Windows XP More Secure than Linux

Anyone who tracks security vulnerability reports knows of the ridiculous amount that reference holes in Linux. For whatever reason this is never talked about and Linux gets this magic aura of invulnerability. Part of the confusion lies with the complexity of the open source Linux model that separates Linux "Distributions" from Linux "Kernel" vulnerabilities. Now if you start looking into and adding up Linux "Distribution" vulnerabilities that can take you into the hundreds upon hundreds of security holes that are never talked about. To simplify things I took the latest Linux Kernel v2.6.x and compared it to Windows XP. This is more than a fair comparison for the shocking results to follow.

As with Firefox, Linux vulnerabilities are frequently lumped together in single advisories misleading the true vulnerability count:



Windows XP -170 Advisories = 213 Vulnerabilities.
Linux Kernel v2.6.x - 108 Advisories = 231 Vulnerabilities.

Even with open source advocates finally admitting that Linux is insecure they still try to claim it is more secure than Windows. Too bad this is now proven to be another myth.


Windows XP is more secure than Linux and sexier ;)

Open-Source is not necessarily Free

"Open-source software is required to have its source code freely available; end-users have the right to modify and redistribute the software, as well as the right to package and sell the software." This is the formal definition. When you dig deeper you find that the common perception of open-source and no cost, "free" software gets kind of blurry.

"Despite apparent similarities, open-source software is distinct from free software. The Free Software Foundation's (FSF) free software definition is more restrictive than the Open Source Definition; as a consequence of this, free software is open source, but open-source software may or may not be free."

Now granted a large majority of open-source is indeed free but the fact that some isn't I'm sure is slightly alarming to the socialists among us. Here again is the real point, people talk about how great open-source is and pander it's ideology. When in reality all anyone truly cares about is one of two things:

1. It is Free Software
2. It is Anti-Commercialism/Capitalism, in other words - Anti-Microsoft

Programming is not an easy quick task that many are willing to do for free. I'm sure some nieve idealists would if they had some other way to live. The fact of the matter is the best open-source projects are money makers and/or are backed by large corporations who have talented programmers and engineers on the payroll. Some of the most popular and well developed open-source projects such as OpenOffice and the Mozilla Project which inclues the Firefox web browser and the Thunderbird Email Client are funded by Sun Microsystems which for various reasons has legitimate issues with Microsoft. This is one reason these projects exist as open-source and are in such a highly finished competitive state. They compete directly with Microsoft's Internet Explorer, Outlook and Office line of software.

The big picture becomes even clearer when you look at the most successful open-source Linux distribution Red Hat. Their business model is of selling software with support packages for the server market. The key word here is they are "selling" open-source software. Idealists and Socialist fail to grasp the concept that you need money to live. In this respect you start to see why certain open-source advocates are quick to separate themselves from the public perception that open-source is free software. They instead focus on the ability of open-source to be easily modified and redistributed. Fair enough but this is far from commonplace.

I'm sure if you talk to enough open-source advocates they will all admit to using this feature of being able to modify the software. Now in reality how significant the personal modifications are as opposed to the large majority that wait for the handful of actual open-source developers to release their latest build seems more likely. In which case you get back to the fact that the majority uses open-source for one of the two reasons I mentioned above. In which case you have hypocrisy.

Open-source appears to be free when it is convenient. Right now it is very convenient. Microsoft is the big bad guy on the block and marketing the free alternative plays to the idealists. If all open-source software was truly free then you could do anything with it, including sell it as your own. Try selling Red Hat's Server software as your own, that's what I thought. I honestly don't care what any open-source advocate tries to say to change what they think the public's perception of open-source is. The general public considers open-source software as free, no cost software. Very little if any attempt is made by the open-source community to change this perception. If anything it is the driving force behind its success. This is almost as bad as the misleading perception that open-source is this huge public development community. Tell that to the closed group of paid programmers and engineers on Sun and IBM's open-source development teams.

I don't necessarily dislike or have a problem with open-source, rather I am very cynical about the economics behind it and the misleading public perception of it. Can open-source truly be free? In certain situations I believe it can but as a whole, economics has a way of bringing reality to even the most idealistic of us all.

Windows Wish List

Computing zealots rarely win many followers - as I need to periodically remind the more "enthusiastic" members of my Linux User Group. Windows has its place, so does Unix, so does MacOS. The ultimate goal of a computer user is to maximize functionality. Unfortunately, there simply isn't the "perfect OS".

