Security Through Obscurity

Posted Aug 22, 2005 10:20 UTC (Mon) by Felix.Braun (guest, #3032)
Parent article: The worm that didn't turn up (Guardian)

I can't help but think that this sort of testimonial is a double edged sword: While it is good to remind everybody that there are viable alternatives to the mainstream Windows desktop, this article makes it seem as if by making the switch to one of these alternatives, all troubles will automatically cease "no special geeky skills required".

In my opinion this is not true. Computers are complex beasts. Getting security right is difficult and using Linux or other Free software is no silver bullet. Conversely, with a decent understanding of the issues involved, it is perfectly possible to run a stable and secure system on Windows.

The advantage that Linux does have (don't know about MacOS) is that the underlying system architecture has been designed with security in mind, so that it can be made more difficult by the system administrator or distributor to mess things up. In my experience this is not true of Windows. The default install requires lots of more tweaking to become a secure and controlable environment.

However, if new users make the switch to an alternative OS believing that this will magically fix all their problems, they will be disappointed.

You're safer playing with a play-it-safe crowd

Posted Aug 23, 2005 0:05 UTC (Tue) by xoddam (subscriber, #2322) [Link]

> using Linux or other Free software is no silver bullet.

True, but the fact that the free software ecosystem is inhabited
largely by security-conscious administrators and more secure
default configurations means that the chance of being compromised
will remain much smaller if you're running such a system. I
reckon this will continue to be true even as free software becomes
a preferred choice; population is significant but perhaps not the
most important variable.

It's like immunisation. As long as a large proportion of the
population is immunised against the old plagues, the incidence
is minuscule; a minority of parents can choose not to inoculate
their children and get away with it. But as the proportion of
unprotected children in schools and kindergartens approaches a
critical mass, epidemics become increasingly likely to recur.

Security Through Obscurity

Posted Aug 26, 2005 16:31 UTC (Fri) by giraffedata (guest, #1954) [Link]

The advantage that Linux does have (don't know about MacOS) is that the underlying system architecture has been designed with security in mind,

I know it's an open question why worms are less of a problem for Linux, but I think I have to rule out security-conscious design. It can't be that because it doesn't matter how many security holes there are; one is enough. And Linux does occasionally have them. We read in LWN all the time about Linux bugs that allow someone to take over virtually everybody's Linux system, but it never happens.

Another theory of Linux's superiority is that Linux users are more likely than Windows users to apply the fixes before someone can exploit them. One fact in support of that is that, regardless of how many security flaws there are in Windows, nearly all Windows worm infections wouldn't happen if all the Windows systems were up to date (i.e. the fix was available before the infection). That makes it look like a problem of applying fixes, not of existence of bugs that need to be fixed.