Quote:
Originally posted by chort
The biggest threat to a system is always administrators who don't understand it. Every OS has that in common. On Linux that manifests itself in weak root passwords, daemons that run as root, out of date software versions, etc.
|
I agree with this. However, different systems and default configurations make it easier or harder to get a secure system.
One way I think most new Linux distributions score over commercial UNIX and Windows is the extent to which they are reasonably secure out of the box. For example, Mandrake does not have lots of services enabled by default, has security scripts to run and report, complains if you enter a too simple password etc.
All of these are possible on the commercial UNIXs but tend to require more configuration; out of the box they are less secure.
In another way, though, Linux and UNIX can lend itself to insecurity. It is often too easy to do things which break security. On Linux/UNIX as root you can do pretty much anything by default. With a single command you can wreck the security of your box almost beyond recovery.
The AS/400 platform, for example, has a much more restrictive user interface (mainly menu driven) which makes making this sort of error more difficult. Other platforms have more granular security (i.e. different users can do different things, rather than one root user - you can implement this in Linux with some effort). At the far end of the spectrum, a device which doesn't allow you "root" access at all (e.g. your mobile phone) can prevent all but the most determined person from compromising their own security beyond what is already in the configuration (of course, you can do this with Linux too).
The trade off we have with Linux is that you get the power over your system, but with that comes higher than normal risk/responsibility as you have the power to do bad things as well as good. As usual, everything is about trade offs and the answer depends on the question - there is no one OS that's right for everything just as there's no one model of car which is right for everyone's driving needs.