Posted 04 August 2009 - 03:34 AM
Rarely will any other quest evoke such heated debate as "which platform is best?" This is true in other geekery-related fields, not just PC operating systems.
In the universe that is modern personal computers their are three main camps: Windows fanboys, Apple fanboys, Linux fanboys, BSD fanboys, and my grandma who likes to knit cozy's for my mouse (and pie!). None of these groups can be relied upon to give an accurate account of the state of the Computer-Security World.
(Disclosure: I am grouped in with the Linux fanboys, but Grandma is a close second...)
The relative strengths and weaknesses of the various platforms depends largely on the job at hand and the user him- or herself.
For example, if you are an avid gamer, then chances are that you're going to be stuck with Windows for the time being as mast games produced for PC (Macs are PCs too, ya know) are written exclusively for the Windows platform. This isn't due to any intrinsic superiority with Windows or inferiority with Macs or "others". It's simple economics: Windows has the vast, vast majority of the potential customer base for any computer program; if you want to make any kind of money, you need to write to that audience.
However, I've heard tell that Macs excel at the areas of artistic expression like photo, movie, and sound editing. Not being a Mac user, or in any way artistically talented, I can only take the word of several Mac users whom I know and trust.
It is very much considered an axiom amongst geeks that Unix-based and Unix-like operating systems are inherently more secure than their Windows counterparts. This comes as a result of the divergent development goals and intended audiences of the original Windows and the orignal Unixes.
Gather 'round children and you shall hear
of the gruesome details of yesteryear...
Unix was the name given to the new computer operating system designed by some eggheads over at AT&T's Bell Labs in 1969. Unix was designed from the get-go to be a multi-user computer system. That is, more than one user could, and would be, using the same computer at the same time. In most, if not all, installations of Unix through the early 1990's the systems would be supporting hundreds of simultaneous users.
For obvious reasons, then, Unix has rigid and strict access controls baked right into its very DNA. Users had to be prevented from wreaking havoc on the files of other users and especially on areas of the system that were critical to Unix's continued health. Thus, two levels of users were created: regular, lowly and powerless users... and ROOT. Root was the master of the system. This account could do ANYTHING whatsoever to the system, even tell it to commit suicide. Root was the only one who could install programs and could impose as severe or lax restrictions upon the users/peons under his dominion as he (or she) liked. This lead, of course, to everyone hating the root user. Tough cookies.
Windows, on the other hand, was developed initially as a front end for MS-DOS. MS-DOS was an operating system written soley for microcomputers with one, and only one, user. Ever.
Obviously, with only one user the rigid security of a multi-user system would be useless and annoying. Therefore, MS-DOS, and Windows along with it, was written, designed, and implemented with the express purpose of allowing the user to do anything, without requiring special root access or anything.
This setup, of course, made using a PC much simpler and simplicity is something people like when it comes to computers. This became the single biggest driving force behind the development of all of Microsoft's programs, and it's been a huge success from the standpoint of popularity and overall sales.
Then the internet took off and ruined the whole PC ecosystem.
Now, the internet has its roots in the ARPAnet which is even older than Unix, but it wasn't until the early 1990's that common folk took notice of it and it exploded, along with the entire PC market.
Millions of people were now buying computers and signing up for AOL, accessing the depths of cyberspace previously reserved for computer science students and über-geeks in the government: people who knew what they were doing. This invasion of the great unwashed into the internet was a boon for everyone involved. Merchants set up shop "online", schools could post educational materials which anyone could access, people with weird hobbies could finally find others with their particular interests, and people with programming skill and a mean streak had an endless supply of credulous and inexperienced victims waiting to be plucked.
At around the same time there was an über-geek by the name of Linus Torvalds living and going to school in Helsinki, Finland. Mr. Torvalds was studying computers, which he liked very much. He happened to be studying operating system design and implementation under a Prof. Andrew Tanenbaum who, aside from having a cool first name, had written his own version of Unix as a teaching tool called Minix.
Now Linus was a student, of course, and being a student came with it the requirement that he be perpetually broke. Prof. Tanenbaum's Minix teaching tool/OS was not free. So, Linus decided to write his own version of Unix which would be free. Long story short, he did and other über-geek's around the world were much impressed and named it Linux after its creator.
Almost simultaneously, at another University (UC Berkley in sunny California) yet another version of Unix was being created, called BSD (Berkley Software Distribution.) Aside from having a much more boring name, BSD was a thing of beauty. It was also, unfortunately, and thing of lawsuits, patents, and acrimony. Long story short, BSD stalled for several years before getting going again. By that time, Linux had taken hold.
But what of Apple during this tumultuous time? They were minding their own business and churning out computers with their own OS which was unrelated to anything else available: Mac OS. Oh, and they fired Steve Jobs along the way. He dusted himself off and founded a new computer company called NeXT. NeXT's computers ran a modified version of BSD and were, I hear, very nice. Infact, the very first World Wide Web server was a NeXT machine!
Eventually Apple rehired Steve and he turned around and bought out NeXT. All future versions of Mac OS would be based on NeXT's OS, which was based on BSD, which is a version of Unix, just like Linux is.
So here we are in the present day and those four camps I mentioned turned out to be only two: Windows and Unix-related. And my grandma, she's in there too, but not counted since she's baking right now.
The two camps use systems with extremely different system paradigms at their base: Windows attempts to make the computer as easy to use as possible for the user even at the expense of security (and sanity, sometimes.) This is popular because studies show that 90% of everyone in the entire world is pretty dumb to begin with and the other 10% lied on the test. This idea of sacrificing security for functionality is good from the standpoint of users, but bad from the standpoint of good computing practice.
Unix-like systems attempt to secure the system first, and make the system friendly second. Mac OSX tries, and in some ways succeeds, in accomplishing this feat. They do this by taking a secure system, Unix, and hiding all the knobs and switches behind pretty user interfaces that actively try to prevent the user from prying into the depths of the system and tinkering with it.
Linux, with its roots in Unix, maintains the concept that "the user cannot be trusted." Thus, no program can be executed unless it is explicitly and unequivically granted permission to. If someone send you a virus in an e-mail and you open it in Windows, then the virus' executable runs immediately and without warning. In Linux, you'll just get a message saying something like, "Yeah, right buddy."
Then there is the notion of "security through obscurity." That is to say that if you run a platform with only 1% of the market that malware writers won't target you because it's not worth it. This may be true for malware written with the intent of making money, which is becoming more and more common, but not so with malware written merely to be malicious. Indeed, if a malware writer were to wrtie a successful Linux virus then they would instantly become a legend among their own kind. These "hobbiest" malware writers write maleware for the purpose of gaining notoriety. And there would be no greater claim to fame for one of them than successfully infecting Linux.
Linux and BSD, however, have always been the realm of the über-geek, not the user/peon types. how can the peons benfit from the security benfits of Linux if they can't even install it?
Enter Ubuntu, which you mentioned. Ubuntu is an attempt, one I consider to be successful for the most part, at taking the Mac OSX concept of concealing the knobs and switches behind prettiness while not sealing the prettiness and granting full access to the innards to any and all who want to look and tinker. Ubuntu calls itself "Linux for Human Beings," a description which grows more and more accurate with every release (excluding 8.04 which sucked.)
It is possible to run Ubuntu and never have to worry about command line parameters at all, unless you want to, while still reaping the benefits of a secure system. Of course, running a secure system doesn't give you license to not think about what you're doing, it just adds another net to catch you should you fall.
I'm tired now, and I'm going to bed.