Well, even if I keep my open-source zealot hat off.. there is no comparison between Linux security and Windows security. Linux security is heavily evolved, with multiple layers of security and some of the most ingenious ideas and concepts. Windows security is an afterthought they slap on after they manage to get the behemoth on its feet.. it is also considered obstructive to their target user group -- joe ignorant, and therefore security features play second fiddle to the 'it just works' usability features.
Windows
1. Insecure by default
2. Major number of unfixed vulnerabilities
3. Heavy potential for virus / worm infection
4. Difficult to recover
5. Larger number of vulnerabilties (approx 2 for every 1 linux).
6. Unevolved logging facilities
7. No kernel level network filtering
8. No jailing capabilities for network daemons (to compartmentalize damage in case of compromise)
9. Does not ship with secure remote access console solution (telnet service is provided)
10. Source code is never seen
Linux
1. Secure by default (depending on distro to distro.. some will really lock things down even in a default install
2. Vulnerabilities fixed very quickly
3. Virtuall non existent virus / malicious code problems
4. Easy to recover
5. Less vulnerabilities.
6. Tremendously evolved logging
7. Kernel level network filtering
8. Programs can be jailed
9. One word -- SSH
10. Source code is being auditted by 100,000 people as we speak.
Tell me what role of machine you are talking about and I can give you targetted points..
for example workstation, server, gateway machine etc.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
