In the long term too, I expect. Unix (and Linux) was designed from the ground up with security in mind. Windows (and its predecessor MS-DOS) started out on single-user, non-networked computers. Network security was bolted on as an afterthought when the first Internet-connected Windows machines kept getting hacked, virused, and WinNuked. Now the NT-kernel Windowses have almost-okay security, but the legacy code and the need to support legacy apps punch holes in it. M$ will always be playing catch-up here.
A future with Linux seeing much more client-side market share will see a larger number of attacks directed at it, but the number of successful ones and serious threats will probably remain fairly low (albeit rise somewhat).
As it stands, Linux has good market share on the server-side, particularly in Web servers that are exposed to the Internet. It seems to me that despite Linux/Apache being as fat a target there as Windows/IIS, and being exposed to the Internet, the Linux/Apache ones are stabler and less often successfully attacked deliberately, assuming both Linux/Apache and Windows/IIS are kept up to date on bugfixes.
The robustness on the Linux side even extends down to the basic structure of the TCP stack. One's available for Linux that's largely stateless (zero resource cost for half-open connections remotely initiated), and consequently can hold up to a syn flood that would swamp any Windows server with twice the muscle.
It's not just exploits; Linux servers are less susceptible even to DoS attacks that don't involve remotely exploiting the DoS target.
On the desktop side, there's no reason to expect less. In fact, there is a reason to expect less from Microsoft; whereas the M$ consumer OS has to support legacy apps and this necessarily weakens the security architecture, a server edition OS and a server app like IIS could be made far more secure. Assuming they are, even then, Linux seems to do better.
(There is a way, of course, to support legacy apps without too badly compromising security. They could be forced to run in a virtual machine with its own virtual storage devices and such -- a virtual legacy-doze box inside a modern-doze box, which would if set up right mean the virtual box would still be quite vulnerable but the rest of the system would not be. Keeping secret stuff, like CC numbers, out of the VM, and backing up anything important in the virtual box with copies outside the virtual box, would let you simply let the virtual box get messed up and whenever it did, wipe and recreate it. Depending, it might not even need internet connectivity; if used for document editing, for instance, the legacy app could be used to work on the document, and the document copied out of the virtual box, then e-mailed or faxed.
But I doubt we'll ever see M$ implement this sort of thing.
A person still can have a nearly airtight box with a virtual box supporting legacy apps, for a price, of course; they can run VMWare or similar virtual-PC software on a Linux box.
[ Parent ]
Bookmark
this page
NEWS 