Is Linux server more secure than Windows server?

Posted on in Categories Ask nixCraft, Linux, Windows last updated October 9, 2007

Many new Linux user / admin asks:

Is Linux more secure than Windows?

That depends. ;-) Let me explain:

Fan boys on both sides argue to the death that their religion operating system is the best and safest to use.

Windows is harder to secure than Linux. It is the simple truth. Many IT professionals including RHCEs and MCSEs believe that Linux is more secure than Windows. However you cannot blindly accept Linux is more secure than Windows. On both operating systems you need to:
a) Restrict user access
b) Restrict service access
c) Restrict network access
d) Create backup / restore policy
e) Install and manage app level security
f) Continuously install, configure, and patch the system etc

As you see both Windows and Linux administrators requires same levels of skills. Linux is secure by design i.e. Linux is inherently more secure than Windows. Linux designed as a multi-use, network operating system from day one. For example IE / FF bug can take down entire windows computer. However, if there were the same bug in FF it won’t take down entire Linux computer. Under windows almost any app level bug (read as vulnerability) can be used to take down the entire system and turn into a zombie computer.

In short,

  1. No operating system is secure
  2. Both Linux / Windows admin requires same level of skills
  3. By default Linux is more secure than Windows, but it is also open to attack.
  4. You can just make attackers job hard.
  5. Remember, security is an on going process and nothing is secure once connected to network, period.

This is based upon my own experience. I don’t have a good answer here. What do you think? Do you run Windows and Linux? Please add your experience in the comments.