[bluewanders]

I am Linux.

Mac = nanny + too many rules
PC = bloated + insecure.

Of course thats just my opinion... Ive had to use both Mac and PC at work... Mac doesn't offer anything that I couldn't live without... and PC has so few things that Linux doesn't do better for me, where theres a program or some such that has to have windows I can run a virtualbox. But... that is so infrequent as to be negligible.

[Syndil]

PC = bloated + insecure.

The "security through obscurity" argument is the only way you can be making that statement. Underneath the direction of an IT director that actually knows how to do their job, this is not a true statement. If you're speaking about a standalone computer, then that argument really depends on the person behind the keyboard.

[bluewanders]

I wont let this turn into a fan boy flame war... because Im not really a fan boy... just a happy user.

I think in the end... "my opinion" was the most important phrase in my post.

It is my opinion based on my own experience, and using Backtrack for penetration testing... that the Linux distributions I have used are more secure out of the box than a windows install. The caveat here, is that windows can be secure if you make an effort. I dont want to make an effort... I dont want to have to test myself for ports left open and such. I want it to be effortless... I want my computer illiterate friends and family who "dont think" to be as safe as possible when they do stupid things. And yes... I realize some of that security they enjoy from their own stupidity is due to "obscurity"... but I also strongly believe there are just fewer holes to exploit. I also prefer the ease with which I can recover them when they do mess up. I also dont want to have to run resource consuming virus protection constantly... again... security through obscurity? Or simply fewer holes in the defense? Thats not for me to judge... I dabble in security as an amateur hobby... but im a robotics guy, not a security expert. If you are an expert... I can happily admit when Im wrong, but it wont change my usage model at all.

Your opinions may vary and so might your mileage. I dont fault you for either...

[thomas92]

PC/ win7. I prefer the taskbar, ff4 works better in win7. it's better for gaming and coding. It is much cheaper. Better handling for sharing files between computers through wifi. Better performance with the same hardware. More compatibility with peripherals... and i could go on

[Syndil]

I wont let this turn into a fan boy flame war... because Im not really a fan boy... just a happy user.

I think in the end... "my opinion" was the most important phrase in my post.

It is my opinion based on my own experience, and using Backtrack for penetration testing... that the Linux distributions I have used are more secure out of the box than a windows install. The caveat here, is that windows can be secure if you make an effort. I dont want to make an effort... I dont want to have to test myself for ports left open and such. I want it to be effortless... I want my computer illiterate friends and family who "dont think" to be as safe as possible when they do stupid things. And yes... I realize some of that security they enjoy from their own stupidity is due to "obscurity"... but I also strongly believe there are just fewer holes to exploit. I also prefer the ease with which I can recover them when they do mess up. I also dont want to have to run resource consuming virus protection constantly... again... security through obscurity? Or simply fewer holes in the defense? Thats not for me to judge... I dabble in security as an amateur hobby... but im a robotics guy, not a security expert. If you are an expert... I can happily admit when Im wrong, but it wont change my usage model at all.

Your opinions may vary and so might your mileage. I dont fault you for either...

Fair enough. But yes, IT consulting is what I do, so for someone to suggest to me that Linux is inherently more secure, I have to defend PCs. Otherwise, my clients would be asking me, "If this is true, why aren't we running Linux?" It's fairly easy to secure Windows, especially in a domain environment with policy enforcement, and the ease-of-use for day-to-day business stuff cannot be beat. Couple that with all of the excellent security and backup software... Yeah, takes a bit of cash, but in business, time is money. Most would prefer to spend money on a tried, true and familiar solution than to save a few dollars but potentially run into headaches later. Linux to me is still a hobbyist OS for tinkering with, not suitable for enterprise deployment--except perhaps as pre-packaged and well-supported distros for VM hosts. But as you say, YMMV.

[bluewanders]

Fair enough. But yes, IT consulting is what I do, so for someone to suggest to me that Linux is inherently more secure, I have to defend PCs. Otherwise, my clients would be asking me, "If this is true, why aren't we running Linux?" It's fairly easy to secure Windows, especially in a domain environment with policy enforcement, and the ease-of-use for day-to-day business stuff cannot be beat. Couple that with all of the excellent security and backup software... Yeah, takes a bit of cash, but in business, time is money. Most would prefer to spend money on a tried, true and familiar solution than to save a few dollars but potentially run into headaches later. Linux to me is still a hobbyist OS for tinkering with, not suitable for enterprise deployment--except perhaps as pre-packaged and well-supported distros for VM hosts. But as you say, YMMV.

Linux is definitely not an impregnable fortress... for sure. I do think we have differing views on the subject because you come from an enterprise environment consulting large networks and I administer for a small group of less than 30 computers not networked to each other. I have no experience with ANY OS at an enterprise IT level. On my front... the friends of mine that use windows machines are always an administrator account so they dont have to much around with permissions they can just do whatever... which causes problems because they can just do whatever. The windows registry puts all kind of resources in the same place as well. And the access protocol for the registry still isnt all that robust... even on win7 where theve made some good improvements. The whole system is dependent on it too.

Anyway... I think most of the security problems come come from user privileges and poorly written third party applications. Again... I will point out that this is my uneducated amateur opinion.

As far as privileges go... I think Windows is still very much a DOS shell that was never meant to be networked to other computers and has been hacked at and hacked at with these wild Rube-Goldberg indirect methods for multiple user permissions and security in a networked environment. Where Linux, being one of the Nixs, was built with the multiple user model right from the start. That lets the model be a lot less complicated... so there are fewer exploits in the kernel and APIs and such.

Most of security I think though has to do with what you allow the general user to do and what you dont allow...

With third party applications I think one of the fundamental weaknesses in both OS is the C family of programming languages... they let programmers play fast and loose with variable definitions and pointers and such. I dont know how familiar you are with programming as an IT consultant... but this is more in my alley. C is a really loose language... and Ive noticed that a lot of the exploits Ive read about have to do with buffer overflows. It has to do with C allowing you to write past the end of a string without a warning or exception. Theres no run time constraint checking of any sort in C... so a program can be compiled with all kinds of holes. Im trying not to get too technical here, please dont think im trying to insult your intelligence. In this respect Linux is a much more controlled environment. My windows friends download all kinds of crap they dont need. Stupid screensavers, games, browser bars and a million other things they have no business putting on their computer. And since most of them run as administrator all of the time, along with the monolithic structure of the windows registry... these little programs (along with pretty much every program on their computer) have access to EVERYTHING and can wreak damage. Those same exploits exist in 3rd party programs in linux too... but there just isnt as much exposure so they dont get much attention. Thats the obscurity you are talking about... both in the availability stupid installs (there isnt as much available to install for a Linux user) as well as simply not having the user base to attract attacks... but even then... if an exploit is used, the program doesnt have as much access to system vital points in a Linux machine... configuration files are modular and scattered in multiple places around the file system... while most programs can only touch the user specific home directory.

I agree with you though... Linux is still a hobbyist OS... it will never move into the enterprise theatre until it becomes a "supported" os and there are options for cost effective migration. And linux can sometimes still be as friendly as a bag full of angry tomcats...