|"Given enough eyeballs, all bugs are shallow."|
Ubuntu Linux - Frequently Asked Questions
There is a saying out there that goes something like: "The primary reason Microsoft Windows suffers so much from the threat of viruses and hackers is because it is the most widely used operating system." This is partially correct, but this explanation doesn't lend any credence to the bigger picture. Microsoft Windows is, in terms of programming and architecture, a sloppy and inefficient design. Evidence of this has been visited on nearly every Windows user at least once in their life, and perhaps multiple times (see photo). But Microsoft, with its millions of dollars spent on marketing, jokingly "explained" to people that this kind of experience was to be expected and accepted. That it is the very nature of the PC to crash unexpectedly on occasion. After all, human error does play a primary role in the deployment of software that is flawed by design, and that we should cut Microsoft a little slack. I think Microsoft should cut its own users some slack. Have you seen the price tags for Windows Vista? But I digress.
One of the biggest flaws about Microsoft Windows is that it is proprietary software. At first glance, this might seem like good thing. The source code is kept secret so that programmers are unable to see just exactly how the operating system works. It is thought that this measure helps to prevent black-hat hackers from gaining access to the computer via an unpublished or unknown vulnerability, otherwise known as a zero day exploit. It is also thought that keeping the source code proprietary will make it more difficult for a malicious programmer to write an effective virus aimed at causing harm to the system. But simply looking at the vast number of computer viruses that have been written specifically for the Windows platform (it's in the tens of thousands) just goes to show that it doesn't matter if your source code is secret or not. System vulnerabilities will continue to be discovered regardless.
So how does Linux handle the threat of viruses? If the source code is public domain knowledge, wouldn't a hacker more easily be able to develop a virus that is targeted against Linux? In theory, a hacker could do that. But he'll have long series of mountains to climb before he can pull it off. The first mountain he'll have to climb is the source code itself, looking for flaws and vulnerabilities. But due to the open-source nature of Linux the source-code has already been proof-read by thousands and thousands of computer programmers who comb through, constantly looking for areas to make improvements to the software and identify potential problems or flaws. Linus' Law (named after Linus Torvalds) states, "Given enough eyeballs, all bugs are shallow." Or more formally: "Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone." So the robustness of the source code comes from a compounded and continuous method of refining done by millions around the world, which makes Linux much more difficult to hack.
The next mountain he could climb is to try and rewrite some source code and sneak a flaw into the official distribution. In order for anything to be included as a part of the official distribution it has to go through very extensive testing that is much more rigorous than the beta testing that Windows goes through. This is because the software is open source and accessable to many more testers; literally thousands more people are able to examine the software with their own fine tooth comb and then report their findings to the group.
But the biggest mountain our poor hacker would have to climb is system administration privileges (also called root level access or Superuser authentication). What this means is, if anybody wants to install a program (such as a virus), modify system critical configurations or settings, or do anything at all that may affect the way the OS runs, a password is required. By default in Windows, all users are given administrator privileges and no password is required to log into the computer or modify system configuration. You could even open the Windows folder and start deleting random files and the operating system would allow it to happen with barely a peep. This is bad design and bad security, which happen to be two flaws you will never ever find on a Linux system. It's simply not built that way.
So that covers security in a nutshell, but what about stability? Well, for the same reasons Linux is more secure than Windows, Linux also stands to be more stable as well. This again is all thanks to the open source nature of the operating system. Programmers are only human and they are prone to make mistakes. This is what causes computers to crash or freeze. In the world of Windows, when a program locks up or a bug is found, it can sometimes be up in the air as to whether or not the problem will be solved. Security and stability on both operating systems are dealt with on a first come first serve basis. The big difference is that the number of people ready to analyze a problem on a Linux based system is much greater. Microsoft has a small team of highly paid programmers who can only handle so much. Linux has a massive team of freelance programmers who enjoy working in groups to resolve issues and then spread the word about a bug fix which leads to more granular refinement of the OS, resulting in a more robust OS in the long run.
If you have a question about Ubuntu Linux that you would like to see answered here, please e-mail Dave with your question. Any opinions expressed in this FAQ are the sole opinions of the original author. All registered trademarks mentioned in this text are the property of their respective owners and are hereby acknowledged.