Is Linux More Secure Than Windows

Why Linux is meliorate than Windows or macOS for security

Decisions made years agone about which operating system to curlicue out can affect corporate security today. Of the big iii in widespread use, one tin credibly exist called the most secure.

Linux, macos and Windows security locks up data — Thinkstock

Enterprises invest a lot of fourth dimension, attempt and money in keeping their systems secure. The most security-conscious might have a security operations eye. They of class use firewalls and antivirus tools. They probably spend a lot of fourth dimension monitoring their networks, looking for telltale anomalies that could betoken a breach. What with IDS, SIEM and NGFWs, they deploy a veritable alphabet of defenses.

But how many take given much thought to 1 of the cornerstones of their digital operations: the operating systems deployed on the workforce'south PCs? Was security even a factor when the desktop Bone was selected?

This raises a question that every It person should exist able to answer: Which operating arrangement is the near secure for general deployment?

We asked some experts what they think of the security of these three choices: Windows, the e'er-more than-complex platform that'south easily the most popular desktop system; macOS X, the FreeBSD Unix-based operating organisation that powers Apple tree Macintosh systems; and Linux, by which nosotros hateful all the various Linux distributions and related Unix-based systems.

How we got here

One reason enterprises might not have evaluated the security of the OS they deployed to the workforce is that they made the choice years agone. Go back far plenty and all operating systems were reasonably safety, considering the business of hacking into them and stealing data or installing malware was in its infancy. And in one case an Bone choice is fabricated, it'due south difficult to consider a change. Few IT organizations would want the headache of moving a globally dispersed workforce to an entirely new Bone. Heck, they go plenty pushback when they movement users to a new version of their Os of option.

Nonetheless, would it be wise to reconsider? Are the three leading desktop OSes unlike plenty in their approach to security to make a change worthwhile?

Certainly the threats confronting enterprise systems have inverse in the last few years. Attacks have become far more sophisticated. The lonely teen hacker that once dominated the public imagination has been supplanted by well-organized networks of criminals and shadowy, government-funded organizations with vast computing resource.

Like many of you, I have firsthand experience of the threats that are out there: I have been infected by malware and viruses on numerous Windows computers, and I even had macro viruses that infected files on my Mac. More than recently, a widespread automated hack circumvented the security on my website and infected it with malware. The effects of such malware were always initially subtle, something y'all wouldn't even notice, until the malware concluded upward then deeply embedded in the arrangement that performance started to endure noticeably. One striking thing about the infestations was that I was never specifically targeted by the miscreants; nowadays, it's equally easy to assault 100,000 computers with a botnet as information technology is to attack a dozen.

Does the OS really matter?

The Os you lot deploy to your users does make a difference for your security stance, but it isn't a sure safeguard. For ane thing, a alienation these days is more likely to come most considering an attacker probed your users, not your systems. A survey of hackers who attended a recent DEFCON conference revealed that "84 percent utilise social engineering equally part of their attack strategy." Deploying a secure operating system is an important starting bespeak, simply without user education, strong firewalls and constant vigilance, even the most secure networks tin can be invaded. And of grade there's always the adventure of user-downloaded software, extensions, utilities, plug-ins and other software that appears benign but becomes a path for malware to appear on the arrangement.

And no matter which platform you choose, ane of the all-time ways to continue your system secure is to ensure that you utilize software updates promptly. Once a patch is in the wild, afterwards all, the hackers tin can opposite engineer it and detect a new exploit they can use in their next wave of attacks.

And don't forget the basics. Don't use root, and don't grant guest access to even older servers on the network. Teach your users how to selection really good passwords and arm them with tools such as 1Password that arrive easier for them to have unlike passwords on every account and website they use.

Considering the bottom line is that every conclusion you brand regarding your systems volition affect your security, even the operating arrangement your users practise their work on.

Windows, the popular choice

If you're a security manager, information technology is extremely likely that the questions raised past this article could exist rephrased similar so: Would we be more secure if we moved away from Microsoft Windows? To say that Windows dominates the enterprise marketplace is to understate the case. NetMarketShare estimates that a staggering 88% of all computers on the cyberspace are running a version of Windows.

If your systems fall within that 88%, yous're probably aware that Microsoft has connected to beef up security in the Windows system. Among its improvements have been rewriting and re-rewriting its operating system codebase, adding its ain antivirus software system, improving firewalls and implementing a sandbox compages, where programs can't access the retentiveness infinite of the OS or other applications.

But the popularity of Windows is a problem in itself. The security of an operating system tin can depend to a large degree on the size of its installed base. For malware authors, Windows provides a massive playing field. Concentrating on information technology gives them the nigh bang for their efforts.
As Troy Wilkinson, CEO of Axiom Cyber Solutions, explains, "Windows ever comes in final in the security world for a number of reasons, mainly because of the adoption charge per unit of consumers. With a big number of Windows-based personal computers on the marketplace, hackers historically have targeted these systems the most."

