Monday, November 5, 2007

Why Linux is better than windows for virus outbreaks

The age old "discussions" that float around the internet in regards to Linux and windows security are contentious ones. It all seems to boil down to Linux people saying that Linux is more secure and windows people saying that it is not. In this case the windows guys are right, with exceptions. People who are in the know, know, that any operating system is only as secure as it is configured and patched. I still say that even though both operating system can be properly configured and patched, in the event of a virus outbreak (and there will be one) for any operating system, Linux will handle the outbreak far more gracefully than windows. This is because of the fundamental design of the Linux operating system compared to windows. Linux was designed from the start to be used by multiple concurrent users while windows has evolved from a single user model. Much of the single design model is still inherent in the most modern version of windows. In terms of a virus infecting a machine the infection is of far greater consequence to a windows machine than a Linux one. It all come down to how the different operating systems access the underlying system programs. These programs, if taken control of and modified, gives the virus complete control of the system and allows it to do what it wants. While the windows security model has come a long way there is still too much interaction between the user space and the system space. The user space is the group of programs which the user generally uses to do their daily tasks and the system space is the group of programs that control the system. If a virus infects a windows machine it immediately has access to very important system files which allows it to access every other user on the machine and use that users information to propagate itself. If the equivalent virus infects a Linux machine the area of the virus's effect is limited to that user. Due to the nature of Linux operating system design the other users are not effected. This is of course assuming that the user does not have administrative or root privileges. Cleaning up after a virus infection is also much easier on a linux machine. In the worst case all it takes is deleting all the "." files and directories in the users home directory and when the user logs on they will be presented with a default desktop. With windows it is much more difficult as the virus is able to spread itself all over the system and make many registry changes that the average user cannot be sure have been cleaned out. Just deleting the users home directory is not enough. Perhaps the most important difference between the two operating systems is that of patching and upgrading. While windows has an automatic patching process it does not cover any programs not produced by microsoft and any other third party programs must have their own mechanism for patching, if they even bother. Most Linux distributions automatically patch and upgrade not only the core operating system but any program installed from their repository. This provides a central, synchronized area for keeping a Linux system completely up to date and reducing the risk of a virus getting access through a forgotten unpatched program. With the latest version of windows I am not too sure so I will use XP as an example. Adding new users to a windows machine they are automatically selected as a standard user of the power users group. This enables the users to install programs and make system setting changes. Just enough for a virus to install itself and start operating. Adding a new user to a Linux system, Kubuntu for example, by default gives the user the windows equivalent of guest privileges. This means the user can run the programs but not install programs or make system setting changes. This will prevent most viruses from installing themselves. Just that small difference in operating system approach is all that is needed to prevent the majority of virus infestations while still maintaining operating system usability.

No comments: