PDA

View Full Version : Study: XP safer than Linux


Pages : [1] 2

Zelda_fan
02-17-05, 03:09 PM
http://seattletimes.nwsource.com/html/businesstechnology/2002182315_security17.html

apparently a linux fan and a windows fan ran some tests to see which OS was safer, and Windows XP came out on top. Not really suprising, and now I'm glad that there is proof to back it up.

Q
02-17-05, 05:46 PM
Jonk, you have just set the most wonderful flame bait.

I hope the flames reach the moon.

=D

Zelda_fan
02-17-05, 08:54 PM
lol I know. Once in a while I like to sit back and enjoy the fireworks. I'd like to see some discussion with an "official study" backing MS up.

Slyder
02-18-05, 12:53 AM
I always thought Linux was safer :confused:

Ahh well, not that I care... I have about - lets see now... 1 whole game that may work on Linux as oppose to 400 ish that will work on Windows.

Compatability, not security. :D

Head_slinger
02-19-05, 03:59 PM
Dude the Study has nothing todo with XP. Its Server 2003.

They compared Windows Server 2003 and Red Hat Enterprise Server 3 running databases, scripting engines and Web servers (Microsoft's on one, the open source Apache on the other).

Also I dont think you can tag the whole of Linux because one distribution has less security.

Riptide
02-19-05, 05:24 PM
You guys should read this thread if you want to see a real discussion on which one is more secure:

http://episteme.arstechnica.com/eve/ubb.x/a/tpc/f/174096756/m/153005469631

wshadow
02-19-05, 10:13 PM
http://seattletimes.nwsource.com/html/businesstechnology/2002182315_security17.html

apparently a linux fan and a windows fan ran some tests to see which OS was safer, and Windows XP came out on top. Not really suprising, and now I'm glad that there is proof to back it up.


OWNED!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Zelda_fan
02-21-05, 11:57 AM
Dude the Study has nothing todo with XP. Its Server 2003.



Also I dont think you can tag the whole of Linux because one distribution has less security.

Sure it does since 2003 is basically the XP core tweaked for server use.

TierMann
03-05-05, 02:06 AM
Worth a bump and some flames...

If this were going to be anywhere near accurate, then both systems should be running the same software. Not apache on one, IIS on the other.

Sure it does since 2003 is basically the XP core tweaked for server use.

You don't get the same security out of Gentoo that you do from Hardened Gentoo just like you don't get the same security out of XP that you do with 2003. Yes, same engine, but not the same OS. You can't change a registry setting or two and get 2003 out of XP.

seeker010
03-05-05, 01:53 PM
I'm not too surprised at the results. But of course neither platform was really hardened, only the default security precautions were used, iirc. Which does bring up the other issue: it's not as easy to hire a good linux admin as it is to hire a good windows admin.

retsam
03-07-05, 02:09 AM
now if they would only put both boxes in there default config on the net just to see which one gets owned first ... i linux get owned first then ill believe this.

SuLinUX
03-07-05, 12:01 PM
I suppose it's how you set it up and besides, Linux is much cheaper and can be made just as sercure.

intercede007
03-07-05, 01:40 PM
I suppose it's how you set it up and besides, Linux is much cheaper and can be made just as sercure.

Is it?

My College did a feasability study and found that, by switching from Windows to Linux would be cheaper as far as software and future hardware requirements, but the re-training, lack of formal vendor support and the premium Linux specialists charge would off-set the cost, and may prove to be less efficient in the long run.

I guess it just sort of depends on your requirements.

retsam
03-08-05, 09:16 PM
you almost hit the nail on the head with the problems with linux.. the one thing you missed is the confussion with all the diffrent distro's... man its a mess. but security ... linux handles security much more thuroghly and more effiencly then windows... man i had to do tcp/ip stock hardining on a 2003 box...man lets just say that performance almost halved... we even called in an m$ engineer from redmond to work out the problems... what a nightmare that was. lets just say linux doesnt have the performance penalties that m$ takes for secuirty ....

rewt
03-08-05, 09:33 PM
Knoppix Linux is pretty good. Theres even a version that runs completely off CD. No hard drives needed ;)

retsam
03-08-05, 09:50 PM
you should look at knoppix std ... this is by far my favorite distro.... all the fun security tools in one distro... how can you ask for anything else ...

rewt
03-08-05, 10:44 PM
Sure thing. I'll give it a look.

rewt
03-15-05, 05:49 PM
How safe is Windows when all you need is a boot disk that resets the administrator password?

http://home.eunet.no/~pnordahl/ntpasswd/

Oh my god, it's so simple even a complete n00b could do it.

But then again, you could use the Linux bootloader to set a password and prevent from booting into Windows :rolleyes: Oh wait, that would mean Linux is protecting Windows! I suppose that means Windows is the loser once again :thumbdwn:

LOL

TierMann
03-15-05, 08:02 PM
You could also mount both OS's partitions with a live-cd. Neither OS can do much about someone who's bored, has a live-cd or floppy, and access to your desk.

rewt
03-15-05, 08:50 PM
Good luck getting past the 256-bit AES encryption :p

Oh and what about Linux firewall iptables? That kicks Windows firewall in the arse!!

