Response to “6 Reasons Why Linux Servers are More Secure”

This is a response to the author’s post of “6 Reasons Why Linux Servers are More Secure” (http://smashingtips.com/6-reasons-why-linux-servers-are-more-secure).
My responses are in purple and direct-quotes from the author are in red. Please note that I mean no disrespect with my replies.

-SEVERAL LEVELS OF SECURITY WITH LINUX SERVERS-

Linux based servers are not much different in terms of capabilities with what the server can provide in terms of processing the websites and other information stored on the server. The big difference between Linux servers and other options is the fact that there are many more layers of security that are possible with Linux based server software. There are other security layers possible with third party software mechanisms available as well.

What does “many more layers of security” mean? With all due respect, there is no information here that would convince me that Linux software is secure, much less really secured.

Bottom line: There is no real information in this section to make an argument for Linux software being secure.

-YOU CAN LIMIT ACCESS TO THE ROOT OF THE SERVER-

You can limit Root access as well as disable Root SSH Logins that make it possible for hackers to gain access to your valuable files and other resources on the server. You can even make it so only a few users have access to administrative tools by setting special user attributes while others are still restricted in the event that a hacker got a hold of another user account which could attempt to use the switch command to the Root of the server.

I am not sure how this qualifies as a point of Linux being more secure than other options that are out there. In Windows, you can limit access to the Administrator account (the Administrator account on Windows is like the root account on Linux).

Linux, Windows, Mac OS X (a UNIX, not Linux, OS), and FreeBSD (a UNIX, not Linux, OS) are all the same in this regard. Windows Administrators can limit their own access via ACLs (Access Control Lists) that are present in the NTFS file system. Linux has ACLs too, but I do not think they are widely used nor do I think many Linux programs are compatible with ACLs.

Bottom line: This is a weak argument for Linux being secure.

– SOFTWARE OPTIONS FOR LINUX SERVERS ARE LESS VULNERABLE-

Most of the software that is developed for Linux servers is designed to have the highest levels of security to prevent hackers and virus attacks. The vulnerability of the software is entirely up to how long a hacker is willing to attempt to hack each individual software component of the servers that you are using. This limits the access to the important sections of your Linux servers and provides even more security.

Where is the proof to back up the statement “Most of the software that is developed for Linux servers is designed to have the highest levels of security to prevent hackers and virus attacks.”? I highly doubt that most software for Linux is written with high security in mind. Sure, I can see some server software for Linux designed with heavy security in mind, but not most of the Linux software. You really cannot make statements like this without some proof (like a link to a reliable source on the Internet) to back it up.

Bottom line: Nothing here to really make a good argument for Linux security.

-UPDATES TO LINUX SERVER SOFTWARE ARE MORE FREQUENT-

The constant necessity of security with Linux servers prompts for more frequent software updates. These updates remove vulnerabilities as well as increases security all around. When used in conjunction on servers, the security of the server is increased exponentially. It simply becomes more secure every month providing that the owner of the server performs the updates to the software options when they become available for use.

Software updates are not always for fixing security problems. Even when updates fix security problems in both the OS and the software running on the OS, that does not mean that the update did not cause other security problems that have gone unnoticed. In addition, you could count many updates as not a good sign, since it might indicate a design flaw in the OS or the software you are updating.

Bottom line: Many OS/software updates DOES NOT equal better/more security.

-NO EXECUTABLE AND REGISTRY-

Like windows linux doesn’t support .exe files. Most of the viruses in windows are being spread with .exe files what happens you just double click on .exe file and virus,trojan or malware easily integrate itself with windows. And similarly Registry is another place where viruses put their information. Even if you delete the file, It rewrites its information from registry and it is also too difficult to find where virus hides its information in registry.Linux uses configuration files rather than registry so another big hole for viruses is closed and as i mentioned in point 1 that linux doesn’t allow any normal user to edit system files.

Viruses are made in different file extensions, not just exe files! Saying that Linux does not get viruses because it “doesn’t support exe files” is silly.

A virus is just a program that runs without the user knowing it is there (at least that is the idea ;-]  ) and runs a pre-programmed set of tasks that the virus author(s) want it to do. Some viruses, I am sure, have some sort of A.I. in them to adapt to situations, but these are very rare to come across.

Also, it’s not really true that Linux does not support exe files, since if you install “wine” (a program that tries to run Windows programs on Linux) then Linux would then support exe files!

Linux can get viruses too, but without running a real-time anti-virus program on your Linux box, how can you have the potential to know that you do not have a virus on your Linux desktop/server? People who say that “no viruses” is a reason to switch to Linux do not know what they are talking about.

