A Computerworld editorial takes note of some interesting changes Dell made to the Linux page we linked to last week. They watered down some of their pro-Linux claims, but not as far as you might think.
A Computerworld editorial takes note of some interesting changes Dell made to the Linux page we linked to last week. They watered down some of their pro-Linux claims, but not as far as you might think.
Looks like they reworded the article to champion the merits of using Ubuntu, whereas before the article was a biased comparison of Ubuntu against Windows. For example, the chart which previously compared Ubuntu applications to their Windows counterparts now only focuses on Ubuntu, and removes the faulty claim that OpenOffice.org is not available for Windows. In fact, the only mention of Windows at all is in the introductory paragraph, which explains what an operating system does.
I don’t see this as bullying from Microsoft. If anything, the updated article is more streamlined due to its reduced scope (the merits of Ubuntu as opposed to an unrealistic comparison of Windows to Linux).
Whoever wrote that first version was a doofus. Not only was it inaccurate, what company would post an open letter criticizing 95% of their own product line?
Clearly it was someone who frequently posts on this site.
Why would they post that Linux is safer than Windows? Because it is. We need to face the truth, and the truth is that Linux is safer than Windows, period.
“In fact, the only mention of Windows at all is in the introductory paragraph, which explains what an operating system does. ”
When Windows became an Operating System? Syllable is more OS than Windows.
Windows NT environments have been an OS since day one.
What you’re thinking about is the long time dead classic Windows line. Which is a very poor mistake to make on a site like this.
How the heck would old “Windows Classic” (I’m assuming you mean like Windows 3, 95, and 97) not be considered an OS?
As far as I know, being multi-user and network aware are not requirements for being an OS.
Maybe you are talking about Windows 1 and 2, which were mostly just shells on top of DOS? (Though I would still call them OSs.)
Oh for crying out load, what is wrong with people this week?
You’ve taken my comments out of context and I’m not going to get dragged into an off topic debate regarding the now largely irrelevant technical status of a 15 year old piece of software – particularly when this debate has already been done to death a million times on here.
All I intended my post to state was that the opening poster was idiotic to even question whether Win7 is an ‘operating system’. It’s pretty bloody obvious to anyone with even the slightest of experience in IT that Win7 is a OS.
So the only reason why I even mentioned the classic product line was because I suspected he was confusing NT with the classic line given the past countless debates on 3.x and 9x.
At no point was I stating my person opinion and nor shall I as it’s completely irrelevant to the article.
Windows 1.X through 3.X are operating environments because they require DOS for system calls. Windows for Workgroups 3.11 can be considered either an operating system or operating enviroment(Microsoft marketed it as an operating enviroment) depending on the way you look at it. Though WFW 3.11 made its own sys calls it still needed DOS drivers for some devices like SCSI and CD-ROM.
Here are some articles that I posted in a previous thread a month ago on the subject.
http://en.wikipedia.org/wiki/Operating_environment
http://en.wikipedia.org/wiki/Windows_3.1x
http://pclt.cis.yale.edu/pclt/OPSYS/WFWG311.HTM
http://technet.microsoft.com/en-us/library/cc751413.aspx
Laurence was just generalizing to the OP because of his claim that Windows wasn’t an operating system.
This is not correct. “Windows” (1.0-3.11, 9x, me) was a natively single user product. NT (3.1-4, 2000, XP, Vista, Win7) remains natively multi user, and was always built for networks. The design of NT always included multiple users, multiple groups per user, flexible ACLs, fine grained privilege, and other concepts which Linux has been retrofitting.
Windows has been harmed by setup insisting that a user account must be created in the administrators group, which has led to people to run as an admin all the time. Running as root all the time is much more rare on UNIX/Linux.
Huh? Since when did multiple users, multiple groups per user and file privileges have to be retrofitted to Linux? Even ACLs are supported in most Linux/Unix systems, although you could argue that they have been retrofitted because the first filesystems might not have supported them. But your statement is about as false as the OP statement that Windows is a single user system with the everything else bolted on (actually that statement is probably more true, because it actually was true at some point, your statement not)
Multiple users was always native to UNIX/Linux. It was bad wording on my part if this was interpreted otherwise.
