Considering that it would have been laughed at by the unix/linux people to suggest windows as a internet connected server until the 2000 era, is that argument now laid to rest?
Aside from nix admins who dont want to lose their lucrative admin positions(because certain jobs take ages compared to windows, and vice versa) is there any reason ASIDE FROM COST, that linux is more secure after a professional has setup windows?
Considering the performance of modern hardware, I believe now that the tools and ease of use of windows platform make it an equally viable server platform.
Unless you require Open source technology that are ideally deployed on Linux, I see no reason for people to roll their eyes at windows, or ignore it as a viable platform.
What do you think?
The major problem with security is not actually with the platforms themselves, but with the popularity of windows. There are security holes in any system, its impossible to prove that bugs don't exist in anything but the most trivial of software. Windows and Linux both contain security holes that haven't been uncovered yet, however because of Microsofts popularity as a desktop OS, people looking for holes are more focussed on looking for holes in windows, because often there is more for them to gain by hacking hundreds of windows desktops, and unfortunately these hacks usually apply to server OS's as well as desktops. If Linux had become the dominant desktop OS then I think the situation would be reversed.
With the most skilled sysadmins, you can make any OS secure, however you cannot (without re-writing the OS yourself!) account for holes in the OS, not have not yet been discovered. WHen they are discovered its more down to the speed of the vendor providing a fix for the problem, than the sysadmins skill at securing the server. Most of the security breaches you hear of today are not due to lax system administration, but to a previously unknown security hole in the OS. Linux is as vulnerable to these as Windows, its just more people are looking for them in Windows.
I guess there is a greater visibility of the system under Unix-like systems. The Windows compulsory GUI approach hides lots of details, sometimes important ones. For real security it is imperative that you possess the most information about what happens on the machine, and what measures are taken and to what extent. I dislike windows for hiding this all.
I really think, that this question rather then being real question is flame bait. But I'll give it a serious answer anyhow:
Consider for example services such as web server or MTA. In Windows they run with administrator privileges (eg. IIS runs as LocalSystem), while in Unices and Linux that's the way it was done… some 15 years ago. Since then each service has it's own, limited account.
Is it possible to have secure Windows site? Well, this site is example of such. But on the other side, there are millions of secure sites running Linux. Google, Amazon, Facebook, YouTube, Digg, Flickr…
Unix people may scoff, but as long as you're diligent in applying patches, I think it's getting pretty close. Windows seems more prone to attacks simply because it's a bigger target. There are way more Windows machines out there, so that's where the malware authors dedicate their time. Also, Unix users on the whole tend to be more knowledgeable than Windows users, so it's more likely that your average Windows machine on the net is insecure than your average Unix machine.
I'm sure there are very few, if any, viruses that attack BeOS, but that doesn't mean that BeOS is the most secure OS ever. There's little point in virus authors writing BeOS viruses since extremely few people run it. That's an extreme example, but it's the same principle for Windows vs. Unix viruses. The more market share Unix / Linux / Mac OS X gains, the more malware you will start to see for those platforms.
They're about the same. The advantage Linux has is you can pull components out you don't want or need, more so than with Windows. So if a vulnerability pops up in one of those components, you're still golden. With that said, a properly hardened Windows Server OS and IIS should be just as resistant. For instance, look at the interview with Charlie Miller. He took out Safari in seconds at PWN2OWN. He had an exploit for Chrome, but the sandbox + the OS protection is too much. And that's a good point. There's an awful lot of security built into the OS now. So chances are if you're going to be gotten, it's going to be a weakness in the web application itself.
Short answer, yes.
Looking at it the other way, both (or basically any) systems are easily made rather insecure - mostly by inexperienced administrators but there's a lot of other factors as well. Security is so much more than just technology.
And is this a server-use question? Because when it comes to Windows on the desktop - the sheer amount of client applications (many extremely good or best of their class) makes for a much bigger hole and easier target. The server-side I'd say is on a more equal footing, at least if you keep up with new releases and best practice configurations for both systems.
The issue is that the Windows OS is closed, and no matter how many patches they release, they simply leave doors open for others to get in by design.
While I'll agree that Windows is reasonably secure. But by definition it is by no means on par.
The argument that Linux is less popular and therefore less attractive as a target doesn't hold up for servers at all. Linux is typically targeted first because it is an easier platform to work with remotely. (because it was designed for such things)
I would say that with an expert sysadmin/engineer, windows is just as viable and secure as linux. I'm tired of OS flame wars, anyone who involves them self in them simply shows that they don't understand computing.
Unfortunately there aren't many expert windows sysadmins out there. I've met a handful in twelve years that were capable. I don't mean being able to get a website up and running, I mean someone who is capable of digging deep into problems because they understand how computers work and can dig into areas like crash dump analysis. I'd also say that unix sysadmins are much more likely to have a wider field of knowledge.
The "Windows == bigger target" argument is actually double-edged. Because millions of Windows installations over the world are being actively attacked, it also means that Windows has more fixed security vulnerabilities than Linux does. Those legions of patches every month? They're fixes for security vulnerabilities that have been discovered. And it's not the vulnerabilities that you know that you need to worry about, it's the ones you don't know.
Aside from that I don't believe that either OS is intrinsically more secure than the other. The differences are down to the implementation, how it's used, and the other security-related scaffolding that exists around it. A Linux box with a root password of "password", no firewall, and connected directly to the internet won't be secure, despite it being Linux.
A competent set of admins can run Windows or Unix servers securely. Less competent admins will have security holes regardless of OS. That being said, the two problems I have with Windows as a server platform are
It's too much like a workstation. RDP is used to manage it 9 times out of 10. This encourages admins to use it like a workstation. Every Windows shop I've been in it's common practice to use IE on the server to browse the web when working on a problem on that server. The enhanced security for IE on the serer is generally turned off immediately. This is a HUGE attack surface that's almost never an issue on a Unix server. This is something that can be taken care of by better policies, but it's not something you have to worry about on a Unix server.
The privilege system is opaque and hard to understand. While it's very powerful, it's often not clear exactly which permissions you need for certain actions. This very often leads to admins throwing up their hands and granting administrator privileges to an account in order to get the job done.