Hello,
Can anybody plz tell me how and why linux security feature is more robust than Windows.
thanx

One great reason is, for a while anyway, that most of the badass OS-crackers aim their attacks against Windows. And that Linux is "newer software" than Windows, and has learnt of some mistakes made in Windows, and is based on a totally different platform, which is why the "old" windows-diseases won't affect it that much.

It is certain, though, that no matter how robust the security of Linux is, some day when Windows goes out of the lights and the crackers' heads turn at Linux, the penguin-friendly OS will be as full of holes as Windows is today. Well, maybe not that much since Linux has more coders around the world than MS does, but that will not mean Linux is the ultimate OS that will keep on being a virus-free, problem-free, ultra-secure and totally-nice pack of goodies forever.

Moved: This thread is more suitable in Linux-Security and has been moved accordingly to help your thread/question get the exposure it deserves.

That's just a silly argument. More eyes don't make more holes any more than more firefighters make more fires.

You can never make a claim like that.

Actually, it may be the other way around... Linux machines may be attractive targets as they can be expected to be online at all times. They have a compiler, a shell and just everything they could want to command IRC bots, to download and (re)compress stuff or whatever.

Linux still is (and IMHO always will be) more secure than windows as it has many in-built security features in place. For instance even if a linux machine is hacked, you would specifically need to have access to a privileged account to have any serious affect on the system. The permissions system on Windows OS is relatively easier to bypass.

Plus if a system admin implements additional security features such as extended attributes, ACLs and SELinux policies you will be hard pressed to find a comparably safer OS around.

I have to agree with b0uncer though. The more popular an OS gets the more attention it gets from the hacker community.

As advocate of the devil:
just like Windows is buggy, Linux is buggy too. In fact, any piece of software is likely to be buggy at some point.
More eyes don't MAKE more holes, but they do SEE (ie detect) more holes.
The holes are most likely there ALREADY, they don't have to be made...

Luckily for Linux, the huge open source community is backing it up, making bugfixes and patches come out faster. Hence, it'll beat Windooz anyday...

As for windows, there are more disadvantages as well:
-as said, it keeps building on the same platform, which was initially really crappy. So, yes, it is getting better, but it'll take time.
-it is often over-complicated and too heavy. Most of this comes from the M$ policy of "keep the system admins dumb and the users dumber". Their whole security concept (user - power user - administrator - system) is a nice example.
On the other hand, it does have it's advantages too.

But that's just my opinion...

You're making a flawed assumption about causality based on the wrong statistics and you aren't saying about which type of "attention" a popular OS is getting and the consequences. Simply put, a high number of vulnerable machines is just a quantitative measure that you can't mix to conclude that "they get more attention". Pure and simple statistics. You understimate these facts that do have a real influence:
1- Any poorly designed OS is more likely to be hit by exploits. This variable alone makes possible the number of casualties each time it happens.
2- Windows has no more attentions than any other system if you look at the number of advisories by people doing vulnerality research.
3- Computer (in)security is business to some.
4- Enterprises may be the most worstly hit financially. Computer security is not about desktop users alone.

So was Troy.

What if the newbie didn't know how to use those features correctly? What if the newbie just wanted to access his other disk/partition, and got bored wondering which permissions worked and did some chmod a+rwx's, added everybody to the auto-sudo-group and finally opened some good-looking Desktop Remote Control doors just to show to all the good friends of the newbie that even newbies can get a good-looking desktop? Ok, that was quite a nightmare vision, but it happens. I hear all the time questions about how to get this and that working when the permissions are insufficient, and the hurry-most people do advice them to give quite plenty of permissions. On Windows people know viruses already, they know the trojans, they know if you put the ZoneAlarm, McAfee, F-Secure and Symantec icons blinking beside the clock you're safe. Many times people do know how to protect Windows better, despite it's flaws. On Linux it's not that simple most of the time. Even if you had a shield..do you know how to rise it so it protects you and not make you trip?

