Windows Security vs. Linux Security

If you’ve switched to Ubuntu from Windows, there’s a very good chance that the security failings of Windows featured in your decision. Windows 7 contains many improvements, but Microsoft’s record on security over the past few years has not been great. New and serious security warnings have appeared on an ongoing basis, and even now, new and devastating viruses and Trojans make news headlines with worrying frequency (usually described as a PC virus rather than what it actually is—a Windows virus). One argument is that Windows is the target of so many viruses merely because it’s so popular. Although it’s true that some of those who write viruses do so because they dislike Microsoft, there’s also little doubt that Windows has more than its fair share of security issues.

Many people are still critical of Microsoft’s approach to security. For example, from Vista onwards, Windows includes User Account Control (UAC) dialog boxes that appear whenever a system-affecting action is required. However, they are so common that many people stop reading what they warn about and simply click OK by reflex. Many even switch them off. Compare that to Ubuntu: Similar dialog boxes appear whenever a system-affecting action is required, but the Ubuntu password dialog boxes have more of an impact because they appear far less frequently than UAC dialog boxes on Windows. Also, on Ubuntu the user’s password must be entered. This forces the user to stop and think rather than simply click a mouse button.

Although Windows 7 offers reasonable security, Windows XP, Microsoft’s most popular operating system (OS) to date, is considered an easy target for hackers and virus writers. Upon installation, the default user is given administrative privileges. True, a handful of tasks can be performed only by the genuine administrator, but the default user can configure hardware, remove system software, and even wipe every file from the hard disk. Although you would never intentionally damage your own system, computer attackers use various techniques to get you to run malicious software (by pretending it’s a different file, for example) or they simply infect your computer across the Internet without your knowledge, which is how most worms work.

Viruses and worms also usually take advantage of security holes within Windows software. As just one example, an infamous security hole within Outlook Express a couple of years ago allowed a program attached to an e-mail message to run when the user simply clicked a particular message to view it. In other words, infecting a Windows machine was as easy as sending someone an e-mail message! It’s a different story with Linux. Viruses and worms are far rarer than they are on Windows. The reason for this is that Linux by design has some items that make it secure and resilient for viruses. As strange as this may sound to a Windows user, you can have a PC without viruses.

But although we would love to say that security holes are not found on Linux, the sad truth is that they’re a fact of life for users of every OS. Many so-called rootkits—specialized software toolkits that aim to exploit holes within the Linux OS and its software—are available.

The bottom line is that although writing a virus or worm for Linux is much harder than doing the same thing on Windows, all Linux users should spend time securing their system and never assume that they’re safe.