Multiple groups per user are a retrofit in AT&T Unix Version 6. I know this sounds prehistoric, but consider the consequences: each user has a ‘primary’ group, so multiple groups required the concept of a ‘secondary’ group. This distinction is important in many ways (see man newgrp for an example.) NT has no distinction: groups are arbitrary, users can belong to many or none. If a user is in many groups, none are special. In addition, privilege is determined by built in groups, meaning that many users can be administrators; there is no equivalent to a single root user.
ACLs are now supported in UNIX/Linux, but again, this is a retrofit. Support was added in Linux kernel 2.5.46, and many distributions backported these to 2.4. They are rather foreign to UNIX, which was designed around chmod style permissions. In NT, ACLs are the only security primitive used for files/registry etc. There is a chmod call in the C library on NT, but it is very different to UNIX as there is no primary group, so UNIX-style chmod would be meaningless.
When I said privilege, what I was referring to is not file permissions, but fine grained control over different system calls. In NT, a group might have permission to (say) shut down the system; debug other users processes; create paging files; create symbolic links; load drivers; lock physical memory; change the system time; perform system wide backup or restore operations; or permission to open leaf files (if permission is granted) without requiring permission on all parent directories. There has been a push to retrofit a similar concept into Linux (as part of moving away from a single root user), but I don’t know the current status of it. Perhaps somebody else here can comment…?
Maybe somewhat under the covers, but Windows until recently seemed targeted at only one *interactive* user. It took Citrix to show Microsoft how to do multiple interactive users in the first place, and many Windows apps today don’t function well in a Citrix/WTS environment. The irony to me is that Microsoft knew this (and couldn’t justify the higher cost of this approach to their desktop-only customers), so they promoted NT and its progeny as server OSes — where the GUI is often not needed and is unnecessary fluff. Yet on Windows you cannot get rid of said GUI.
I still feel Microsoft has no one to blame but themselves for this. They should have made that clean break, enforced least-privilege policies, when they brought out NT. Those “fine-grained privileges” you mention above have been largely wasted for many years, and would still be if Windows had not become the poster child for malware.
All that said, (potentialy controversial statement coming right up I think security- and capability-wise, Linux and Windows each have advantages over the other, but on balance they are pretty much equals. The biggest practical area where Linux/BSD trump Windows today IMHO is flexibility. You can make those OSes just about anything you want. With Windows, you pretty much get what MS gives you.
Agreed. To put this differently, X is amazing technology in allowing multiple displays per machine, multiple users running multiple apps to different displays, one display rendering apps from different servers on different versions of different systems on different architectures. The people who designed X should be very proud of themselves – from a flexibility perspective, it’s simply beautiful.
TS only recently implemented a “seamless” mode where applications render without a desktop, although Citrix has had it for a while. There’s a lot more retrofitting to bring NT up to UNIX/Linux for networked application delivery.
Have you looked at Server Core? It still has a GUI, but it doesn’t have explorer et al.
Don’t get me started. The sad part is that NT 3.1 insisted that you must create a low-privilege user as part of setup. Somewhere that idealism became derailed. I used low-privilege accounts on NT for a decade, and things generally work; I blame XP for trying to “dumb down” NT, which in turn allowed developers to be less vigilant.
Agreed. Sometimes it requires more knowledge, but when you have that knowledge, it allows more possibilities.
I’d disagree only only one point. The biggest practical area where Linux/BSD trump Windows today derives IMO from the fact that for well over a decade, for whatever reasons, the concerted effort of malware authors has been targetted almost exclusively against Windows. The vast library of malware payloads and malware techniques has evolved over that decade along with Windows.
Today, the vast body of malware is effectively impotent when one uses systems other than Windows. Almost without exception, malware is not only targetted at Windows, it depends upon Windows.
One might be able to argue a case that “capability-wise, Linux and Windows each have advantages over the other, but on balance they are pretty much equals” … but that simply cannot be argued security-wise as a whole. The actual malware corpus itself demands that it cannot be so argued.
Edited 2010-06-24 01:32 UTC
No Sir,
The article was spot on. Windows Desktop line is not multiuser. Unix/Linux is multiuser by design. You can loggin as differnet simultaneous users, each running their own desktops, run apps,scripts, scheduled jobs, etc.
This has nothing to do with the architecture of the OS you twat, it is a licensing issue. People figured out a long time ago how to bypass this.
