Is Microsoft Windows Security a Myth?

Geek!This is Sushruta’s submission for the HP Magic Giveaway. Feel free to leave comments for this article as you see fit – your feedback is certainly welcomed! If you’d like to submit your own how-to, what-is, or top-five list, you can send it to me. Views and opinions of this writer are not necessarily my own:

Any Linux geek would tell you Linux thrashes Windows in more ways than one. But does it? And why? What makes a system better than another? At this stage, are they even different at all?

If there were no Windows vs. Linux battles, the geek life would have been notably duller. Technology forums would inevitably get boring, and life would generally never be the same. The most contentious issue, of course, is security — Windows is notorious for not having much in that department. However, Vista is loaded with a bunch of new security measures, and claims to be able to thwart malicious software better.

What makes an operating system more secure? The way it’s built, of course. And that is the question we’re asking. But first, some myth-busting.

The biggest security breaches occur when malware is allowed to run with on your system with elevated privileges — which means that it has access to critical programs and data that only your system’s kernel should have. Once it’s reached that level, your PC becomes its humble servant, and can be brought down at the slightest whim. Who gives this malware its privileges? Well, you do.

With Windows XP, the person who installs the operating system becomes the Administrator, so if you’re the only one using your PC, you’ve got the privileges to wreak all sorts of havoc, should you choose to. Consequently, any application you install and run is also accorded the same royal treatment, no questions asked. Now add to that the fact that Windows’ system services run under a user account called SYSTEM (you can check this out in the Task Manager)—the most powerful account on your system, with access to everything critical—and that the first processes that malicious programs hijack are system services. You’ll be drawing pretty accurate conclusions by now…

Vista, thankfully, changes this. The user who installs Vista is still part of the Administrators group, but even this administrator runs with regular, limited privileges. When administrative tasks—including installing new programs—need performing, User Account Control (UAC) kicks in, telling you that you need to give the task a go-ahead before it, well, goes ahead. If you read the UAC prompt and don’t know the program it’s warning you about, you can prevent it from running. But what if you’ve blindly allowed the task to continue ?

Services in Linux run as separate users, with access only to files that they own; more often than not, they don’t even have the rights to use the terminal, so they can’t run commands or start other services. This is where the multi-user approach comes handy again—since users are isolated from each other, services can’t access the data used by other services. The Apache server, for instance, runs as a user called www-data, which only has access to the Web pages it serves. If a hacker exploits an Apache vulnerability to get into the www-data user account, he can’t really do much to the other services, because www-data doesn’t own those files. He can, however, mess with Web pages, so while this isn’t a doomsday scenario, it’s certainly not ideal.

What is the scope of the damage it can do? Again, with both Linux and Vista, damage caused by malware is restricted to the service it exploits, and the files that the service can access. What happens when the malware goes about its dirty deed? With Vista, if a critical service—like the Remote Procedure Call (RPC) service—is compromised, all manners of chaos may ensue. Every application under Windows needs to use RPC, so you’re sunk without it. With Linux, services aren’t as tightly integrated with the OS, so while your Linux PC can be crippled—some applications won’t run, you may not have network access and so on—the kernel is still safe, which means that with a little root wizardry, it can be brought back to life again.

Bottom line: for daily desktop use, both systems are equally secure — but if things do go wrong, they go more wrong with Windows.