Linux or Windows: Which is More Secure - Case Study Example

 Operating System Security: Linux or Windows - Which is more Secure? Introduction Operating systems define the computer technology world more than anything since the basic hardware for any desktop computer have become similar to such an extent that it is difficult to differentiate between them in any significant way. For example, both Linux machines and IBM PC compatible machines use a monitor, a CPU, a mouse and a keyboard for interaction between the machine and the human operator but the interaction experience between the two operating systems can be significantly different. Similarly the security experience between the two can also vary significantly and it becomes difficult to show which one of the two is superior in terms of security. The advantages of using Linux over Windows have been touted by many IT experts and tech gurus yet the fact remains that Windows has a gigantic market share over the rest of the operating systems combined. Windows has essentially, and for all practical purposes, a monopoly on operating systems and the discussion for which one is better is sometimes a moot point. However, from a technical as well as a business standpoint, it is an important discussion therefore a comparison in terms of security for Windows and Linux is to be made in this report. I am not hesitant to say my previous experience and knowledge about computer led me to go into this research with certain biases and preconceived notions and while some were confirmed there were also a lot of surprises involved. The Question of Security It is certainly true that locks, passwords and other protection mechanisms work as mechanisms to stop just a few. Had these measures actually been as secure as we are meant to believe then there would be no crime in the world. In terms of security, the president of the United States is the most well protected man in the world yet even he has been shot. When it comes to computer technology the situation is even worse since access is something which must be given for a computer to be used. Surely it is not impossible to make a completely secure system but as of yet, no one has been able to design one. As late as 2006, Schweitzer was lamenting this fact when he said that: “No operating system today is completely safe from the onslaught of hackers. Hackers are injecting malware not only in the operating systems of Windows but also that of Mac and Linux. For instance, "Virus.Linux.Bia.a/Virus.Win32.Bia," appeared in April 2006. Mac is now a tempting target for hackers given that it is now using Intel chips (Schweitzer, 2006, Pg. 32).” Windows is Better Comparing security features between Windows and Linux is very difficult since both operating systems have their supporters and opponents. While common wisdom might suggest that the Linux operating system is more secure a study conducted by Security Innovation Inc. which analyzed security under changing business requirements showed that Windows was better. The study examined Microsoft Windows 2000 Server against SUSE Linux Enterprise Server 8 by simulating a year of security updates and patches which were added to both machines from 2004 to 2005 (Galli, 2005). The business requirements in the study were changed after every three months requiring the installation of additional modules, software or capacity and at the end of the year both the systems were upgraded to the latest version of the OS. In the cases of the Windows machine it was taken to Windows Server 2003 and the Linux machine was taken to SUSE Linux Enterprise Server 9. The experiment used three Windows administration experts and three Linux administration experts to ensure that the patch application and the requirement adjustments were handled in the correct way (Galli, 2005). On the Linux machines, administrators were able to pick a variety of ways in which patches could be applied and after some time conflicts began to come up when new modules or expansions were added. The end solution was a complex matrix which made administration quite difficult. On the other hand, the windows administrators had to take a singular path for updates which meant that the end solution remained simple enough even when business requirements were changed (Galli, 2005). The shock of this study becomes less when we know that the project was funded and supported by Microsoft and when we factor in things like reliability and the total cost of ownership for windows systems as opposed to Linux systems. However, if we take the study at its face value it clearly shows that over time the security administration of Windows systems may be easier in the long run than the security administration of Linux based machines. Microsoft can be accused to pulling wool over the eyes of customers therefore an independent analyst who has a better than average user level experience of operating systems might be a more impartial judge for security. Linux is Better Such judgment comes from Dahl (2005) who took a deep look at alternatives to the windows operating system through examining Linux installs on his machine which he used at the PC World office and by using an iMac for a few weeks at a time. He discussed the security concerns of Windows and made it perfectly clear in no uncertain terms that: These days, you'd be crazy to run a Windows box without every hotfix installed, as well as antivirus software, a firewall, and a spyware scanner. Linux and Mac users rarely need to worry about most of those tools. The vast majority of viruses, spyware, and adware all focus on Windows (Dahl, 2005, Pg. 77). He agrees with the conventional wisdom that the Windows environment is much less secure than Linux and even though open