Why is Windows (apparently) less secure than other OSes? Also re: NTFS fragmentation.

Amp34

Amp34

Amp34

Caporegime
Joined
25 Jul 2005
Posts
28,851
Location
Canada
So every time someone mentions Macs they always mention how they don't "have" viruses and I just read in the Linux forum that you apparently don't need an AV for linux Distros either. That got me thinking, if it's not because of market share (according to Mac users it's because the OS is much more secure not the 10x market share windows has over OSX) then what is it because of?

I'm sure Microsoft aren't inherantly creating an OS that is less secure than other OSs and as the code was pretty much rewritten in Vista it can't be because of legacy code in the code base so what is it?

The only things I can think of are due to the masisve number of confgurations windows needs to run on, but then that makes no sense and that should affect Linux too.

I personally still think it is mostly because of market share, supply and demand etc, but is there another reason?

Also the same question with defragging, why is the NTFS format worse with fragmentation than other types of drive formatting?
 
Generally it's to do with Mac OSX being very strictly controlled on what gets installed as well as the computer configurations (there being a very small amount of configurations).

The main reason however is to do with userbase.

To make a windows virus, you'd have far more potential targets.

It's not really about apple security or anything.

In fact, I haven't used an AV for about 3 years now with windows.

I find it completely unnecessary providing you use your PC sensibly and avoid the obvious viruses.

In the 3 years since ditching an AV, I've had no problems and my PCs have been fine.

I do however use windows firewall/defender and firewall through my router.
 
Also Mac users tend to be more in love with their system and would never do anything to harm their beloved system, such as write a virus for it.

That stands for the majority. That being said, viruses do exist for the mac, it's just that very few people actually own macs to tell you about getting one.
 
Because OSX is written in such a weird way that you give up trying to write software for it after a while. (See OpenTTD's problems with the Mac port - if the legit programmers give up in frustration, what chance does the scriptkiddy have?)

Also, those who start writing linux viruses probably get sidetracked by making some other app to speed the process along, then they figure they may aswell do some good too and release it, and before they realise what's happened they're working on the KDE codebase and complaining about the lack of wireless driver support. 10 years later they find the initial code for piece of malware they were going to write and reflect with nostalgia that it's how they got into linux.

Mostly, though, it's because Windows has way more users - more targets = a lower hit percentage needed to make money. Also, Linux and Mac users tend to be more tech-savvy, so are less likely to be suckered into phishing-type malware.
 
If OSX or even some of the user-friendly Linux distros were to receive Windows' market share, over night. People would see just how "battle hardened" Windows really is. It's not easy going into a war zone wearing a giant bullseye on your chest and strapped with magnets.
 
Mircosoft has the largest market share so if someone is going to create a virus or malware, they will target the most popular platform for maximum effect. The Mac o/s is based on Unix which is superior in terms of security due to the way it was written and developed in comparison to it's Microsoft counterpart. That's not to say you don't get viruses on Mac's etc - it's just there is less of them... Much less.
 
philtorrens said:
The Mac o/s is based on Unix which is superior in terms of security due to the way it was written and developed in comparison to it's Microsoft counterpart.
Click to expand...

A lot of people would disagree with you on that.

For starters, Unix isn't the be-all-end-all of security. It is actually rather dated. Secondly, Apple punched some pretty big holes in the Unix model as they saw fit to aid ease of use and other things that allowed their religion to continue on from the Mac OS days as smoothly as possible.
 
Probably because most business run windows or linux, mac isnt particularly a server environment OS. and as most viruses are to disrupt business etc etc you can work it out from there
 
NathanE said:
If OSX or even some of the user-friendly Linux distros were to receive Windows' market share, over night. People would see just how "battle hardened" Windows really is. It's not easy going into a war zone wearing a giant bullseye on your chest and strapped with magnets.
Click to expand...
LOL
You owe me a new monitor sir :D
 
philtorrens said:
The Mac o/s is based on Unix which is superior in terms of security due to the way it was written and developed in comparison to it's Microsoft counterpart.
Click to expand...

What in the writing or development exactly makes Linux more secure than Windows?

The vunerabilities within Windows come from idiots looking specifically for them. I doubt there are many Mac / Linux users doing this simply because there is no point.

If Linux and the Mac had the attention that Windows gets from hackers etc then I promise you that you see as many holes in both those OS's as we have seen in Windows.

Besides where Microsoft acknowledge a weakness and realease a fix for it, Apple would probably spend ages denying it before doing anything.
 
userbase tbh
*nix had an advantage in that most users didn't run as root/admin so anything they ran could not install without asking permission but windows is like that now too.
 
ManCuBuS said:
Besides where Microsoft acknowledge a weakness and realease a fix for it, Apple would probably spend ages denying it before doing anything.
Click to expand...

Your quite right with this statement.

Generally speaking, all of the Unix/Linux variants were built from the ground up as a multi-user operating system, thus security was always important. Windows started where the user was an Admin and had full control over the box which is never a good idea tbh.
 
VeNT said:
userbase tbh
*nix had an advantage in that most users didn't run as root/admin so anything they ran could not install without asking permission but windows is like that now too.
Click to expand...

I think this says something about the users who use Windows versus those who use *nix. The whole issue of users using admin accounts was for a big part due to poor application programmers (who required admin privileges to run) and users being lazy and ill informed when using admin accounts. Most people who use linux are aware of at least some of the security implications and would never run as root all the time. They know one accidental rm -rf * would kill their OS.
 
kylew said:
Generally it's to do with Mac OSX being very strictly controlled on what gets installed as well as the computer configurations (there being a very small amount of configurations).

The main reason however is to do with userbase.

