Many people know that Linux is more secure than Microsoft Windows. But why? Is this argument true? But few people can answer this question.
To clarify this issue, we must first define "security. In fact, most people make the same mistake, that is, they think that a product is safer. For example, Linux systems are more secure than Microsoft Windows systems, or openSource codeFirefox Web browser is more secure than Microsoft Internet Explorer. No, no, no, you are all wrong. Security is not for a product. It is a set of user-centered systems. Security refers to an active state between users and software through appropriate interaction methods. Vulnerability patch management is only an important aspect of this system. Other more important aspects include: appropriate tools for Patch Management, robust default settings, and a secure multi-level operating system, and always regard users as the first security and the design concept of the last line of defense. With this idea, I can explain to you why an experienced user is more secure in Linux than in Windows:
1. Better Patch Management Tools: automatic updates in Microsoft WindowsProgramOnly components officially provided by Microsoft are upgraded. Third-party applications are not patched. Therefore, third-party applications may bring a lot of security risks to your system. Are you using the Real Player? You need to upgrade it separately. When using flash? You still need to upgrade it separately. In this way, you need to update and upgrade each software on a regular basis for all applications on your computer. This method is cumbersome and disturbing, and most users will soon forget this work outside the cloud. In Linux, When you update the system automatically, it will upgrade all the software in the system at the same time. In the Ubuntu system, any software product you download will appear in the program repository of the system. To upgrade it, you just need to click it. In other Linux releases, if the downloaded software does not appear in the program repository of the system, it is very easy to add it. This design greatly improves the enthusiasm of users to update the system in real time.
2. More robust default settings: Linux is designed as a multi-user operating system by nature. Therefore, even if a user wants to perform malicious damage, the underlying system files will still be protected. If, unfortunately, there is any remote malwareCodeIf it is executed in the system, the harm it brings will also be confined to a small part. In stark contrast, Microsoft's Windows XP system. Here, the user logs on as the system administrator by default, and any damages in the system will spread to the whole system quickly. Microsoft's latest Windows Vista system allows users to log on as restricted users by default, so it is safer than its predecessor.
3. Modular Design: Linux systems adopt modular design. This means that you can delete any system component if you do not need it. One benefit of this is that if a user feels that a part of the Linux system is not safe, he can remove this component. This is incredible for Windows systems. For example, if I feel that Firefox is the weakest link in my Linux system, I can delete it and use other Web browsers, such as opera. In Windows, I cannot replace Microsoft's Internet Explorer.
4. A better "zero-day attacks" defense tool does not mean that even if you can ensure that your system is updated in real time! Zero-day attack (zero-day attacks) refers to the attack method that uses the vulnerability to initiate a network attack before the software manufacturer releases an update patch for the vulnerability) is becoming increasingly rampant. In addition, a survey study also showed that for attackers, they only need six days to develop malicious attack code against the vulnerability, software manufacturers have to spend a long time releasing the corresponding update patches. Therefore, a set of smart security policies are crucial in defending against zero-day attacks. Microsoft's Windows XP system does not provide such a defense mechanism. In the new vista system, although the protection mode has a certain effect, it can only provide a limited protection for attacks against Internet Explorer Web browsers. Correspondingly, no matter what type of remote control code attacks, apparmor or SELinux can provide meticulous and comprehensive protection for the system. More and more mainstream Linux versions are available. apparmor (for example, Suse, UBUNTU gutsy) or SELinux (fedora, Debian Etch, and yellow dog) are integrated by default in the system ). Even for other releases, users can easily download and install these two sets of software from the network.
5. open source code architecture: in Linux, when talking about system security, we use the phrase "What you see is what you get" to describe it, it is no longer appropriate. Open source code means that any possible software vulnerabilities will be seen by countless eyes and repaired as quickly as possible. More importantly, this also means that there are no hidden repair measures here. As a user, you can find out the security problems in your system and take corresponding preventive measures to cope with potential security threats, even if the vulnerability has not been fixed yet. In the Windows world, many security problems are hidden. Software Vulnerabilities discovered by Microsoft are not known to the outside world, and all they want is to fix them silently in the next update package. Although this can reduce the number of software vulnerabilities exposed and prevent some vulnerabilities from being exploited on a large scale, it also blinded users. As a result, the user is likely not to actively upgrade the system because he does not know what vulnerabilities exist in his system and the hazards of these vulnerabilities, the results will become victims of malicious attacks.
6. diversified system environments: Windows system environments are the same. This huge Consistency makes attackers easy to write malicious code, viruses, or other things like this. In turn, let's look at the Linux system world. Here, the application can be. Deb,. rpm, or source code, and other such applications. This difference makes it difficult for attackers to have the same wide impact on Linux systems as Windows systems.
Last, but most importantly, you must keep in mind that the security of the system is ultimately in the hands of users. An experienced user can safely use the Windows 98 operating system, while an ignorant user can make OpenBSD-based systems all go through. Therefore, talent is the core of system security, and talent is the foundation of everything. Keep this in mind!