You're just overestimating Linux and yourselves. In the last hand it's human that's doing the work.

A bit old (2004) but may interest you:
http://www.theregister.co.uk/securit...dows_vs_linux/

Yves.

Windows is inherently insecure. Linux isn't. If a lazy or novice user misuses the system, it's not its fault. We couldn't say the same about Windows. No matter how you are advanced and experienced, the better you can do it's to manage risks, worry all the time trying to stay updated with patches, in the case they're released by Microsoft, a thing seldom done swiftly BTW, and lose your hair and sleep in the process.

The problem is the chair-keyboard interface
Put a monkey on OpenBSD and his machine will get hacked.


Ok the security patches arrive quicker in Linux and more are discovered (more eyes) but sometimes people don't install them.

Somebody who knows window very well will not get hacked more than somebody who doesn't know linux.

While this is true, wouldn't it also be fair to say that a windows user needs to be smarter to protect themselves from (the numerous) dangers that affect windows. Using anti-virus and anti-spyware applications does not ensure protection. At the rate new exploits and malware come out for windows, you would have to update these apps on a regular basis (and even then the rate still exceeds these updates on occassion).

On the other hand the majority of attacks on Linux/UNIX based systems (besides DoS) are mainly focused on infiltration as opposed to the destructive nature of most windows based attacks. The default security policies set on Linux installations are more often than not, sufficient to ward against these attacks.

A case in point:
How many cases of virus, trojan, and spyware difficulties have been posted on this forum since it began? The few that are around refer to Lord Somer's LRK series which again leans towards securing an infiltration rather than a direct attempt to freeze a system.

I disagree. If you take a look at the number of exploits and malware targeted towards windows and compare it to the same for all other operating systems combined you'll get a pretty good picture of where windows stands right now.
You could point out that there are individuals that focus more on UNIX/Linux systems since they don't see windows as much of a challenge (eg- the majority of contributors to Phrack Magazine). However, these groups are again the black sheep in the family.

The organization I work at occasionally provides network setup services for it's larger corporate clients. I have completely given up on configuring windows based servers for these clients since it is a costly business keeping them secure. From personal experience someone will have to visit an organization using windows every few months, whereas one using Linux/UNIX can go on for years on end without a glitch. Most of the latter can be handled remotely as well.

*EDIT*
PS - That was a good article sited by theYinYeti. What it fails to point out however is that in the enterprise an infiltration into the DMZ is often just an attempt to attack the internal network (which is predominantly windows based in the majority of cases). Why do you think most of the anti-virus apps for Linux are targetted towards the mail, samba and ftp services? Its an irony that the first line of defence for a windows network depends on a Linux or UNIX variant.

No, smartness is just what is not needed. People who use Windows and programs for it, only need - most of the time - either not care or press the big green button saying "Press Me To Be Safe", whereas Linux users still need to stick with the good old command line tools that not all the newbies know how to use efficiently. I'll say it again: a person who knows what s/he's doing on a Windows machine can make it safer than a Linux distribution he's not familiar with.

The updating is another thing; nearly all the Windows apps do the updating automatically with no user interaction needed. No smart-asses needed here. And there is this other thing too, now that we talk about being smart: how many times has iptables asked you whether or not you wish to kick a cracker out of your system? Or some other "Linux built-in/pre-installed system"? I'm saying to keep your system safe but usable you'll need to do a lot of work with a Linux box, but Windows on the other hand can help you out there. Windows provides tools for those who know what they're doing and newbies, Linux isn't that newbie-friendly, not even today with all the nice gui apps and automated stuff.

That got a bit off the topic, but I hope you'll still read it and think it. Linux still needs to evolve, before it's too late; if Windows died tomorrow, I would consider enforcing my security settings. Part of Linux's security illusion is surely caused by the fact that Windows is more interesting a target for some than Linux is. And that could change.