Wednesday, March 10

Why Linux is more secure than Windows

In Linux, by default, a common user can read almost all files, but she can only write to:
  • /tmp
  • /home/accountname
these 2 folders. Even if she accidentally execute a virus, the virus inherits her privilege and can not write to executables in other folders. That means that virus can not affect the system at all. When the user needs to modify other folders, for example, install a new software, she can use "su" to become super user temporarily, because she knows what she is doing.

In Windows, that is a different story.
In prior-Vista systems (Win 98, Win 2000, Windows XP...), a common user, by default is a local admin, can access to all files in the harddrive, so a virus can have admin privilege to do all it needs to do. In Windows XP, a user can be deliberately set as "Standard User" or "Restricted User", but user will experience difficulty when using the computer: Some applications failed silently because they could not get enough privilege to do their jobs, and the user is frustrated with application errors.
Vista has better security sense because a default user is like a "Standard User" in the Windows XP. When the user (or application) is trying to access system files, a window will pop-up for your permission to go ahead. That is called User Account Control (UAC). Windows learns that from "sudo" (or su, gsudo), but still it is a failure. In practice every Vista user disabled this functionality right after installing Vista. Yes, every single Vista user that I know of. If the user doesn't disable UAC because he is impotent to do so, he just blindly click "OK" to let the application have permission without looking at the prompt. Because the pop-up window is so annoying and user doesn't see any good from it.

The problem is not that the users are uneducated. The problem is that so many applications needs to access system files and triggers the pop-up window. Those applications assume to inherit administrator privilege from user.

Yes, those applications were not designed with security in mind. That was how Windows recommended. Even though Windows has change its recommendation, the software industry hasn't changed, because the old softwares are still being used or updated.

As I said, in Linux, a user can only write to /tmp and home folder. All application is designed to save personalized data in home folder. For example, Firefox writes the addons and configuration in .Mozilla folder under the user's home folder. It doesn't need to write to /bin folder, where all the applications stored.

But in Windows, applications are encouraged to write information to registry, where all the important information are stored. Also, a simple "WriteProfileString" function can write to Win.ini of %Windows% folder. The %Windows% folder is open for all applications. That is an invitation for bad-ware. The "WritePrivateProfileString" function, if a bare file name is given, write to the same folder with the application (usually under %Program Files% folder). So this folder is open to write access as well.

The Windows has another security features: Windows File Protection. Actually it is working pretty well in its scope: It keeps a copy of "important" windows files in %systemroot%\system32\dllcache\ folder. If these files are modified by bad-ware, WFP will restore the files quietly. This is very good, but it can not protect all legitimate files. For example, word.exe of Office is not protected. Also, because a folder is not protected, a fake system file, such as "C:\WINDOWS\system\svchost.exe" or "C:\WINDOWS\system32\svchost32.exe" or "C:\WINDOWS\system\svchost.dll" are often generated by bad-ware to trick users, pretending to be "C:\WINDOWS\system32\svchost.exe".

So far there is no real popular virus in Linux, because of the security feature mentioned above. A virus can not get elevated as admin to access applications to populate itself. Windows has a long way to go, and the Windows software industry needs to work together to get it straight.

Labels: , ,