The problem with this logic is that the person running the server is a lot less likely to be on some random P2P network, downloading all kinds of pr0n and warez onto the machine running the server.
You see, it’s a lot easier to attack someone who is actively running your malware on a machine with no anti-virus or spyware protection, without any prodding on your part.
And even if they were…? Linux still has far fewer pieces of malware written for it than Windows ever did. Windows even had a nice little boost in the early days thanks to its compatibility with another horrible OS, MS-DOS.
Linux has no “binary backwards compatibility” or “legacy poor-security garbage design” to stick to. At least, not nearly to the extent Microsoft products do. And it has no real, market-driven (commercial) reason to.
Edited 2010-06-23 03:17 UTC
Well, Linux doesn’t have that much malware written for it for the EXACT reason that these kinds of users largely don’t exist on the Linux platform. Why write malware for dumb users to install, if dumb users aren’t using the platform? By and large, dumb users don’t run servers, so the popularity of Linux as a server platform is irrelevant when comparing how much malware exists for Linux vs Windows.
I have little doubt that if Linux / Windows had an equal amount of dumb users behind the wheel and an equal amount of malware written for them, there’d probably still be more exploits on Windows, but Linux wouldn’t exactly be immune either.
Whatever the case, the reality remains the same. Windows has always been, and still is, the low hanging fruit–ever since it took over DOS’ market share. And it has traditionally been poorly designed, just like its pathetic predecessor. Coincidence? Not saying that Linux or any other OS for that matter is perfect, but if I were to be browsing porn, you could be damn well sure I’d be doing it on any mainstream OS *besides* Windows.
It’s like wearing a rubber… the viruses may possibly be there, but you’re less likely to “send” or “receive” them and become infected. Windows at one point offered the protection of nothing at all, but now I’d say it offers the protection of a cheap, generic type of condom. Meanwhile, Linux and BSD have proven themselves over and over, while Windows’ nuts and bolts (heh heh) were finally tightened to a more acceptable level with Vista.
Edited 2010-06-23 03:45 UTC
Depends on what you mean by a “Linux platform”. Linux is dominant in embedded system (e.g. TVs, media players), in mobile devices (e.g. phones, tablets), on many types of server (e.g. NAS, web server, mail server), on netwrok infrastructure devices and on supuercomputers. Linux does not however have a significant presence on desktops (although the exact installed base of Linux here is very difficult to determine). In any event, many of the machines on which Linux does run are high-value targets. For example, Google runs a million Linux servers, and Linux runs the London Stock Exchange.
Yet there exists very little malware which targets Linux, despite the high value of many of the target machines.
So … how to eveluate? Perhaps the best method is to do a rough “risk assessment” type of approach. Factor in the diversity of Linux systems (versus the monoculture of Windows), the relative scarcity of desktop Linux, the relative difficulty of targetting Linux, the relative lack of threats against Linux compared to the superabundance of threats against Windows, the normal practice on Linux of running as a restricted users, the security of the repository/package manager system of software distribution vs the Windows practice of downloading & installing unsigned binary packages, execute permissions within the filesystem, no media autorun, SELinux, etc, etc …
A rough estimate could perhaps be calculated that the system of an ordinary user on the Internet running Windows in typical usage patterns would perhaps be 10 million times (10^7) more likely to get a malware infection than the same user running Linux.
Something like that.
That says nothing about what value those websites are to malware writers. It’s effort/profit that matters to them, not actual server value.
Malware writers are mostly criminals that want to make a few million and cash out. Trying to break into a Google farm or stock exchange is an extremely difficult and risky proposition.
When there are millions of Windows users that download random crap from p2p networks and keep updates off there is no contest when it comes to which target will provide the best effort/profit ratio.
Fair enough. There are thousands and thousands of times the number of active threats against Windows than against Linux, so that observation backs you up. Ok then, for once, strangely enough, we are agreed.
Windows users face more than 10^3 times the level of risk of malware from that factor alone.
Couple that with the increased risk through many Windows users running as root (say conservatively a 10^1 factor there), through Windows being a monoculture (and therefore attackers knowing that a certain set of software will be installed), through the routine practice of downloading and installing unsigned files from the Internet (say another 10^2 factor here), at least a 10^1 factor through the default expectation on Windows that no-one other than the author would normally know exactly what was in a package, so that packages cannot be vetted, and from the many other ways that the normal situation in using Windows is vastly more risky than in using Linux, and these compounded risk factors quickly mount up.
