[Klug-general] Linux to offer a paradigm-shift in computer security

Wed Nov 28 11:57:29 GMT 2007

Karl Lattimer wrote:
>
> Yeah, you enable the firewall that's disabled by default (XP SP2 CD's
> are rare), you add a third party antivirus product on (which doesn't
> work properly because of patchguard), you then start using internet
> explorer and yahoo mail.
>
> Sure windows can be made secure, but in reality anything that is a
> pairing of internet explorer,the most insecure web browser in the world,
> and the worst at rendering and services like Yahoo mail, where its not
> just the dodgy emails that get you, yahoo have had their ad providers
> hacked/poisoned a couple of times too.
>
> The reality is, there's probably about 15 people in the world where
> windows can be a truly secure OS for them. Other than that its just
> flocking in swarms to avoid the sharks. 
>
> K,
>   
I know you said 'truly secure', but as we've already mentioned, there is 
no such thing ;-)

I've got to be honest but I've never had any security using Windows, 
when I used to use it at home or now when I use it at work. I use 
Firefox and Opera and only keep IE around for testing. I run an 
anti-virus scanner and keep a firewall running, plus i'm always using 
NAT, so I'm not directly exposed to the internet. I'm sure most 
'advanced' Windows users do the same. In the 10 or so years that I've 
been heavily using computers I've never had a virus infection or any 
serious spyware. Although I fully admit that most users are in trouble 
on Windows because they don't do all of those things or they unknowingly 
run virii, spyware or visit malicious websites. In fact many of my 
friends and family have and I've lost count of the number of Windows PCs 
I've had to fix with those sort of problems.

Linux is only really more secure at the moment because there are no 
active Linux virii or Linux spyware. Ubuntu comes by default with no 
firewall enabled and no virus/spyware protection, but then it's not 
necessary (yet?). I'd be willing to bet that were linux subjected to the 
same level of virri and spyware that Windows is then it would do better 
simply because I think it's security is better structured, but we're 
unable to prove that. Although I suppose we can at least draw parallels 
with the security record of services on Linux which seems to be very 
good. But my point here is that, as has been pointed out, the most 
insecure part of any system is the user and the choices he or she has to 
make. That won't be any different if the user is running Windows or 
Linux, unless the Linux defaults are more sensible (which they currently 
aren't).

Interestingly Mac users had a notable security threat recently 
(http://news.bbc.co.uk/1/hi/technology/7079777.stm) although I think 
it's not particularly serious compared to the sort of threats that 
surface on Windows. On the desktop, Mac usage is currently around the 
4-5% mark having grown in the last few years, with Linux down at 1-2%. 
If Linux continues to grow and attract more desktop users, which I'm 
sure it will, then it won't be long before it also attracts similar threats.