The complicated answers to both questions require some explanation of the difference between Unix and Linux. Traditionally there has been a lot of confusion about the relationship between Unix and Linux. Technically, and it can be a controversial statement, Linux isn't Unix -- it is Unix-like.
The term "Unix" describes a number of different operating systems: Solaris, HP-UX, SCO Unix and AIX, for example. Crudely speaking, all of these operating systems derive from either AT&T System V or the Berkley Software Distribution (commonly known as BSD), or contain elements of both. This derivation is both in their code base and in features and functionality being replicated. Linux, on the other hand, replicates features of many Unix-like operating systems (especially BSD) but was not written using any of the original code from either System V or BSD. Its original author, Linus Torvalds, developed its code from scratch (with influences from another Unix-like system for i386 processors called Minix). Linux also comes in multiple flavors, called distributions -- for example, Red Hat, Mandrake, Debian, Gentoo and many others.
Probably the best metaphor for Linux's relationship to Unix is that of a family: Linux isn't a child of Unix but rather a close first cousin. As close cousins, both Unix and Linux share many similar security concepts -- for example, the way users and groups are implemented and the use of read/write/execute permissions for those users, groups and everyone. But there are significant differences in how, and exactly what, security is implemented on Unix and Linux platforms. These differences, however, are more dependent on the particular Unix or Linux platform you are running and what features and functionality that platform chooses to implement than the fact that it is either a Unix- or Linux-based platform.
This can be seen by the fact that each of the flavors of Unix, like Solaris or HP-UX, implement different security features and implement them in different ways. Until version 10, Solaris had weaknesses in how user and password controls were implemented. These weaknesses are not present in other Unix flavors. Linux distributions also have similar differences in the security features they implement and how they are implemented. Red Hat, for example, has embraced the use of Security Enhanced Linux (SELinux) which provides powerful mandatory access controls. Other flavors of Linux do not support SELinux or require recompilation of your kernel to support it. Thus the question of which is more secure is greatly dependent on which exact Unix or Linux platform you are using and how you are using it -- not on the fact it is either a Unix or Linux platform.
So, I suggest rather than comparing the concept of Unix versus Linux that you choose your operating platform based on the requirements of the application or service you are deploying, operating or managing. This would not only include your security requirements, but requirements around application and hardware compatibility, development environment, performance, availability and budget. Lastly, both Unix and Linux platforms are only as secure as you make them. Almost all Unix and Linux platforms can be hardened and locked down to make them more secure. Whilst choosing a platform based on its inherent security can be an important factor, you should not assume that this represents the totality of the effort required in securing your systems. You will need to harden and secure your systems when you deploy them and throughout their operational life.
For more information: Think before deploying Security-Enhanced Linux in RHEL 4
This was first published in July 2005