Also, you cannot blame the Windows registry for the virus’ use of it. Using configuration files, instead of a registry, does not really make you any more secure. Who says that viruses could not make use of current OS config files, or even make their own config files on your computer.

Bottom line: You cannot take a file extension used in an OS (in this case, .EXE files in Windows) and make it sound like it is an evil file extension that causes the spread of viruses on that particular OS (Windows in this case). Someone could put a virus in a .SH file for Linux and you could be infected if you ran it, or any other file in Linux, since most if not all files in Linux can be used as an executable. However, the file would have to be chmodded to allow the file to be executed. Lastly, the Windows registry cannot be blamed for the viruses using it.

-FTP ACCESS IS RESTRICTED AND EASY BACKUPS ARE POSSIBLE-

You can restrict access to the FTP for the Linux server to allow for different levels of access to all of the allowed accounts. This access can also be limited to only viewing and downloading content from the server. You can also make quick backups of all important data with a Linux server which can be restored in the event that the server is changed during an attack. Backing up couldn’t be easier on Linux, cron jobs make backups pretty painless and the options are really unlimited for choosing the best way to back up your server.

Um…FTP servers work on Windows and UNIX too (with user restrictions as well). I really do not understand what your point is about FTP.

‘Easy backups’ and ‘cron jobs’ have nothing to do with what your article is talking about. I really do not understand your point on this one either.

Bottom line: Nothing here to suggest that Linux is more secure choice than other OSes.

-CONCLUSION-

Being able to choose between different distros on Linux creates limitless possibilities. Debian, Ubuntu, Red Hat, and all of the others provide different features for server admins to choose from. The ability to run the distribution that best serves your application, company, or web site really allows Linux to be the best all around option for a server admin. Windows is limited to Windows Server, which provides great functionality, but the depth that Linux can provide cannot be easily matched. Let alone the performance.
Having these options available as a server admin may be confusing as a new comer, but as you start learning about the features and unique qualities of each distribution, you will be able to find a favorite that suites you and really get the most out of your server by utilizing every aspect of the hardware and software working efficiently together. The most fun part is sometimes just downloading 10-20 different .iso’s of the new linux distributions and installing them on different partitions or running them on LiveCD or USB stick and playing with the new features and environments each of them are working on.
Go out there and learn about the advantages and disadvantages of each Linux distro and find the one that best suites you and learn it inside and out. Doing so will give you the best experience and most secure server you could ask for.

“The ability to run the distribution that best serves your application, company, or web site really allows Linux to be the best all around option for a server admin.” Many options can be a good thing or it can be a bad thing. If I were a web hosting company, and everyone on an online forum told me to use CentOS, no wait…Ubuntu…no wait…Gentoo…no wait…FreeBSD (UNIX OS)…no wait…Debian…no wait…Linux Mint…no wait…OpenSUSE…no wait…Arch…no wait…Fedora…no wait…I would just have to try them out for myself.

With Windows, many programs will work fine from one version to another. The Windows OS itself, on the surface, will pretty much run the same from one version to another (I know there are changes under the hood though and Windows 8 and Windows Server 2012 had big interface changes).

“Windows is limited to Windows Server, which provides great functionality, but the depth that Linux can provide cannot be easily matched. Let alone the performance.”

Ok. Let’s talk about this sentence one part at a time.

“Windows is limited to Windows Server…”What exactly are you meaning? Of course, Windows Server is Windows Server. Linux is Linux. UNIX is UNIX.

“…which provides great functionality…”True!

“…but the depth that Linux can provide cannot be easily matched. Let alone the performance. Let alone the performance.” I agree that Linux is much more flexible than Windows, but performance wise it all depends on your hardware, software, Linux kernel (the Windows kernel you cannot change or modify, but it obviously works fine for many people the way it is).

“Having these options available as a server admin may be confusing as a new comer, but as you start learning about the features and unique qualities of each distribution, you will be able to find a favorite that suites you and really get the most out of your server by utilizing every aspect of the hardware and software working efficiently together. ” Most people are not going to have time or even want to do this. The idea is to make things easier for people, not give them 10s or 100s of operating systems to go through.

“Go out there and learn about the advantages and disadvantages of each Linux distro and find the one that best suites you and learn it inside and out. Doing so will give you the best experience and most secure server you could ask for.” I would agree that researching the right Linux distribution (at least during the time you have available to burn) would help you to choose a good distribution, but I disagree that research would give you the most secure server you ever could get. You can secure Linux, Windows, and UNIX, but nothing will be totally secure.


Posted in Internet and Servers, Operating Systems