[maemo-users] Unix vs Windows security (was Re: Nokia device usage)

From: Farrell J. McGovern farrell.mcgovern at gmail.com
Date: Thu Mar 12 07:24:00 EET 2009
ScottW wrote:
> The Mac and *nix world needs to stop gloating about their clean record so far and keep an eye out for what is to come.  Dues to the learning curve of the OS, the users were more "enlightened" than the common computer user, but now these are  more wide spread and the common user will be using them.  The conspiracy theory people say that Antivirus companies are the ones making most of the viruses so that they have a product to sell, well there is a market out there just waiting to be tapped.  Norton AV for Mac is on the shelves even though there is only really 1 documented virus, and people buy it.
> The good ole saying: "The devil's greatest accomplishment was to convince everyone he does not exist"... well the Linux virus does not exist.
You are, of course, making the classic mistake of not understanding 
security on computer operating systems. Popularity has little to do with 
how vulnerable a system is.

Fact: Windows XP is about 12 years old, Vista/Windows 7  maybe 5. Unix 
is 40+ years old.

Face: Unix was designed for a mult-user, multi-processing environment, 
Windows was designed for a single user, single application  at a time  
environment, it has  had mult-user and multi-processing added on to it.

Thus, most everything that can affect Windows today was probably seen 
and corrected on the architectural level decades ago in Unix. Even the 
simplest thing of making the user work in a non-privileged workspace is 
one of the basic things that Unix has done for decades, while it is a 
relatively new idea in Windows.  Thus, if you compromise the workspace, 
you don't compromise the system.

Next, you have the fact that to make things really fast in Windows, you 
have graphics primitives in the kernel. This means that to compromise 
the entire system, all you need to do is compromise a graphics 
routine...and as almost everything is graphical in Windows...compromise 
the Browser, you can own the system...compromise the mail reader, you 
can own the system...compromise  an editor you can own the 
system...compromise an ERROR MESSAGE, and you can own the system.

With Unix, very few things can access the kernel. If you compromise the 
Browser, you may compromise the user's workspace, but the system remains 

Generally, in Windows  it's a single  set to compromise the entire 
system...on Unix, it takes usually two more more steps, first you must 
compromise the userspace, then you must compromise the kernel.

Ultimately, it takes a lot more work to compromise a Unix system than a 
Windows system. And that makes Unix and systems derived from Unix 
inherently more secure than Windows.

     Farrell McGovern

Computers make very fast, very accurate mistaeks.

More information about the maemo-users mailing list