The straight dope on *nix vs. Windows 7 Security

I'm trying to separate out the wheat from the chaff, so to speak. So often, I see the lack of virii/spyware/etc cited as one reason why *nix security is superior to Windows 7. However, I don't see that as much of a problem: if you download from safe sources, use sandboxing and NoScript on a browser, and employ some kind of HIPS, it's hard to actually contract a virus on Windows. So the issue of malware seems less relevant to me.

I ask this because I'm weighing the merits of installing Linux on my laptop. I could install Windows 7 (I have a spare license) or I could install one of the various Linux distributions. I'm concerned with security, of course, so I'm looking to see what people's opinions are regarding which *nix features makes it so much more secure (or less!) than Windows 7. It's my theory (and this may be rightly so) that Windows 7 w/DEP, HIPS, Sandboxing, Firewall is essentially the same as Ubuntu w/properly configured iptables and AppArmor when it comes to being secure against exploits. (Assuming both are kept updated.)

 

Linux is more secure than windows because...

1. Security through obscurity
2. Malware authors don't bother trying to exploit it, at least not on nearly the same scale as with Windows.
3. Simply put, Linux is not burdened with the giant bulls eye that Windows is cursed with.

However, using linux...

1. Are you comfortable with it?
2. If something goes wrong can you fix it as easily as if something goes wrong in Windows?
3. Do all your favourite Windows apps work as well with available compatible apps in Linux?
4. Are all those "must have" Windows apps available in Linux, without the need to use Wine?

Just some possible food for thought. BTW, you really don't need Apparmor or ip tables additional configuration to run Linux safely.

 

If you like chasing updates for every different program & doing scans, defrags etc. Then Win7 or any doze is the OS for you.

I literally save 5-20 hrs a month of my time by using PCLinuxOS.

 

As mentioned, you don't need AppArmor or iptables in linux. In fact, you really don't need anything. That's part of the appeal. That vs running all the stuff you mention above in Windows. Linux makes life easy in regard to security. Just install it and enjoy. The real question is, which do you prefer to use on a daily basis, Win or Linux. Only one way to find out.

 

Linux us more secure for far more reasons than that.

1) Security through obfuscation is not security -- At one point people believed that a closed source application would be more secure because hackers wouldn't be able to get access to the source and finds bugs that way. This is now proven incorrect -- hackers do just fine. In fact, with an open source project bugs are caught quickly by the community and are much more easily dealt with.

2) Separation of User and Admin/ Root. Yes, Windows has UAC, but what else does it have? Nothing. UAC is its one line of defense against elevating malware. Linux has multiple layers in the kernel against this. The separation is also much more "definite" in linux.

3) Security through obscurity. Yes, security through obscurity is essentially not security at all -- but it helps.

4) Package management. You get your updates and packages all from legitimate sources handled by the OS.

Different distros will implement even more security features but the ones I listed are fairly universal. Look at OpenBSD if you want the definition of a secure system.

 

Its not an issue. My software auto-updates and even the few that don't with the touch of the update button in a few seconds it is up to date.

 

I've used Linux extensively before, I have a Linux VPS I use regularly, etc etc so I'm pretty comfortable with Linux.

 

I have used both Windows and Linux. I like both and don't see why they have to be at war. Some of these extreme Linux evangelist scares me.

 

I think both Win and Linux can be equally secure, depending on how things are set up. I'd go with whatever you feel most comfortable with on the laptop.

 

At one time I would have agreed that Linux was far superior to Windows from a security standpoint but those days are over. Both are about equal now if you know what you are doing.

 

Not really. It takes a ton of know-how and 3rd party programs to get even close to linux security.

I hate linux and I love windows but the fact is that linux distros by default have better security.

 

That is only because hackers don't target Linux. I heard an expert say one time that Linux would be easy to hack but the low market share guarantees it is not a target. We are seeing this with Mac's. Now that they have more of a market share they are being targeted. If you use a LUA and have decent security apps your chances of getting hit with something are extremely low.

 

Jesus... no... just no.

Market share has so very little to do with *nix security. I can not stress that enough to people.

 

That is exactly what the Apple folks said to. I promise you if Linux had a mass influx of new users they would become a target.

 

And apple's problem is nothing... it has a single toolkit that the user has to install themselves and it can be removed by deleting the file and killing a service... naturally PC users have blown this out of proportion.

Linux is more secure because the OS has security. You don't rely on 3rd party applications that live in user land -- you have kernel space security. Not to mention security measures that are built in. Not to mention how hard it is to socially engineer someone to screw their computer up in linux due to the fact that gaining root is not as simple as clicking "yes" to a single popup.

 

Don't get the wrong idea I really like Linux. I just don't think it is the silver bullet that a lot of people seem to think it is.

 

Compared to Windows it is.

Again, I say this as someone who far prefers Windows.

 

Fair enough I'll just agree to disagree then.

 

Works for me.

 

Does *nix include other UNIX-like OS or just Linux in this thread?

 

I assume unix-like as well.

 

Well for one, you don't have to run antimalware software, no overhead, no conflicts.

Being built on a multiuser system the architecture is inherently more secure.

It's not a target. There are no documented 'nix viruses currently in the wild.

The OS and most of your software will likely come from repositories and patches for everything will come down automatically (if you so configure) and from what I've seen, security patches for Linux tend to come out a lot faster than Windows (or Mac, but Mac is really slow)

As they say, it you want to try it first you can get a live CD/DVD/USB and run if off of that. Or you can always dual boot.

 

In that case I would put BSD ahead of Linux and Windows.

 

Naturally.

 

Can't argue your truthfulness. LOL.

Paraphrasing you: Linux is more secure, but I hate it.

You da man.