How secure is desktop Linux versus Windows?

So what about security and robustness? Let's look at Microsoft Windows first. More recent versions of Windows have delivered significant improvements in terms of security and robustness. This is particularly true of Windows XP with the release of Service Pack 2. This has resulted in a greater focus on security including introducing a host firewall and beginning the process of addressing issues like virus and worm infections and spyware. Improvements have also been made to Windows Update to improve the ease with which you can patch. Additionally group policies allow you to lock down and manage desktops more easily. Finally Windows XP has been considerably more stable than older versions. Incidences of the dreaded blue screen of death (BSOD) seem to have lessened with the release of Windows XP.

This does not mean that there are now no security and robustness issues with Windows desktops. In order to deploy Windows desktops you still need to do a lot of work. New vulnerabilities are still regularly discovered, and as a result, Microsoft still releases a large number of patches. The built-in Windows Firewall can sometimes be distinctly unintuitive and interact unfavorably with some applications. Also even with recent changes, the automated Windows Update mechanism is inconsistent, tricky to troubleshoot and lacks basic reporting. Finally the development and testing of group policies and general locking down and securing Microsoft Windows desktops can be costly and time consuming, especially if you have a complex environment.

Linux desktops running X11 or X Windows can be both secure and robust but also share some of the issues associated with Microsoft Windows desktops. Firstly, Linux desktops tend not to be the targets of viruses and worms in the same way Microsoft Windows desktops are. There are significantly fewer viruses and worms that can infect Linux desktops. Most Linux distributions also support host firewalls by default, or they are easily implemented. Due to their maturity Linux host firewalls tend to integrate well with services and applications and cause minimal problems.

Maintaining updates and patching for Linux desktops operates similarly to Microsoft Windows. One of the major differences is in the components that make up your Linux desktop: The operating system, X Windows, your window manager and your applications are usually made up a series of individual packages. For example, on a Red Hat distribution these consist of a collection of RPM packages. This can complicate update and patching because of the potential requirement to track the versioning and changes of multiple packages -- especially when combined with the fact that enterprise patch management and deployment on some Linux distributions is not yet fully mature. On a related note, there are not a lot of mature centralized patch and policy management systems available that support Linux (with the notable exception of Novell ZENworks). This can make administering large numbers of Linux desktops problematic.

Lastly, the robustness of your Linux desktops is going to be highly dependent on the Linux distribution you select. Many of the desktop-focused Linux distributions, such as Novell Desktop Linux and Linspire, are designed to provide an optional desktop experience. Other distributions may be less suited to run as desktops. The selection of a particular Linux desktop should not only consider security and robustness but also meeting the business requirements of your users in terms of applications and functionality. It should ensure the user experience is acceptable in terms of performance and ease of use and that the cost of any solution is acceptable.