Rakeesh
03-15-05, 11:14 PM
This is really a dumb comparison by just looking at one distro IMO, anybody who has done any hacking with both OSes and has half of a brain can clearly see that. Especially when you look at it from the desktop perspective.

The worst thing about windows is that in most cases you must have a damn firewall and antivirus in place in order to get any security at all, and even that guarentees you nothing at all. The reason why is because by default, microsoft leaves a multitude of services actively accepting incoming connections and half of them you can't even turn off. Not only that but in windows it is a real pain in the ass to get anything working if you don't have admin privileges (try burning a CD as a regular user,) so pretty much everybody that runs a win machine must run as the superuser (with gentoo it's a mere one line edit of the /etc/group.conf file, and different user levels aren't even needed since you have a nice convenient little list of permissions you can run through, and you can even specify what programs they can and can't run.) That means if just one of your programs is exploitable, firewall or no firewall (because you have to open the port when it runs anyways,) your entire system is screwed in windows.

In linux on the other hand, only the stuff in your /home/username dir is vulnerable, unless of course you really have no idea what the hell you are doing. The same thing applies if you ever download a virus.

Not to mention the shatter exploit (http://security.tombom.co.uk/shatter.html) which microsoft will never fix simply because they can't (its caused by a design flaw; pretty much the only way they could feasably fix it would be to redesign a whole new OS from scratch,) and almost renders different user levels useless in windows.

Hands down, linux is far more secure simply by its design. Sure there are exploits here and there, but those can be fixed. The biggest of windows' vulnerabilities can't be fixed. And anybody who tells you that if linux became more popular, it would see as many exploits as windows does. That may be true to a point, however the turn around time for *major* exploits being resolved on linux is typically within a period of hours to a few days because just anybody who knows how to write code can fix it, whereas microsoft is well known for leaving major exploits open for periods as long as two months. Forget about the redhat distros, personally I haven't touched one in three years.

TierMann
03-16-05, 02:19 AM
Good luck getting past the 256-bit AES encryption :p

Oh and what about Linux firewall iptables? That kicks Windows firewall in the arse!!

True, but you can encrypt either OS with 3rd party software also.
And iptables does rule.

Ov3nCleaner
04-26-07, 11:11 PM
Sorry for gravedigging, this thread is relevent again.

linux has come along way in security in recent years(and remember, security is only as good as its user), its just it hasnt been incorporated into major distros yet. Pioneers of security are: Hardened Debian, Hardened Gentoo, and Adamantix.
Check out these protections now being tested (they are old, but are making progress in working into a distro near you)

Features the common user can take advantage of with minimal performance drain(for all, around 3% assuming 100% cpu load):

100% Position Independent code (makes exploiting stack overflow exploits around 1000* harder, this has recently been added to vista on a small scale)
http://en.wikipedia.org/wiki/Position_independent_code

Pax
This is similar to windows DEP, but does not rely on hardware. It is generaly considered far more feature rich, and is considered by experts to be better than exec-shield by red hat. Has a bad habbit of killing programs that generate code on the stack at run time, but this is being fixed mostly, and can be worked around by a simple command.
http://en.wikipedia.org/wiki/PaX

ProPolice(rather old, but has recently been incorporated by default into distros like ubuntu)
http://en.wikipedia.org/wiki/Stack-smashing_protection#GCC_Stack-Smashing_Protector_.28ProPolice.29

i use gentoo hardened myself, and i USED to have nvidias drivers working on it lol.
but linux still has issues with binary drivers, and new security technologies and nvidia apparently dont get along (its most likely a bug in Xorg for me however)

Security technologies on linux hopefully will be tighter integrated in the future, but for now its the casual users job to lock down his own system.

"This is really a dumb comparison by just looking at one distro IMO, anybody who has done any hacking with both OSes and has half of a brain can clearly see that. Especially when you look at it from the desktop perspective."

Yes, very true. If they had compared it with a hardened os, this would not be the case.

Dont get me wrong, Vista has made a big leap in security, but the whole idea for an OS that is 90% of the market having "Security Through obscurity" is just completely absurd.

And PS:

All you ubuntu trolls need to calm down. Your not aloud to even discuss security besides the fact that ubuntu truly has security through obscurity(besides propolice), although its getting better. I dont want to hear all this slashdot talk when your probobly have no idea how your system works one bit, outside of synaptic package manager. If you do, then no offense. but 99% of you are new linux converts and are being far to zealos, and scaring people away. Respect people regardless of their OS.
ubuntu is a great OS, but it people will not use it because your having a modern day linux crusade lol. They will use it when its ready, or they get fed up with windows

$n][pErMan
04-27-07, 05:29 PM
I enjoy boths OS's.... but here is a nice little snippit of my own...
# of times my Windows computers have been hacked = 0
# of times my Linux computers have been hacked = 1

Not much but then again I have a ton of server apps running on linux which make it a nice target for some script kiddie with no life :p Also worth noting is that it was hacked years ago and I have had 0 issues sence.

CaptNKILL
04-27-07, 05:33 PM
Wow... I didn't know Jonk was Zelda_fan...