Snappy the Clam

Because I'm a dork, I'm going to crosspost something I wrote on Tribe.net's Linux forum about security and what-not...

"Don't fool yourself into thinking Linux is more secure."

I don't have to fool myself into anything. Linux /is/ more secure, by design, than any given Windows machine. The operative word there being "more," since the only completely secure computer is the one unplugged from the world.

"The point is if Linux was hated by people the way windows is, more people would hack it."

People don't hack because they hate. They may attack specific targets because they hate, but that's not why they /hack/. They hack because they can, and for the thrill of doing something they're not really supposed to, and for the challenge, and for the geek cred, and so on. Beware of painting all hackers/crackers with the same broad brush strokes.

If there's a security vulnerability, regardless of OS, there's an exploit for it somewhere. That's a given.

Here's the difference between exploiting Windows and Linux, near as I can tell. To exploit Linux, you find a security vulnerability and then find a way to carefully craft an exploit that takes that vulnerability and grants you access to something interesting, preferably root-level permissions, but you'll take what you can get.

To exploit Windows, you find a security vulnerability and let Windows' own eagerness to give every part of the OS complete control over every /other/ part do the work for you. The level of cross-system cross-DLL cross-application automation built into Windows and the core Microsoft internet apps is frightening. Unless you take fairly serious steps to protect yourself, just about any given Windows box is a big red target saying, "Exploit me! It's fun!" As soon as you get your code to run on a Windows box, you /are/ root.

It's not political. It's not emotional. It's architectural.