LINUX BLOG SAFARI

The Linux vs. Windows Security Mystery

Of all the many winning advantages Linux has in its favor, security is surely one of the more widely known examples.

Why else, indeed, would we see security experts in mainstream publications recommending it over Windows for online banking purposes?

That, indeed, is part of the reason it was so disappointing to see Linux get completely ignored in a recent NSA report entitled “Best Practices for Keeping Your Home Network Secure.”

The report is filled with various suggestions oriented toward Windows and Mac users — just as one would expect, given that they’re by far the majority today. What stands out, though, is that for Windows users, the NSA simply recommends upgrading to Windows 7 or Vista, making no mention at all of the far-more-secure Linux option that’s available.

More than a few ripples were created in the waters of the Linux blogosphere.

‘NSA Says No to Linux’

Some interpretations seemed truly bizarre.

“NSA Best Practices Recommend Windows Over Linux For Security” read one headline on ITProPortal, for example.

Similarly, “NSA says no to Linux in best practice advisory” read another on TechEye.

‎This, despite the fact that Linux wasn’t mentioned at all in the NSA report.

‘What a Twist of Words’

Bloggers, as per their wont, made note of that fact quickly.

“Wow what a twist of words,” wrote Ken in the comments on the ITProPortal story, for example. “The NSA article does not even mention Linux. What the NSA article says is this: ‘Both Windows 7 and Vista provide substantial security enhancements over earlier Windows workstation operating systems such as XP.’

“So the NSA is really saying that the newer Windows is better than the old Windows. Duh!!!!” Ken added.

‎It wasn’t long before PCWorld weighed in with an indignant, “Windows Vista for Better Security? I Don’t Think So,” and the conversation took off from there.

Down at the blogosphere’s Punchy Penguin saloon, Linux Girl was bombarded with comments.

‘Merely a Reflection of Reality’

“NSA recommending Vista for home security is merely a reflection of the reality of monopoly in the retail space,” blogger Robert Pogson offered. “In the USA probably as few as 2 to 3 percent of users use GNU/Linux, so a recommendation is almost useless.”

Those who are serious about security “are already aware of SELinux, a product of the NSA,” Pogson added. “The NSA is merely recommending that folks move on from XP, a poor OS poorly supported by M$. Folks who would heed that advice probably do not even know GNU/Linux exists.”

It is “possible that some of M$’s donations may also have suppressed mention of GNU/Linux,” Pogson concluded. “But who knows?”

‘The Security Swiss Cheese of XP’

Consultant and Slashdot blogger Gerhard Mack took a similar view.

“You can’t knock them too badly,” Mack agreed. “The best numbers I have seen show Linux at half the numbers of Apple — a small number to begin with.”

The NSA “has sponsored Linux security projects in the past, so they are definitely not anti-Linux,” he pointed out.

Vista, meanwhile, “brought along some features to allow more apps to run as non-administrator and some features (UAC) to annoy people who buy products from people who can’t be bothered with good security patches,” Mack added. “Win 7 is just a more stable/less annoying Vista, and I’ll take either of them over the security swiss cheese of XP.”

So, “I’m with the NSA on this one because the sooner XP is just a memory, the better off we all are,” Mack concluded.

‘You Need to Know What You’re Doing’

“The problem with Linux is you really need to know what you’re doing for it to be secure,” asserted Slashdot blogger hairyfeet.

The NSA’s recommendations, then, are “no surprise, as they know that 99.995 percent of the population is not CS grads or kernel hackers or programmers,” hairyfeet opined. “These people will NEVER use CLI — hell, Windows’ control panel scares them. You honestly think they are gonna learn Bash?”

Hyperlogos blogger Martin Espinoza wasn’t so sure.

‘Irresponsible at Best’

“When I see the federal government recommend the products of one of its actual constituents, I am annoyed but not surprised,” Espinoza told Linux Girl in a link-filled email. “Remember when Bush’s boy Ashcroft gave Microsoft a free pass after the DOJ found that they had illegally abused their monopoly position? (And have you noticed where Ashcroft is now?)

“It comes as no shock to see the NSA failing to promote Linux when the federal government is clearly a friend to Microsoft, and vice versa,” he said.

“And let us not forget the well-foreshadowed speculation that Vista may contain an NSA back door,” Espinoza pointed out. “Since there is no way for an independent reviewer to know that the code they are reviewing is what is actually being distributed with Windows or via Windows (or Microsoft) Update, clearly it is irresponsible at best to utilize Windows in any case where security is important.”

‘NSA – New Spending Authority’

Barbara Hudson, a blogger on Slashdot who goes by “Tom” on the site, wondered about the target audience for the NSA’s report.