To make a windows virus, you'd have far more potential targets.
Click to expand...

Apparently the userbase is incorrect according to a lot of Mac users, I still think it's rubbish but there have been a couple of posts alluding to slightly more secure features in OSX and Linux.

NathanE said:
If OSX or even some of the user-friendly Linux distros were to receive Windows' market share, over night. People would see just how "battle hardened" Windows really is. It's not easy going into a war zone wearing a giant bullseye on your chest and strapped with magnets.
Click to expand...

Exactly. Unfortunately that argument is shot down as people point out that if someone wrote a mac Virus (forgetting that there are some out there already) they would have a field day as most aren't protected. I guess one of the big problems with writing a worm for example are that there aren't enough Macs to really spread, you would probably need to make the work spread on windows machines as well, in which case you might as well write one for windows...

Also OSX programs need to be written with another code, specific to OSX, which I guess means there are a lot less people with the ability to write it?

VeNT said:
userbase tbh
*nix had an advantage in that most users didn't run as root/admin so anything they ran could not install without asking permission but windows is like that now too.
Click to expand...

But as you said windows is like that, yet we still have a lot of viruses.
 
It's definitely possible to attack linux. If you can gain access to a system (ssh, physically, other) and manage to load a kernel module of your chosing it's game over. The thing is, gaining access is relatively hard, e.g. brute forcing over ssh just results in you getting about six goes then it locks you out for a day, possibly getting your IP on the blacklist, and once logged in you have to find a way to run as root. Trivial on ubuntu (who thought root and user having the same password was a good plan?) and many people use ubuntu.

The thing is, you can change things in linux. If you want to run a monolithic kernel (so causing rootkits no end of trouble) you can. If you want to run firefox in isolation, say using chroot, you can. With ssh, disable password access, no root log in, rely on certificates and only accept connections from a particular computer. Choose no if the identifier has changed. In windows, you get to wait for m$ to release a fix if they think the flaw is significant.

I believe security patches come out a lot faster on linux, but this is probably distribution dependent.

Regarding windows being "battle hardened". Linux is used on (many) servers. As such it's subjected to lots and lots of attacks by people who want to compromise the server, rather than set up a bot net or rob a particular individual. While most home computers run windows, I'll bet most computers under siege are servers.
 
Last edited:
Taking Linux as an example, viruses just wouldn't spread well IMO. It would be simplistic to write a virus that attacks a local system only infecting all a users files, but making an infection mechanism to infect other machines would not be easy. Because Linux users use countless different kernels and architectures, any virus code would often have to recompile itself on a new host.

Couple this lack of portability with the fact that the vast majority of Linux people get all their code & programs from a trusted OS software repository, if a virus worked its way in to one of these it would be nuked very fast. Then add in the open source nature, pre-compiled binary distribution is rare which is why Windows viruses work so well. People downloading executables left right & centre all over the internet with a guarantee they will execute under there OS without compilation/dependency issues is not good for Windows as initial & cross-host infection is significantly easier.

Certainly though market share is a very large factor, but the gap between *Nix/Windows security is much much smaller these days, both are doing a good job :)
 
The thing with Linux and even OSX is that is composed of a lot of open source software.

Just this month for instance there was a critical vulnerability found in OpenSSL. Now this is the stack that Linux, OSX and tons of other Unix-based operating systems use to connect to such things as HTTPS web sites. So any of these systems which use the out-dated OpenSSL package will be vulnerable to god knows what! Banking passwords.. the works.

Fortunately, Windows doesn't use OpenSSL. Microsoft has their own implementation of SSL which has proven itself to be very secure.

I don't know whether browsers like Firefox or Opera use OpenSSL explicitly. Something tells me they might. But that's beside the point.

Would I hold this OpenSSL vulnerability against Linux, OSX et all? No. But it still affects these systems far more than it does Windows - and that is something which can't be denied.

Security is a very subjective thing. I have a big problem with anyone that makes blanket statements like "Linux/OSX is more secure than Windows". It simply isn't true. Security these days is all about how quickly the company responds with a patch and what mechanisms it has in place to install the patch automatically.

Now Microsoft caters for its own software pretty damn well. Automatic Updates, Microsoft Update, and SUS for enterprises covers all the bases. But Microsoft really needs to start thinking about an integrated update service for the whole Windows eco-system. Linux has one. It's about time that Windows did too. Because if it did, a lot of seriousness of the recent Adobe Flash and Acrobat Reader vulnerabilities would have been mitigated.

Security is also about the user. Windows seems to attract a large number of "I don't need UAC" type users. Over the years these will of course fade away but it is still a problem today. And it's annoying that anytime someone just claims their Vista/W7 box has been exploited/infected you have to ask them whether they turned UAC off. But hey, even if they had it on you have to wonder if they clicked "Continue" or typed in an administrator password for something they perhaps shouldn't have...
 
windows is most insecure because it is written by microsoft who do not fix exploits and release buggy software. regardless of virii. security wise windows is weak. even with 3rd party security software it is not that difficult to compromise and get a remote shell. a quick look through metasploits list of windows exploits and you will see what i am talking about.

i do think that saying it is the most common os so therefore it is less secure is a weak argument.
 
groen said:
windows is most insecure because it is written by microsoft who do not fix exploits and release buggy software. regardless of viruses. security wise windows is weak. even with 3rd party software it is not that difficult to compromise and get a remote shell. a quick look through metasploits list of windows exploits and you will see what i am talking about.

i do think that saying it is the most common os so therefore it is less secure is a weak argument.
Click to expand...

I'm not sure if you're trolling or just being daft. Windows 7 is nothing like what you describe.
 
You must log in or register to reply here.
Back
Top Bottom