Question regarding an article from Microsft Hellas's CEO

Alex Hudson home at
Thu Feb 5 17:34:04 UTC 2004

On Thu, 2004-02-05 at 17:07, Joao Ribeiro da Silva wrote:
> Try to map a network drive or even access to your CD-ROM it 
> will tell you that only the system administrator can do that 

That's rather system dependent. I believe in the HURD, for example, any
user is able to mount filesystems in their workspace. 

> On windows virtually any user can delete, create or modify 
> any files, becuase by default your user is the system 
> administrator.

That's not true of any modern Windows OS, and hasn't been for years. On
the other hand, Lindows OS does ship like that (I believe), so it's true
to say there are modern GNU/Linux OSes that do ship in that state.

There are reasons why Unix is "more secure" than Windows; virtually all
of them are basically down to applications. The current MyDoom worm
doesn't rely on any Windows insecurity; it could probably just as easily
have been implemented to attack Unix users. Perhaps our apps are
designed slightly differently, and we don't have the 8.3 backwards
compatibility, so the trick it uses wouldn't work against us, but it is
still in essence a social attack rather than a software attack.

To be honest, I'm not necessarily convinced that it's possible to say
one is more secure than the other. There don't appear to be any good
metrics to measure which is more secure. Certainly, Unix has the better
history. But Windows has a stronger architecture, and ought to be better
in theory. Microsoft are also introducing stuff like NX soon - marking
areas of memory as non-executable. Of course, that's been possible on
Linux for many years, but no-one has ever shipped Linux with that
configuration (to the best of my knowledge, Fedora Core 2 will be the

I think I would be more interested to see statistics on the applications
available: I would strongly suspect that IE and Outlook are by far the
most insecure software in common use today, and that would be the area
in which free software would have more advantage (better/more consistent
programming practices especially). Although IE is thought of as a system
component, I'm told it's still possible to separate it/run it standalone
on other Windows systems. Therefore, I would still class it as an
application, and I think it's the Windows applications which are weaker
than Unix counterparts.



More information about the Discussion mailing list