blog.josephhall.com

I'm going to let you in on a little secret: why Windows is not secure. I might dumb down a couple of things, but if you're not technically inclined (by which I mean a Linux user) than you might want to just skip to the last paragraph or two.

A friend of mine does tech support for a company that produces routers and the like. He doesn't work for the company directly, he works for a call center that has been contracted. His company, as with many these days, is a Windows shop. And his company, as with many companies, has decided to block websites that are not productive. The method they decided to use is called a black list, meaning that they have specified which sites are to be blocked. Any that aren't specified are, by default allowed.

My friend tells me that he can't get to, for instance, www.deviantart.com, but he can get to any other subdomain on deviantart.com. If this company had really wanted to block all non-productive traffic, they would have set up what's called a white list. In a white list, you specify which sites are allowed, and anything else is blocked by default. However, the issue of white lists versus black lists is not why Windows is less secure.

I asked my friend if they had blocked these sites at the DNS level or the firewall level. We both assumed that they were firewalled, since that would seem to be the nature of a company that produces routers and the like. Just for the heck of it, I had him check out his hosts file (in Windows XP, C:\WINNT\system32\drivers\etc\hosts) and see if he could add an entry in there for www.deviantart.com. He noted that there were several sites in there already (gmail.com, hotmail.com, yahoo.com, etc) that were pointing to 127.0.0.1. He made sure the entry for www.deviantart.com was correct, and tried it again. Success!

I can't see any Linux admins in their right minds doing this, unless they had no other choice. It's far easier to block sites using a firewall or even a centralized DNS server than to try and manage local, user-editable configuration files on who knows how many hundreds of workstations. After talking to my friend, I had to get back to work and lecture to my class. As it turns out, the next lecture in line included a discussion of the Squid proxy server, and we even discussed methods of using NetFilter (the default Linux firewall) to force traffic through Squid and have it handle sites that needed to be blocked. We'd already talked earlier in the day about using NetFilter by itself to block sites. But no, the hosts file in Windows is not what makes it less secure. Linux has a hosts file too.

I had a student once tell me that he had a college professor that taught both Linux and Windows in the same class. He was sure to teach Linux first because once you can handle Linux, Windows is a snap. Is that because Windows is significantly easier to use than Linux? Hardly. Distributions such as Ubuntu make Linux just as easy for the average user as Windows. But the type of user that tends to spend time on a Linux box has so much more freedom that by the time they get comfortable with their operating system, they have more knowledge in general than the average Windows user in the same situation. So is that why Windows is less secure? Not quite.

The user that knows more about his computer is in a better situation to understand how to properly use their computer. People that use computers a lot tend to pick up habits, and those habits often come from their mentors. And from what I've seen (which admittedly amounts to only a few dozen Linux power users from my programming days, a few hundred students from my teaching days and a few thousand Windows users from my tech support days), Linux mentors seem to have a better set of "best practices" than Windows mentors. I suspect this is largely because Linux users tend to learn their habits from other experienced Linux users on the front lines, and Windows users tend to learn their habits from pretty "Getting Started" guides and poorly-conceived "Learn Computers!" DVDs purchased from fly-by-night mini-infomercials on local TV stations.

The way I see it, the main reason why Windows is less secure than Linux is education. Poor software is a secondary reason. So many Windows admins seem to have so many bad practices, that it's nearly impossible for them to do their jobs correctly. If any of my coworkers (and a large number of my students) were in charge of the network at my friend's company, they would likely be using a white list, they would be filtering at least at the firewall level, and probably at other levels as well. My friend might still have been able to circumvent their security, but it would have been much harder, even on a Windows-based network. Why? Because the security would have been set up by people with a Linux mindset.

Not all Windows admins are idiots, and not all Linux admins are geniuses. But it does seem to be a tendency.