More like your automobile parked on the street with the doors and trunk open, alarm disengaged and a big 'Steal Me' sign hanging on the hood.
Linux ain't perfect by a long shot, but it has a better security model...
it isn't rocket science to do so & it doesn't take a genius either
I don't think blowfish goes far enough with the analogy.NoClones wrote:blowfish replied
Microsoft OS's having 'vulnerabilities' is sort of like your automobile being 'vulnerable' to a gang of thugs with baseball bats that target only a certain make of vehicle...
More like your automobile parked on the street with the doors and trunk open, alarm disengaged and a big 'Steal Me' sign hanging on the hood. Linux ain't perfect by a long shot, but it has a better security model...
More like your automobile was made with no door locks, no ignition lock, a hood latch and trunk latch with no locks, and the "Steal me" signs painted on the hood and trunk lid.
The big issue with Windows security (and security in Microsoft products in general) is that Microsoft started off in a single user, single computer environment where security wasn't a big issue. You didn't have to protect the OS or data from theft or vandalism from other users because the only access point was the keyboard and the floppy drive, both of which were under the physical control of the one person who used the computer.
And letting one program talk to another within that single user environment allowed for some really cool features (DDE, OLE, etc.) that were great for personal productivity. Things like embeding spreadsheets or graphs in word processing documents were really neat and useful.
Network connections and the Internet makes that lack of security completely inadequate. But Microsoft's design and engineering culture are still stuck in the single user model.
Unix, BSD and Linux, on the other hand is are developments of a multi-user design. The designers and engineers who made these systems understood security needs and the need to protect system resources from being hijacked by power hungry users and to protect one user's data from access/modification by other unauthorized users. The whole mindset is different.
Are there security holes in Linux and BSD? Probably. But security was a big focus in the entire development of these OS's (and in their predecessors for the last 20+ years). For Microsoft, on the other hand, the predecessors that led to windows had very little need for security, and the designers and developers don't have a history of being focused on security. Microsoft certainly doesn't have a 20+ year history of dealing with security in multi-user, networked systems. They are focused more on interoperability within their own family of products and features that allow their programs to work together. And they publish enough about these interoperability features to allow many third parties to support these features and add niche functionality to their own suite of general purpose software. But they fail to provide adequate security mechanisms to prevent malicious third parties from working together with these features, too.
For Microsoft, security has historically been an afterthought and mostly been developed in reaction to problems. This is completely different from the Unix/Linux/BSD philosophy.