In their day-to-day use of the Internet, ordinary Windows users face at least 10^7 (ten million) times the risk of getting malware than the same users would face if they were running Linux.
This fact is self-evident, it is an absolute no-brainer.
Actual malware infection rates back this up to the hilt.
Edited 2010-06-23 11:28 UTC
Why did this get modded down? It is a plain, straightforward, demonstrable fact.
Here is a security firm’s estimate of infection rates (it is unstated, but this is basically for Windows PCs):
http://gorumors.com/crunchies/malware-infection-rate-worldwide/
If accurate, that represents literally billions of malware-infected Windows PCs. Billions of times as many infections as any other kind of machine. (Microsoft would put the infection rate much lower, but that just changes it from ‘billions’ to ‘hundreds of millions’). By induction, it is relatively easy to conclude that essentially all of the effort of malware perpetrators is directed at the Windows userbase target.
Regardless of the reasons why this is so, it still is so. It is the fact.
An ordinary user of Windows, demonstrably, clearly, undeniably, faces many orders of magnitude greater risk of getting a malware infection than does the same user running Linux.
Apprently, there are some Windows supporters out there having a very hard time facing this fact.
Apparently also, as perhaps evidenced by the Dell website re-wording, it is a straightforward fact that some parties do not want people to be aware of.
Edited 2010-06-23 23:55 UTC
Showing the metrics behind your figures and substantiating them with hard evidence makes your post informative.
Stacking multiples of a million based on cherry-picked facts and arguments makes your post look like trolling.
Toughen up, princess.
What makes you think that I would in any way be upset by the inability of Windows fans to face facts? I merely point out the modding down of my post to demonstrate that inability to face facts. If I were a little more cynical, I might even posit that modding that post down, and indeed your ad hominem above, were merely weak attempts to censor voices pointing out the real risks that using Windows entails.
Like this person has done:
http://techrights.org/2010/06/16/dell-censors-secure-claims/
Risk factors do indeed compound, BTW. Example: if you are driving while tired, you increase your risk of having an accident. If you are driving too fast for the prevailing road conditions, you also increase your risk. If you are driving too fast when you are also tired … one might even consider that your risk has increased by more than the product of the two factors considered alone.
I’m pretty sure that that is the way insurance companies would assess it.
Edited 2010-06-24 04:29 UTC
http://en.wikipedia.org/wiki/Risk_assessment#Risk_assessment_in_inf…
OK, so risk assessment in IT security can apparently be done two ways, qualitatively and quantitatively. However, you would normally only do qualitative risk assesment if there was a lack of time or of data. There is copious data available on the security risks against Windows.
Like this, for example:
http://www.zdnet.com/blog/security/report-48-of-22-million-scanned-…
Edited 2010-06-24 05:13 UTC
Well you certainly do not have the ability to figure out that Linux is a god damn failed experiment as a desktop OS. Everyone else has figured that one out years ago. Sorry to say bud, but the Windows vs Linux war is over, and Linux lost.
I could really just rant right now seeing as I just finished wiping out a brand new Ubuntu installation that was just chock full of god damn fail. 2010 and they still can not fucking figure out how to do display resolutions? WTF, I have not dealt with this since the days of Win 9x over a decade ago. No matter, I am sure that by 2020 Linux will be on par with Windows….7.
p.s. Also had X lock the system up. Well, haven’t seen that in a decade as well…except for on Linux. Fucking fail.
Malware that is injected into warez is not taking advantage of backwards compatibility. It has nothing to do with “legacy poor-security garbage design” either. There is no isolation layer within Linux that would protect it from a trojan injected into an executable.
If Linux users were the majority and millions of them were carelessly downloading crap from unverified sources then you would have far more trojans like the one in the Unreal IRCd.
http://www.jfplayhouse.com/2010/06/trust-us-that-linux-trojan-is-no…
Malware today is mostly the product of computer criminals within Eastern Europe looking to profit, not from pricks who are looking to hack for the sake of it.
Edited 2010-06-23 06:47 UTC
differences you are not accounting for:
– Linux needs a lot less external, untrusted, binary-only software.
– AppArmor and SeLinux are ready. Should desktop security become a problem we would see a hell of an isolation layer.
