22Oct2009 , Linux vendors, led by IBM, are touting the intrinsic security superiority of Linux vs. Windows. Vendor hype aside, the Windows 7 launch does raise two big questions:

  • In what way is Windows 7 more secure than Vista or XP?
  • Is Linux truly more secure than Windows?

Jacob West, Director of Security Research at application security firm Fortify Software, thoroughly answers these questions in this exclusive LastWatchdog guest blog post. Comments are encouraged.

By Jacob West

Director of Security Research, Fortify Software

jacob-west_crop175px2Windows strengths
Security Development Lifecycle  (SDL)

  • Microsoft has done pioneering work with their Security Development Lifecycle, which builds security in throughout their development lifecycle.
  • Microsoft attributes significant reductions in mainline products-including Windows Vista, Internet Explorer, and SQL Server-direction to their application static analysis, runtime security testing, and other key aspects of the SDL .

Security on the Desktop

  • One positive side effect of the target virus and malware authors have painted on Microsoft products is that most Windows users have an antivirus or anti-malware utility install.
  • These tools aren’t silver bullets, but if the cyber villains out there decide to turn their crosshairs on non-Windows platforms users may find themselves in a rush to find solid solutions.

Windows weaknesses
Virii and Malware

  • Despite some valiant efforts, virii and malware plague the lives of Windows users who dare to use the Internet.
  • From the end-user standpoint it’s hard to argue with the fact that Windows users are more impacted by malicious software than users of other operating systems, which is supported by the fact that Kaspersky Labs found that more than 99% of malware threats in the first half of 2008 targeted Windows platforms.

Linux strengths
Architecture

  • One of the biggest advantages Linux has over Windows when it comes to security is its architecture.
  • The inherently multi-user architecture of Linux systems promotes a segregated hierarchy of trust that is fundamentally more secure than the single-user design of Windows systems past.
  • User Account Control (AUC) in Windows Vista, which means among other things that user programs run with restricted permissions and require the privileges of a super-user to perform sensitive actions, is a good step forward.
  • The poor security architecture of past versions of Windows continue to haunt current users in the form lf legacy software that fails to install or even run, in many circumstances, without the elevated privileges that UAC seeks to enforce.
  • Windows 7 takes a step backwards by relaxing the restrictions enforced by UAC to make installing and running legacy programs easier, but at the cost of security.

Many Eyes Theory

  • The “many eyes” theory proposes that because anyone can access open source code, developers will find and fix more bugs than in traditional closed code bases.
  • Projects like the Department of Homeland Security’s project to identify and remediate vulnerabilities in open source software and Fortify Software’s Fortify Open Review have demonstrated that community vulnerability identification efforts can effectively identify security bugs in open source.
  • However, our research suggests that widely-used open source projects are woefully lacking when it comes to providing their users with access to security expertise, implementing secure development lifecycles, and leveraging static analysis to identify widespread security vulnerabilities.

Linux weaknesses
New targets

  • One of the biggest security disadvantages for Linux is that hasn’t benefited from the years of attacks that Windows platforms have weathered.
  • Although their exploits are no fun for Windows users, the hordes of malware authors have served as de facto security auditors and have led to the remediation of piles of security bugs in Windows.
  • If Linux gains widespread adoption, there’s no reason to think the crosshairs of malware authors might not increasingly follow. The question will then be whether the eyes of the many developers that have contributed to Linux will stand the test of the highly motivated hackers poised to pull the trigger.
Category: Guest Blog Post

Comments

13 Comments »

  1. I think you completely overlooked one of Windows weaknesses, the only weakness that counts. That is that Windows fundamental design, where the web browser is the user interface to system configuration features, is hopelessly flawed.

    Fixing this fundamental design flaw will cost Microsoft billions and hundreds of thousands of labor hours to fix, if fixing it is even possible.

    Comment by Rex — 10/27/2009 @ 3:04 pm

  2. “One positive side effect of the target virus and malware authors have painted on Microsoft products is that most Windows users have an antivirus or anti-malware utility install.”

    hahaha, how often do those anti-virus programs actually work? just mention norton in any IT circle and you’ll get a chuckle.

    Comment by Anonymous — 10/27/2009 @ 3:17 pm

  3. Rex, which MS Windows configuration is set through the web browser?

    Comment by Doug — 11/15/2009 @ 2:05 am

  4. There are numerous typos here and the link to “our research” in broken.

    Comment by Doug — 11/15/2009 @ 2:07 am

  5. thx dude..
    this information is really important to me..
    coz i got trouble doing my assignment
    :D
    thx a lot

    Comment by cruzher — 5/11/2010 @ 9:59 am

  6. linux security as far as i know is one of best security going.i would like to put on my computer i have northen its ok.what is the cost.send e-mail let me know,thanks for ur time.bob”’

    Comment by robertpoole — 8/8/2010 @ 2:01 pm

  7. stimulus packages are very helpful for kickstarting the economy::.

    Comment by Bailey Singh — 10/6/2010 @ 2:34 am

  8. how did that stimulus work out for ya?

    Comment by Joe Short — 8/17/2011 @ 11:55 pm

  9. I hate niggers.

    Comment by Callum Mawston — 1/11/2012 @ 6:52 am

  10. stimulus package are really needed right now since the economoy is quite slow these days. ”

    <a href="Most recently released post straight from our own web-site
    http://www.homeimprovementstuffs.com/upvc-windows-instead-of-wood-windows/

    Comment by Erasmo Srsic — 11/22/2012 @ 12:53 am

  11. Critical to any society is maintaining good health care for all. Imagine a society where illness is rampant. The cost to government for negligently ignoring the sick, dying and those who will become ill due to lack of proper health care will necessarily be borne by taxpayers in one form or another. Originally, health care was provided in the US by employers because many workplace environments were dangerous. Employers worried about lawsuits from improper adherence to worker safety. :

    Most recent blog post provided by our personal web blog
    <.http://www.caramoantourpackage.com/

    Comment by Bruno Belke — 2/21/2013 @ 11:37 am

  12. Pa-leaze….clean up your comments.

    Comment by Star — 4/21/2013 @ 9:42 pm

  13. there no reference

    Comment by mwakapona f — 5/15/2013 @ 4:52 am

RSS feed for comments on this post.

Leave a comment

Search Last Watchdog

Navigate Last Watchdog