Originally Posted by W4LNUT5
Not entirely true, Linux systems handle permissions far better than windows. Windows has recently been trying to get better by creating UAC, but it's still not the same. Even if Ubuntu were more popular than Windows, it would still have better security just based on this alone. Plus, no registry..
I'm a long time Linux user and a big fan of Linux and Unix systems. But I think you are mistaken if you think Unix/POSIX file system permissions is more advanced than what Windows NTFS can do. NTFS is by FAR a more advanced permissions control system than POSIX file permissions. Even when you add POSIX ACL capability, NTFS provides more flexibility in terms of permission controls. That's the technical side of it at least....
In reality, and in practice, the problem is that POSIX file permissions are easy, even though they are less flexible and they have a longer history of separating root/administrator from users. NTFS has the disadvantage that it is complex and harder to configure securely because it has so many options. Add on top of that, the history and legacy that it had to follow Windows 98 and the permission control system of FAT/FAT32 (or lack of). This resulted in Windows NT/2K/etc having insecure default settings/permissions... even though the technology was more advanced. It's like having the state-of-the-art security lock on your door, but leaving the door unlocked and wide open all the time.
It was mostly due to the capabilities of NTFS (and the audit features in WinNT) that allowed Windows NT in the mid 90's to achieve a C2 security rating based on the US DoD security standards. Linux with ext2 and basic POSIX permissions wasn't even close back then....
As far as UAC stuff, the Linux/Unix equivalent would be sudo or su... and neither of those are really great solutions from a security standpoint. It is why those programs have to be setuid root, which is what really allows it to escalate permissions. If you ever take a course on hacking Unix systems for local privilege escalation, you'll know that the 1st targets are all the setuid root binaries.
In any debate about security of operating systems, you have to put it into context.... history aside, most of the modern operating systems have the capability to be very secure. The problem is usually because of people/politics/etc.... who either choose (for convenience or unwillingness to change) to be insecure or are ignorant on how to configure their OS and applications to be secure.Edited by BLinux - 4/30/11 at 12:48am