“Home users will never even see this, never mind read it,” Hudson explained. “Business users? If they haven’t switched by now, a pdf bearing the NSA’s imprimatur isn’t going to count for a hill of beans next to the considerations of software that can’t be migrated from XP, or the costs and time of migrating desktop users to a new version.

“Besides, most of those installations will be taken care of over the next few years by simple attrition or migrating the users to tablets,” she added.

“So who *was* the real target audience? I would have to say it’s the boss of whoever at the NSA ordered this written, to ‘show they’re doing something’ so they can justify their paycheck,” Hudson suggested. “After all, haven’t your tax dollars always been used for NSA — New Spending Authority?

“Now please excuse me,” she concluded, “while I go tell the neighbors that those black helicopters are just a coincidence.”

4 Comments

  • First I love my Linux machines – all my production servers are Linux (various flavours, Free BSD is probably my preferred one). I also use Apple, and Windows – for desktops and mobile, not for servers.

    Any article like this loses all validity when microsoft is referred to as "M$". So they have a lot of money. And some of their history is quite, well, colorful. But how AM I supposed to respect an article that opens with childish put downs? In the context of a business article, all the os’s and all the browsers have a place, and if you cannot objectively be aware of the others place in the industry, how can you possibly be objective about Linux’s place?

    Very disappointing, and devalues the whole linux insider brand.

    • The first moment I saw this post I thought, "this sounds weird to me. How would the "NSA" say "no" to Linux? I would guess that the NSA with its thousands of employees must deal with many different OSs,

      I know someone who works in the department of defense and their laptop is secured to a crazy level, though using windows. It is hardware secured.

      I notice that people who are super Linux fans get bothered if anything else might have a whif of being better in some situation. I use Win 7 at home because I record music. I’ve been waiting years for a good driver for my industry standard recording card. I’ve tried, but for that particular "specialized need" with a standard recording card, sorry, no luck.

      I wrote and article that appeared on Linuxtoday in 1998 with a friend titled "Why Microsoft Needs Linux." Today my attitude has changed. Linux needs the "cathedral" because I believe you cannot get developers to go to the Nth degree and "finish" software to the point where the average person won’t be confused to death. I would not foist any version of Linux on a new user today with the phrase, "it’s just as good as Windows, Mac, iOS, and Android (which has a nice simple interface, and yes, I know).

      I have been waiting since 1998 for Linux to get it’s interface together under some kind of unified, trustable API, and guess what? Everyone is still fighting. I’m tired of it, and would like to stop hearing the whining about other people noticing that Linux has problems in certain areas. It just does. Any operating system has problems.

      Linux has the extra problem of people fighting over the API. At Apple, or Google, or Microsoft, and API is established by leads, and developers work to implement and then work within the API because they are paid to, and eventually as the programming near the end of the project gets very difficult, part of their job is finishing what they started to the "company’s" desired level.

      What happens in an open source community? People work together if they want, and do the things they want, and if they want more or less help the community as well. But no one is comming down on their heads, and if someone or more people do come down on their heads, a open letter is written defending their position. Whereas in a normal company, they would simply be fired.

      That’s a big difference. After all these years, the various APIs for interfaces, compared to the cathedral companies, are in an unfinished state when considering simply usability.

      I AM actually really sad about that. I thought that wouldn’t happen, but it did, and is happening. Just look at the Ubuntu Unity dust up. Soap opera. Who needs that.

      Without the authority around a particular Linux distribution, for example, Red Hat, or Canonical, the soap opera never ends. I’m tired of this drama.

      Who cares what the NSA does in regards to operating systems? Linux, if anything, is not about what the NSA does. It’s a great operating system in its own right, but the community never seems satisfied unless everyone they think should notice, does. Same goes for any kind of fan of a particular OS.

      The problem is not with the operating systems themselves, but with the fan operators *of* the operating system. I use everything, except Apple stuff (simply too expensive for my tastes), but I like iTunes and have used the iTunes store for years.

      It will never change, but this all is about people’s preferences, not some terrible fact that will affect humanity in some dire way. Linux is not brain surgery, it’s not cancer, and in the grand scheme of things, like all operating systems, it’s not that important.

      If you like it, use it. If you don’t, scream if you want to, but what’s the point?

  • Please stop saying ‘NSA Says No to Linux’. The NSA article does not mention Linux. Also if you check out NSA site you will see an equal AM ount of information about Linux. Why are the Linux folks being so overly sensitive about this? I utilize both Linux AND Microsoft and there are good and bad things about them both.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

LinuxInsider Channels