Rich wrote:

In infinite wisdom Martin answered:

Reason wrote:

If Linux had viruses, we would ever know, because Linux-heads would refuse to acknowledge their existence.

[...]

A big point about Linux and open-source is that problems and exploits are widely published and quickly fixed VERY QUICKLY.

Perhaps, but this does not mean that most users know about, or update
their systems. Even unix sys admins don't do a reliable job, as the
last worm demonstrated.

    Which one might that have been which was passed by linux systems and did not take advantage of an MS feature?

There's many eyes to scrutinize for problems and there's no big marketing department to get in the way of _real_ progress.

And no central planning or control, which makes what gets done
somewhat hit or miss.

    Experience is contrary to that assertion.

You also have a security model that has survived 30+ years of very thorough testing!

I believe that by default, most linux's come with the ftpd running,
etc...,

    Not true for the last five years if it ever was. There may be versions where that is a fact but only as a time saver for installations by experienced people who know it. And if any come like that today it will be running an ssh2 based server not the old ftdp.

    I have installed Redhat 7.1 by simply invoking the default server installation (vice workstation or raid) and it came up with only httpd and sshd. Httpd is purely the apache server without attached accounts. sshd is what is required to get in remotely and turning on any other services.

    When I first installed Slackware X.x five or six years ago there were no such generic choices but everything had to be turned on adding it to the boot file -- whatever that was called.

and as a result they are mostly open to attack, especially for
uninformed users. Unix was designed more for an open environment than
security, although of course it's still much better than Windows.

    Unix was designed for security last time I heard and linux followed the model. The head of the janitorial staff using it to produce work schedules was not permitted to browse around the R&D files. Are you in fact familiar with linux? External phoneline modem connections were around since I don't know when. And I have no idea what the RCA time share computer used for an OS but that was  working in 1967. Of course it was not practical to hack with a teletype input but it was essential to bill accounts correctly.

But I've seen many security problems on unix systems over the years
usually of the buffer overflow variety that allows a root shell to
be obtained. Unix is no more secure than it's system admin. Now for
home systems this is rarely a big problem. But how many companies have
had credit card numbers stolen by a hacker, from unix based systems?
How many govt agencies have had sensitive information stolen, from
unix systems, by hackers? Check out "The Cuckoo's Egg".

    Good sir, the human has always been more vulnerable than the OS. That is why the I Love You virus worked. If your issue is solely that the sysadmin can be a source of problems, just how does that distinguish linus from MS?

http://www.amazon.com/exec/obidos/tg/detail/-/0743411463/102-9899101-0828923?v=glance

I'd strongly suggest that you don't just assume that linux is safe.

    I am not aware of anyone who does and it is an issue up front in linux and something way done in the fine print of MS products.

Hackers could discover a bug tomorrow and everything could change.

    And in a few days of discovery a patch will be available. And totally unlike MS's insane mixing of OS and applications codes the fix will not unfix previous fixes. Insane is harsh. The proper term is either stupid or incompetent.

I'd still bet that Linux is better than windows, but I also bet that
few Linux owners keep their systems up to date or apply security patches.

    Most home users of linux have no need to as servers so routes to exploitation are not opened.