source software such as Firefox and others might have their security holes, they are patched within hours of discovery as opposed to the days or weeks it might take Microsoft to release a patch. According to him, open source software or an open source operating system is not the end all cure for security concerns but it is much better than using Windows (Dahl, 2005). Dahl (2005) further says that Linux was built from the ground up to be a multi-user operating system which means that security consideration have to go into every aspect of the software. Historically, Linux users and administrators as well as programmers have been more focused on networks and security related issues than Windows which has had to look at compatibility as a primary concern. Linux comes with a password protector for internet websites which functions much better than the one included in Windows because it uses better encryption and password management. The Honeypot Perhaps the best examination of security concerns was done under the Honeypot Project with contributions from international nonprofit based computer security organizations such as Foundstone Inc., Counterpane Internet Security Inc. and Security Focus Inc. These companies were not looking to show that Linux is better at security than windows but their final analysis certainly pointed towards this conclusion (Vaughan-Nichols, 2005). The project began with several Linux and Windows machines which were setup across the world in locations as diverse as America, India, Portugal, Brazil, Pakistan, Greece and Germany. These machines were setup to detect any intrusion and record the nature of the intrusion but not actively prevent the hacker. The installations of the operating systems was done with default settings and the default security measure were activated to make sure that they would mimic real world home and small business users (Vaughan-Nichols, 2005). Precautions were also taken to ensure that no machine seemed to be overly attractive to hackers or malicious users since they were not registered with DNS servers or search engines. Most importantly, all the machines were unpatched and did not have security updates. Even the passwords on the machines were kept simple or easily guessable since the machines were made out to be servers of some sort. If any hacker attempted to get into them the attempt would most likely be random or through automated methods (Vaughan-Nichols, 2005). Interestingly, all the windows systems were compromised within hours while only four Linux servers were hacked in six months. Of the four systems which were hacked, two were broken into by brute force password guessing measures which are not a specific vulnerability of the operating system. The foundation made it a point to note that none of the machines were particularly attractive and had they been named servers such as credit card transaction records (which are important for hackers) or employee related databases (which are important for phishers or identity thieves) then the chances of the machines getting broken into might have been accelerated (Vaughan-Nichols, 2005). However, the vulnerability of the Windows operating system is made obvious by this experiment since Linux severs appear to take a longer time to get into. Symantec DeepSight Threat Management System reports that a vulnerable Win32 system can not expect to survive a hacker if it is connected to the internet for more than a few hours while a Linux system can go for months before a successful attack. Clearly, Linux based distributions of operating systems have become more robust with time even for default installations which most home and basic office users are likely to have as opposed to Windows installations. Additionally, the huge installed user base of Windows also makes windows a more attractive target for hackers. Vaughan-Nichols (2005) concludes his argument against Windows by saying that: “The Honeypot Project has added fuel to the debate over which is more secure, Linux or Microsoft Windows. It found that unpatched Linux systems can be on the Internet for months before being successfully attacked, while Windows systems have been compromised in hours (Vaughan-Nichols, 2005, Pg. 64).” While Vaughan-Nichols was kind enough to say that it would take a few hours for a Windows based server to be hacked, Schweitzer (2005) gave windows little credit at all by saying that there was a 50/50 chance that a Windows based system would be compromised within minutes if it was connected to the internet for even a few minutes. Conclusion It is fairly obvious that the only entities which are fully supporting the security features, robustness and reliability of the Windows operating system or Windows based machines are Microsoft themselves and those who have been funded by Microsoft. Independent sources and other experts in the field who have no connection with Microsoft other than being their users or experts on the operating system are clearly bending towards the security protection offered by Linux. I think that the final decision does go towards Linux simply because they have proven themselves to be true while Microsoft Windows still has a long way to go before security can be a proven feature of the OS. Works Cited Dahl, E. 2005, ‘The Truth About Windows Alternatives’, PC World, vol. 23, no. 9, pp. 75-82. Galli, P. 2005, ‘Study pits Windows vs. Linux’, eWeek, vol. 22, no. 47, pp. 22-23. Schweitzer, D. 2005, ‘A Convert With a Crush on His Mac’, Computerworld, vol. 39, no. 31, pp. 30-31. Schweitzer, D. 2006, ‘Malware Challenges in A Cross-Platform World. Computerworld, vol. 40, no. 22, pp. 32-33. Vaughan-Nichols, S. 2005, ‘Linux Lasts Longer’, PC Magazine, vol. 24, no. 9, pp. 64-65. Read More