On Thu, 2004-02-05 at 17:07, Joao Ribeiro da Silva wrote:
Try to map a network drive or even access to your CD-ROM it will tell you that only the system administrator can do that
That's rather system dependent. I believe in the HURD, for example, any user is able to mount filesystems in their workspace.
On windows virtually any user can delete, create or modify any files, becuase by default your user is the system administrator.
That's not true of any modern Windows OS, and hasn't been for years. On the other hand, Lindows OS does ship like that (I believe), so it's true to say there are modern GNU/Linux OSes that do ship in that state.
There are reasons why Unix is "more secure" than Windows; virtually all of them are basically down to applications. The current MyDoom worm doesn't rely on any Windows insecurity; it could probably just as easily have been implemented to attack Unix users. Perhaps our apps are designed slightly differently, and we don't have the 8.3 backwards compatibility, so the trick it uses wouldn't work against us, but it is still in essence a social attack rather than a software attack.
To be honest, I'm not necessarily convinced that it's possible to say one is more secure than the other. There don't appear to be any good metrics to measure which is more secure. Certainly, Unix has the better history. But Windows has a stronger architecture, and ought to be better in theory. Microsoft are also introducing stuff like NX soon - marking areas of memory as non-executable. Of course, that's been possible on Linux for many years, but no-one has ever shipped Linux with that configuration (to the best of my knowledge, Fedora Core 2 will be the first?).
I think I would be more interested to see statistics on the applications available: I would strongly suspect that IE and Outlook are by far the most insecure software in common use today, and that would be the area in which free software would have more advantage (better/more consistent programming practices especially). Although IE is thought of as a system component, I'm told it's still possible to separate it/run it standalone on other Windows systems. Therefore, I would still class it as an application, and I think it's the Windows applications which are weaker than Unix counterparts.
Cheers,
Alex.