– Differences in kernels, compilers, libraries, etc, would make it much harder for malware to spread.
– Linux users are much more skilled
Yes, if linux had 80% of the user base, there would be more security problems. Probably a tenth of what Windows has right now.
If Linux became popular then users would want the same binary software they are downloading in p2p sites. They wouldn’t accept The Gimp and Tux Racer. Hackers would also focus on penetrating trusted channels, which wouldn’t be difficult if you know how lax some open source projects are when it comes to allowing outside contributions. The “many eyes make it secure” is a myth. There are plenty of projects where only the authors understand how their respective parts work. It also wouldn’t be hard to become a trusted package maintainer and insert it that way.
Oh ok explain how either will stop a trojan injected into a game that the user gave permission to access the internet.
Oh so Linux not being a single platform is a virtue now. I guess I’ll give you the de facto response which is that you can target most users by just focusing on the top two distros.
This again says nothing about how secure Linux actually is.
If everyone running Windows had 7 or Vista installed with updates turned on along with an alternative pdf reader installed then security problems would also be a fraction of what they are today.
Windows users are an easy target thanks to so many of them running outdated software. There are GUI hacking kits for websites that scan the user agent id and then attempt to exploit known vulnerabilities. That’s how bad the situation is and if around 10% of the world population was running an unpatched version of Linux from 2001 then you would see the same type of tool kit. Unless you want to tell me all those Linux kernel patches weren’t actually needed thanks to some automagical security protection that many of its users seem to think exists.
On the other hand, Linux has source code backwards compatibility going a lot further than windows… Applications written for early unix systems can often compile and run successfully on a modern linux box.
Most linux malware is in the form of backdoored services that are intended to be manually installed and used by a hacker, whereas windows malware is typically automated because few hackers would manually target windows machines – their only value is in large hordes for ddos/spam purposes.
You mean command line utilities that can also be compiled and ran in cygwin. Anyways source code backwards compatibility doesn’t mean much to users.
What?????? Never heard of identity theft, password theft, file extortion, anti-malware extortion????
It’s pretty clear that Microsoft has a firm grip on Dell. Why else would Dell retract their statement? Is it a crime to tell the truth? Linux IS more secure than Windows, that’s just a fact. Windows fanboys will claim otherwise, but let’s just look at the facts. I have used Windows and Linux for over 13 years in all environments. I’ve been extremely careful with Windows and have been hit with viruses before. I’ve seen restricted users get viruses from just browsing websites. I’ve migrated to Linux (Fedora) as of 2 years ago, and I’ll never look back.
The problem is, this statement came too late. There would be absolutely no denying it if this were still the XP era. The problem is, Microsoft really did clamp down on the security starting with Vista, so such statements are harder to be proven. The first Windows version worthy of replacing XP (Windows 7) is out, so it’s a few years late. I will still trust an OS with a long reputation for being relatively safe and well-built, over an OS originally conceived as a toy by a bully monopolistic company, who always places their users’ security well below their bottom line in terms of importance. But other OSes no longer have such a noticeable, distinct security advantage compared to the latest versions of Windows.
It’s sad how long a piece of software holding a monopoly on the market can go being so insecure, before the company finally gets off their asses and does something about it. Too blinded by $$$ and afraid to hurt their stock prices and piss off their stock holders, apparently.
This is not true, for the following reasons:
1. Windows has indeed made great improvements in security over what it once was, but so too have vast improvements been made in the sophistication of the threats against Windows.
2. There has been virtually zero energy, inventiveness, resourcefullness etc of malware authors directed at targets other than Windows. Windows always has been, and is still, the prime target.
3. Other systems have likewise improved security over time.
4. Windows strives hard to maintain binary backwards compatibility. This means that virtually all of the malware payloads ever written will still run on recent versions of Windows. The only bit that has been made in any way slightly more difficult is getting the malware payload installed. Ubiquitous Windows applications such as Flash and Acrobat are now being targetted as well as the core Windows OS to get around this problem.
Although the core Windows OS is indeed a bit more hardened in Windows 7 than it was prior to Vista, there has been only a partial reduction in the risks faced by ordinary users running Windows.
The malware “industry” is effectively dependent on Windows, in a kind of parasitic way. It has evolved with Windows. Like most parasites, it has almost no carry-over to other “host species”.
Edited 2010-06-24 00:18 UTC