It'south certainly truthful that, from Melissa to WannaCry and beyond, much of the malware the world has seen has been aimed at Windows systems.

macOS Ten and security through obscurity

If the nigh popular OS is ever going to be the biggest target, and so can using a less popular choice ensure security? That thought is a new take on the former — and entirely discredited — concept of "security through obscurity," which held that keeping the inner workings of software proprietary and therefore secret was the best manner to defend against attacks.

Wilkinson flatly states that macOS X "is more secure than Windows," but he hastens to add that "macOS used to be considered a fully secure operating system with picayune chance of security flaws, but in recent years we have seen hackers crafting additional exploits against macOS."

In other words, the attackers are branching out and not ignoring the Mac universe.

Security researcher Lee Muson of Comparitech says that "macOS is likely to be the option of the agglomeration" when information technology comes to choosing a more secure Os, only he cautions that information technology is not impenetrable, as in one case thought. Its advantage is that "it withal benefits from a touch of security through obscurity versus the still much larger target presented by Microsoft'south offering."

Joe Moore of Wolf Solutions gives Apple tree a fleck more credit, maxim that "off the shelf, macOS X has a great rails record when it comes to security, in office considering it isn't as widely targeted every bit Windows and in part because Apple does a pretty skillful job of staying on top of security issues."

And the winner is …

You probably knew this from the beginning: The clear consensus among experts is that Linux is the about secure operating arrangement. Merely while it'south the OS of choice for servers, enterprises deploying it on the desktop are few and far betwixt.

And if you did decide that Linux was the way to get, you would still accept to determine which distribution of the Linux system to choose, and things get a bit more complicated at that place. Users are going to want a UI that seems familiar, and you lot are going to want the almost secure Os.

Equally Moore explains, "Linux has the potential to exist the almost secure, but requires the user exist something of a power user." So, not for everyone.

Linux distros that target security every bit a primary feature include Parrot Linux, a Debian-based distro that Moore says provides numerous security-related tools correct out of the box.

Of grade, an important differentiator is that Linux is open source. The fact that coders tin can read and comment upon each other'southward work might seem like a security nightmare, but information technology actually turns out to exist an important reason why Linux is so secure, says Igor Bidenko, CISO of Simplex Solutions. "Linux is the almost secure OS, equally its source is open. Anyone can review it and make sure there are no bugs or back doors."

Wilkinson elaborates that "Linux and Unix-based operating systems have less exploitable security flaws known to the information security earth. Linux code is reviewed by the tech community, which lends itself to security: By having that much oversight, there are fewer vulnerabilities, bugs and threats."

That's a subtle and possibly counterintuitive explanation, but by having dozens — or sometimes hundreds — of people read through every line of code in the operating system, the code is really more than robust and the hazard of flaws slipping into the wild is diminished. That had a lot to exercise with why PC World came right out and said Linux is more than secure. Every bit Katherine Noyes explains, "Microsoft may tout its large team of paid developers, but it's unlikely that squad can compare with a global base of operations of Linux user-developers effectually the globe. Security tin merely do good through all those extra eyeballs."

Some other gene cited by PC World is Linux's better user privileges model: Windows users "are generally given administrator access by default, which means they pretty much accept admission to everything on the organisation," according to Noyes' article. Linux, in dissimilarity, greatly restricts "root."

Noyes also noted that the variety possible within Linux environments is a meliorate hedge confronting attacks than the typical Windows monoculture: In that location are simply a lot of different distributions of Linux available. And some of them are differentiated in means that specifically address security concerns. Security Researcher Lee Muson of Comparitech offers this suggestion for a Linux distro: "The Qubes OS is as practiced a starting point with Linux as you can find right now, with an endorsement from Edward Snowden massively overshadowing its own extremely humble claims." Other security experts point to specialized secure Linux distributions such as Tails Linux, designed to run deeply and anonymously direct from a USB flash bulldoze or similar external device.

Building security momentum

Inertia is a powerful strength. Although there is articulate consensus that Linux is the safest choice for the desktop, at that place has been no stampede to dump Windows and Mac machines in favor of it. Nevertheless, a small but significant increase in Linux adoption would probably result in safer calculating for anybody, because in market share loss is one certain manner to get Microsoft's and Apple'southward attending. In other words, if enough users switch to Linux on the desktop, Windows and Mac PCs are very probable to get more secure platforms.

Dave Taylor has been involved with the Linux and Unix world since the early days of BSD and System V and was a contributor to BSD 4.4. He also runs the tech site AskDaveTaylor.com.