Is Linux server more secure than Windows server?

by on October 9, 2007 · 8 comments· LAST UPDATED October 9, 2007

in , ,

Many new Linux user / admin asks:

Is Linux more secure than Windows?

That depends. ;-) Let me explain:

Fan boys on both sides argue to the death that their religion operating system is the best and safest to use.

Windows is harder to secure than Linux. It is the simple truth. Many IT professionals including RHCEs and MCSEs believe that Linux is more secure than Windows. However you cannot blindly accept Linux is more secure than Windows. On both operating systems you need to:
a) Restrict user access
b) Restrict service access
c) Restrict network access
d) Create backup / restore policy
e) Install and manage app level security
f) Continuously install, configure, and patch the system etc

As you see both Windows and Linux administrators requires same levels of skills. Linux is secure by design i.e. Linux is inherently more secure than Windows. Linux designed as a multi-use, network operating system from day one. For example IE / FF bug can take down entire windows computer. However, if there were the same bug in FF it won't take down entire Linux computer. Under windows almost any app level bug (read as vulnerability) can be used to take down the entire system and turn into a zombie computer.

In short,

  1. No operating system is secure
  2. Both Linux / Windows admin requires same level of skills
  3. By default Linux is more secure than Windows, but it is also open to attack.
  4. You can just make attackers job hard.
  5. Remember, security is an on going process and nothing is secure once connected to network, period.

This is based upon my own experience. I don't have a good answer here. What do you think? Do you run Windows and Linux? Please add your experience in the comments.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 8 comments… read them below or add one }

1 thumb October 9, 2007 at 10:09 pm

Personally, I find Windows is an OS that requires more attention in terms of maintenance, in the long run. (That’s looking at it from both Desktop and Server perspectives).

I typically avoid Windows where possible. If not, I set up a virtual machine and put Windows in there. (Make a backup image of the VM in case it falls to crap).

In terms of security, there’s a number of things you can do in Windows to better your odds, but when it comes down to it, I don’t really trust Microsoft from a security perspective.

While I notice they’re starting to improve their policies, it feels like there are still some fundamental issues they refuse to address or fix. So they end up slapping on security bandages and market them aggressively as new features. (Stuff like UAC in Vista). I rather rely on a third-party solution to help with security.

On Linux, everything you need to secure your systems is there or freely available on the web. (including docs, books, etc). Its doesn’t cost you money, but time to understand and master.

I prefer the Linux way. As like life, it is harder to get into but once you get over that initial learning curve, its highly beneficial in the long run. (Its like learning anything else in life, be patient and persistant).

One thing I notice, is that Linux forces good behaviour upon the user. Where as, in Windows, you pick up a disgusting habit of clicking on anything. (Explains why there is a high profit market in the security industry on the Windows desktop side).

The biggest advantage to the opensource approach is reporting bugs. You contact the developer directly. No red tape, no BS, no NDAs, no “keep this quiet because we don’t want our public image to be tarnished” behaviour. Straight forward, open, and trustworthy…Just like a good relationship with someone!

Reply

2 Zac Garrett October 9, 2007 at 11:08 pm

I’ve almost always been of the crowd that has thought that Linux was far more secure than Windows. This is because as an end user you only see desktops being compromised.

Now that I am in the server world more and more I see that both can be very secure. Securing a Windows server is slightly harder in my opinion, but that is because I’ve worked with Linux servers more than Windows.

With the proper steps both can be hardened to similar states. Linux is easier usually because most of the tools are open source. When trying to harden a Windows box it can get rather expensive to buy the correct software.

Reply

3 Sergio January 5, 2008 at 12:39 am

Creating and maintaining a secure Windows environment is actually not that hard -many tools are built-in for this, especially group policies. With a bit of effort and taste, you can create really secure, and still quite maintainble environments.

To be fair, you should not use “Linux” as a general word. Not all distros are created equal, typically the Debian-based are very secure by default, but it’s not the case for all of them !

So, neither Windows nor Linux satisfy me.

With Windows, I like the fact that it’s ONE os, not hundreds of flavours with slightly different things. But I hate the fact that, because it’s not open source, you are tied to whatever Microsoft decides to invent to improve profits. Look at Vista… The XP/2003 tandem is mature and perfect for enterprise setups, but Ms has broken so many things with Vista.

With Linux, I like the open-source philosophy. But I believe the sheer amount of available distros just makes it too hard to master something. And, I still believe Linux lacks good centralised management tools, which makes large infrastructures hard to manage. Sure, Novell is doing well with Zen, but… Where is Novell going ? I don’t know.

And last but not least, we should never forget that security is never stronger than the weakest link. I saw today a Linux server, once proudly and carefully installed and secured, sitting in the middle of a public room, with an X desktop running under root… Oh my…

Reply

4 Pushpraj Nimbalkar March 19, 2008 at 11:07 am

Too Good Vivke…….

Reply

5 Dieter June 14, 2008 at 11:39 pm

In terms of security, I don’t like open source. It’s much easier for a hacker to find exploits in an open source environment.

Reply

6 Ryan June 24, 2008 at 4:26 pm

@Sergio

I see the number of distros a positive thing for Linux. You can choose what you want your “Linux” to be like, each distro has its own general direction ubuntu is ease of use Gentoo speed and customization and the various Linux firewall projects lean towards security.

With windows your force fed everything MS wants you to use and a lot of the things they make are not user friendly at all compared to the FOSS alternative. Maybe that is caused by the developers using the program not just getting it done and sending it off to the boss. Also I know im a confident user don’t warn me about every little thing i do, the first thing i have to do on a new install is start removing MS software and putting my own it.

Also one thing that i think adds a lot to the Desktop security (not so much on servers) is the way you have to get software with Linux you use a online repository of programs that you can trust, with windows if you don’t know what to use for something you have to use Google and hope that its not a malicious program. with servers (i do at least) use software that i know is good or have tested on other machines first

Reply

7 shashank rastogi November 18, 2013 at 6:26 am

I think linux is more secure because in windows u can break the login password or u can bypass the win logon passwrd…butv in linux if the password is on kernal than u cant break the login password..

Reply

8 Linux Administrator March 12, 2014 at 6:12 am

Thats not true! Dont talk about security issues on systems you dont know about.. such a rubbish blah..

Reply

Leave a Comment

Tagged as: , , , , , ,

Previous post:

Next post: