Evans Data recently provided more proof that Linux is more secure than Windows. The researchers surveyed 500 Linux developers and found that 92 percent had never had a machine affected by malicious code. Fewer than 7 percent said they'd been victims of three or more hacker intrusions.
Only 22 percent said their systems had ever been hacked.
By comparison, last spring Evans did a study that found that 60 percent of non-Linux developers had been victimized by security breaches, and 32 percent said they'd been hit three or more times.
There's a reason that Linux developers get hacked less. It's not entirely, as Windows advocates say, because Windows is a more attractive target for hackers.
Oh, that's part of the reason, sure. Windows is a bigger target, it's easier to hit. It has more users which means attackers can do more damage. Also, many hackers just don't like Microsoft, and target the company's products as a means of hurting the company.
But, really, who cares why Linux is more secure, so long as it is? Windows will continue to be a more attractive target for attackers for a few years at least, and a few years is about as far ahead as any IT manager can plan a deployment.
And Linux isn't secure only because it presents a small target. Linux is inherently more secure than Windows. While Microsoft is working hard on making Windows more secure, it remains to be seen whether the company will be successful.
When compared with proprietary software, the open source process is an advantage to developers looking to write secure code. This doesn't make sense to advocates of proprietary software, who note that distributing the source code to software allows crooks to examine the code for security holes.
The error in that argument is the assumption that, with proprietary code, the crooks don't have access to the code. With proprietary code, crooks can find security holes by examining illicitly obtained source code - Microsoft source code has been leaked many times. And with either proprietary code or open source code, crooks can examine the behavior of running binaries.
But where open source is different from proprietary code is that open source encourages honest people to access source code, and find security holes and patch them fast. The large open source community can find and patch security holes faster than teams of proprietary developers - even when those developers work for Microsoft - simply because the proprietary developers are hobbled by their need to keep secrets.
Another reason for Linux's inherent security is its user model. End-users run with limited privileges; only systems administrators have access to the all-powerful root account. Mostly even systems administrators run as limited-privilege users, unless they absolutely need root access. By limiting users' access to systems, Linux limits the amount of damage a user can do.
Linux's lower vulnerability, compared with Windows, isn't just a function of its smaller popularity. Linux is breached less often because it's more secure. Microsoft has a lot of catching up to do.