Many articles have been written about how Linux could be made better. Those articles usually compare Linux to Windows with the arrogant assumption that Windows does “it” perfectly and in order for Linux to have more adoption it should model itself after Windows. In Windows, everyone out of the box is treated like a newbie. Someone with the ego of a Power User resents this treatment. On first boot, the user can't do anything until they click the Start button. Now we know that a rat in a maze feels like. My purpose for writing this is to share a wish list of features that would make Windows more usable and less hated by the computing elite.

1. Decent file system.
For a power user, the simple fact that a file system needs to be defragmented instantly puts that file system in the "sucks" category. This is one area in which Linux beats Windows hands down. Linux has literally dozens of file systems to choose from. The best ones are journaled and use advanced oct-tree algorithms to balance the load on hard drives. They keep up with available disk space and only fragment files when disk space is critically low. Journaling allows a file system to recover from an unexpected power loss with a high confidence of no data loss. Microsoft has been promising a new file system for over a decade now. WinFS was supposed to be part of NT4 and even delayed its launch. WinFS was supposed to be part of Win2000 and even delayed its launch. WinFS was supposed to be part of WinXP and even delayed its launch. (See a pattern?) IBM proposed the journaled file system during its OS/2 days, but Microsoft and IBM stopped collaboration before IBM could finish it for them. Probably the most attractive issue is the ability of the Linux user to choose which file system they want depending upon function. Ext3 is fine for the casual user. A Power User building a dedicated server will probably choose ReiserFS.

2. Internet Explorer
Internet Explorer 6 is now over 3 years old. Why doesn’t Microsoft fix it? What are they waiting for? Alternatives such as Mozilla and Opera offer great features such as tabbed browsing, pop-up blockers, smart integrated searching, and smart downloading. Is Microsoft planning to deprecate IE? If so, why is IE so entrenched into the core OS? IE is literally a window into Windows! If mal-ware can take IE, it has the OS. In 1997, Microsoft declared Netscape a non-issue with Internet Explorer taking 95% of the browser market share. Today Mozilla (and derivatives) take up 20% of the market and gaining. Why is this? I’ve been using Mozilla for the past 4 years or so because of its transparency between Windows and Linux. I didn’t realize how awful the Internet experience was for IE users until I recently had to lend a hand to a neighbor. He has a newer Dell home PC with cable Internet access. We’ve all heard the complaints from novice users: “My computer was fast when I first bought it, but now…” This poor guy’s computer was eaten up with spy-ware. To his credit he had the Norton System Works installed so he had a firewall and virus protection. We downloaded Ad-aware6 and cleaned out hundreds of recognized objects. The act of navigating the web to find Ad-aware was a miserable experience. Pop-up ads were everywhere, and Pop-under ads behind them. He asked me how to get rid of them. Another Mozilla Firefox convert was born.

3. If you know a feature will be annoying, why adopt it?
How many times have you heard someone say: "I'm so glad Microsoft put Clippy in Word!” Probably never. Who in their right mind wants an assistant to pop up and announce: "It looks like you are writing a letter. Would you like help?" Of course not! The reason it looks like I'm writing a letter is because I know how to write a letter! Now, instead of concentrating on the content of the letter I am annoyed and have to dismiss the assistant. Let's say you are having a less stressful day and have a little time to indulge the assistant and tell it to show you some letter templates. What does the little guy tell you next? "The feature you requested is not installed, please insert Disc x of Microsoft Office xx". What the hell is Microsoft thinking? Office is supposed to make your working environment more efficient. Where is the human-machine-interface research they like to brag about? This scenario has driven lots of people to alternatives such as Open Office.

4. Security.
Why do users have to acquire third party software to keep Windows secure? Shouldn't an OS be secure by design? For example, the only way to write to the system files of a Unix OS is to have root privileges. Period. The only way to acquire root privileges is to have the root password. That simple paradigm of OS management stops the vast majority of virii and mal-ware from ever gaining traction on the Unix platforms. In Windows, the system areas are openly available for anyone to write to. Anyone (including virii and mal-ware) can add and delete dynamic libraries from the System32 with impunity. This is unacceptable to a Power User. I don’t consider switching to my root account to do system maintenance an annoyance.

5. Strict Memory Protection.
In all versions of Windows NT until WinXP SP2 it’s possible for a program to write outside its memory space. For example, one can write a simple C program that writes a character, then insert a tab, then backspace more than 6 spaces. This simple program writes over whatever information is stored in the memory location immediately preceding its allocated space! Incidentally, this program instantly causes the famous Blue Screen of Death. The Java language self enforces memory protection. The Java Virtual Machine won’t let a Java program write outside its allocated memory space. This “feature” is unnecessary in Unix, but a lifesaver for Windows users. Many in the industry consider this part of the Java language to be a poke in the eye to Microsoft from Sun.

Doug - Contributing Author