Windows is built by a single company, and still now its ability to address and fix the problems in a very timely manner has been questioned.
Where as GNU/Linux has a central kernel and large number of distributions: Where in, the question of timely fixing of security issues has never been the issue. This simple generalization of security is all it takes to extinguish any comparison or arguement of product "quality".
Within the Unix-GNU/Linux we have grown to increase its stability.
Where as in the case of Windows,there is an aggressive community which is constantly _Trying_ to find bugs and security holes.
If a new bug or security hole is discovered in two different distributions like Red Hat and SUSE,the bug is really a single bug in the central kernel. But in the case of Windows, if there are two such bugs,they are totally two different problems.
Microsoft can't deny the facts, which is why Microsoft deploys many Linux servers for some of their internet services.
IntgrSpin, "In the end, windows "won". ", is a harsh statement.
Linux hasn't even _Begun_
Once, again I have to say that I'm a huge *BSD fanatic.
Realistically, and as a professional in the field I can assert with 100% certainty that Linux can be _made_ to be more secure or stable than Windows. Although Linux doesn't even rank in the free/open OSes...and here's why:
- Linux has no concept of ulimit (either per system or per user)...i can run a Linux box into the ground fairly easy and it will have no means of prevention.
- Linux has no concept of a secure level...let alone a one way secure level (making escalation/de-escalation of privileges relatively simple)
- Linux has no internal permissionable set beyond the filesystem (this does not mean there is not a service-based config that would prevent).
- if syslog dies - the OS stays up (stability or threat waiting to happen?).
- it has a monolithic kernel with no form of security context isolation on functionality (you can enter kernel space at any point and are not limited to what you can/can't access...nor who you can/can't access it as).
- while Open Source has it's advantages, it's a problematic development environment that is not conducive to any reassurance of what is being provided.
- the entire Linux mentality is first-to-market, half of the latest drivers have had no/little production level testing.
Windows, I must say which solves pretty much all of the above outside of secure level (which was thrown in as a comparison against bsd). having had an eal4 rating since 2k sp3, and hounding near the eal5 mark (pop quiz - how many commercial operating systems have ever achieved an eal5 rating?) the biggest threat that Windows faces is malware ( as I have commented on ) - the problem with that stance is that only a small percentage of that threat is actually OS related or applicable given the appropriate administrative/user-education constraints. Worms/viruses are spread through user-stupidity 7 times out of 10, and 2 of the last 3 comes from unpatched/secured/managed windows hosts. This is a direct reflection of the Windows userbase, but
IntgrSpin, you can't really throw all the blame on the ol' Larger Userbase thing., now can you?
If you want free/open/non-microsoft - then go *BSD, you'll get a controlled environment surrounding production, a kernel that was original devised from an actual working product ( rather than Minix which was no where even close to multi-user capability at the time linux was derived from it, a choice in cutting edge or stable, all of the pros of being unix-like ).
If you want commercial security (still non microsoft) go AIX. If you want features and management capabilities not offered in either of the other two domains with an on-par amount of security ( and growing tremendously in that regard since 2002 ), then windows nt-based systems (which if you're not familiar was roughly based on VAX) are the clear winner.
And while eal ratings don't mark something as being impenetrable (the majority of the security industry is focused on the backend, taking the assumption that everything is completely open - and devising ways to reduce impact, improve accountability, etc. and in that regard, I must reluctantly say - Windows is at the utmost top of the list).
As far as gsminardi goes:
1) If your choice of an OS is based on ease of use, then you obviously Unices aren't your thing, and you shouldn't be commenting negatively on their behalf.
2) Simply because you don't see Linux in every household is not the determining factor for you to be able to make a statement like: "Linux has had plenty of time to make an impact...it has failed".
If you believe that the only way Linux can possibly burst through and shine its light is to resemble Big Brother, then ...
Also, I'm not THAT big of a fan of Linux. It's come a long way - and it still has a long way to go. It's just a joke to compare to Windows security-wise, because
of that geek-niche surrounding *NIX. Users who install Linux for the most part are tech-savvy individuals. We can't say that about Windows in the Least
Let's just try to keep that in perspective in light of the "facts" that tend to get overlooked when bandwagon shipjumping rallies get started against better performers (commercial operating systems) - _and_ illustrate the full scale of options to jump to if/when the commercial->free plunge is decided upon...ie. *BSD.
Yeah that about sums it up, I think I'll shut up now.