My recent note on using a Linux Live CD for online banking, and the article by Brian Krebs of the Washington Post that motivated it, have prompted a small flurry of responses by E-mail and in comments on Brian’s article. One of the comments mentioned an article by Michael Horowitz at the eSecurity Planet. Web site, in which the author discusses the idea of using an operating system other than Windows at some length.
Mr. Horowitz summarizes what I think is the kernel of the problem very well:
In my opinion, while it is possible to secure a Windows computer, the process is too hard, too time-consuming and/or technically over the head of most people.
Microsoft Windows is an extremely complex system. This is, I think, due in significant part to its antecedents as an operating environment for a stand-alone, single-user PC. The availability of a personal computer was of course one of the great selling points for the PC in the first place, allowing users to escape the clutches of the dastardly corporate IT department. The focus of PC software development from the early days has been on providing more functionality and features to the user, and on promoting ease-of-use as the overriding objective.
In the process, more and more features have been added and inter-connected in numerous ways, to the point that it is very difficult even for a technically adept person, let alone an average user, to understand how the different parts of the system interact with one another. To take just one example, almost all Windows configuration information is stored in a central repository called the Registry, in a proprietary binary format. It is distressingly easy for one faulty or rogue program to botch a Registry update, and render some or all of the rest of the system unusable. The Windows graphical user interface (GUI) is tightly integrated with the core operating system; it is almost impossible with most versions of Windows to run a machine without a GUI; yet that GUI contains literally millions of lines of code that are really functionally unnecessary on, for example, a mail server.
The Internet Explorer browser has also been a rich source of security problems. Once again, a headlong rush to add features and functionality resulted in a design that is inimical to security:
Then too, there is Internet Explorer itself. Rather than being a single entity, IE is a collective. Under the covers, Internet Explorer houses ActiveX controls, Browser Helper Objects, Toolbars and Browser extensions; each is a different mechanism for software to insert itself inside the web browser.
Several times a year, Microsoft releases a large (several MB) patch to fix security holes in Internet Explorer.
Windows apologists will tell you that there are many more attacks on Windows because it has by far the largest market share — and there is a good deal of truth in that statement. (As Willie Sutton legendarily said when asked why he robbed banks, “That’s where the money is”.) But I think there are two points that should be set against it.
The first is that the basic design of either Linux or the Mac OS-X is more conducive to security than the basic design of Windows. In fact, the Linux and OS-X core systems have many similarities, which is hardly surprising since they are both descendants of Unix; and Unix was originally built and designed for a multiple-user environment. The design is much more modular than that of Windows; for example, the GUI interface in Linux is implemented using the X-Window system, which is not a part of the operating system kernel. It is a just a program that runs under Linux, although it runs with some special privileges, primarily those allowing it to access the keyboard, mouse, and display hardware directly. But it is entirely possible, and in fact common, to run a Linux server without any GUI at all, just a command-line console.
The second point is, from the user’s perspective, more fundamental. The evidence strongly suggests that Windows is a more dangerous environment, particularly for critical functions like banking, than either Linux or Mac OS-X.
Windows is like an ocean full of sharks. Do you really want to swim where the sharks swim, even if you take some defensive measures?
If you know the water is infested with sharks, do you really care why it is? I know that it is possible to achieve a reasonable state of security on a Windows system, and I know that it’s a lot of work. If doing that work is not something you find enjoyable, educational, or otherwise fulfilling, maybe you should consider taking another approach.