Windows XP is more secure and more stable, but if a user insists on running an application (Outlook for example) as "Administrator," or at the very least as someone with administrator level privelages then any code run is run with that level and damage can be done--that same thing can happen under Linux if the code is run as root. Big deal.

Sure the first user on an XP computer will be administrative level, but anyone with a brain will demote that user to something like "power user" or just plain "user" and that's the end of it. Couple that with good AV software and you're good to go. Mind you, under Linux the first user is root, and you have to make a new user manually--there's no difference. The only difference is that the average Joe Linux user is slightly more savvy to what is a bad idea to do and the average Windows user is just someone who wants to get their work done.

Security is a personal responsibility. Admins, users, everyone has to own up to the fact. If a user says they can't be bothered with that nonsense then they should have their computers taken from them--just as we'd take the license from a drunk driver. The damage done by the unwashed masses is what causes the problems in the first place.

Any administrator who doesn't patch their servers should be executed. They're no better than Typhoid Mary.

Blaming Microsoft is just a nice red-herring. The real blame goes onto the following:

(1) The malware authors; and,
(2) stupid users/system administrators.

Fix those two glaring holes and the problems will go away. Pointing fingers and yapping "MS doesn't secure their products!" isn't the answer.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/228/25417#25417