Re: Services
That's a very interesting list. I'll address things one by one. But you can drop the petty put-downs and implications that I'm "pretending to forget" about things. I'm not. I asked a very reasonable question. I hear this comment a lot from people who can't support it and when they do, it's often with reference to how things used to be. On to your points:
"-- most software on GNU/Linux is free/open source, including the kernel and utilities;"
That's a good security argument against government intrusion and I agree with that. I don't think it's a strong argument on malware issues. It takes a lot of time and a lot of specialist knowledge to even be able to understand most sophisticated software such as Apache or the Linux kernel or many other components you'll find on a modern distro, let alone identify vulnerabilities. In compensation for a handful of extra people outside a core team maybe taking the time to look at the code properly, you also have to weigh that attackers are also studying the code and maybe even contributing such as happened with phpMyAdmin or the attempt at introducing exploits into PHP. (One of the PHP team said they suspected the attempt was China trying to introduce exploits they could later use). Additionally, there needs no deliberate introduction of exploits for Open Source to be a risk. The moment a bug report is filed, or someone commits an urgent fix, you're in a mad rush to update your systems with a patch (if available) before someone monitoring that project tries to exploit it. As any sysadmin will tell you, keeping up to date is a demanding job.
Open Source is an advantage because it helps protect against deliberate subversion by powerful agencies (i.e. government agencies) and because it allows projects to grow and develop in interesting ways and be forked for the good of a community where necessary, or maintained after a company goes bust. But as a guard against malware. what we're discussing here, there's little net gain, imo.
>>"-- the kernel is modular, where a huge number of options are togglable at the compile time;"
I'm trying to remember the last time I actually compiled my own kernel and I'm pretty sure it was about three years ago when I was going through a Gentoo phase. Pre-compiled distros dwarf people compiling things themselves by orders of magnitude. Even if I were convinced that someone going "Oooh, SCSI support might have a vulnerability, lets exclude that" actually has some measurable effect on security - which I'm very far from allowing, it's academic because people are not doing that. Yes, yes, I'm sure you can find some people to point at. They're highly atypical these days and a miniscule percentage of real-world GNU/Linux deployments.
>>-- a GNU/Linux (*BSD) system can be stripped down much further, disassembled and assembled with much more ease, than can be Windows. MS Windows didn't invent a headless, bare minimum server; A Core Server -- things are improving in Redmond here after 20 some years of denial.
That's pretty much just a restatement of your previous point with an extra dig at Microsoft thrown in. And I have no interest in playing a Team vs. Team fanboy war where I have to get all upset about who invented what technology first. I don't care if Hyper-V or Server 2012 without GUI has predecessors elsewhere, they're good now, and we're supposed to be talking about malware. Or rather I am trying to - you seem to want to turn it into a general Linux is better than Windows fight.
-- more accurate POSIX hierarchical filesystem structure vs. chaotic Windows that still mixes data and software;
Yes, I used to have my home partition set to have a no execute flag on it. It was a pain in the bum, to be honest. But I used to do it. Windows handles this differently with defining the ability to execute by user / group, rather than the way Linux handles it. I know it sounds like it's the same as the UNIX rwx bits but it's not. It's interesting that you bring up "more accurate POSIX hierarchical filesystem structure". Windows ACLs are actually more sophisticated and feature rich than the POSIX standards. And I don't think "chaotic" is fair at all. Both Windows and GNU/Linux have standards about where to install and store things. They're just different, is all.
>>"-- much more numerous up-to-date versions in use, a much higher distro heterogeneity than with MS Windows;"
Are you still trying to argue against my point about malware which is what we're discussing? Because the above is a great argument for freedom and competition, but it's a terrible argument for security. Yes, a million different variations are great for consistent security and making sure your fix for your software is on all platforms in all the different packages. Surrrrre.
>>"-- lack of central secure repositories containing 99% of all used software in MS Windows"
Well that's the cost of a free and open system I'm afraid. I bet you would complain if Microsoft tried to introduce a single store where everything was centrally signed and managed. Oh yes, there it is in the very next sentence where you mock their attempt to do so. ;) But yes, this is an advantage GNU/Linux has in terms of security. Central management is a plus.
>>"Neither did MS invent the Android's apps' permissions system and its transparency to the user."
Again, you're shifting things into a weird game of My Team scores more points than Your Team. I don't care who invented what. Plenty have taken inspiration from MS's work, MS has taken plenty from others. (Often buying those others outright). It's nothing to a discussion about security in modern OSs and leads me to think you have a bias to prove GNU/Linux is better. Are you sure that you do not?
-- lack of a decent central packager paired with a repository utility (see the previous item)
Yes, "see previous item" was just what I was going to write as well. A point does not become two points, because you state it twice.
>>-- better and closer adherence to the main IT principles of modularity, KISS, software in the Linux/BSD camp of developers and sysadmins than in the proprietary camp including Microsoft folks
That I flat-out reject as straight bias. You're just stating that GNU/Linux programmers are better than MS programmers. Good programmers are good programmers, bad ones are bad ones. If you have some naïve idea that better programmers are magically drawn to the "Linux/BSD camp", you lack experience or an open mind. It's also pretty insulting to a lot of brilliant people.
>>"-- lack of a competent IT culture and infrastructure around MS Windows:"
Well now you're supporting the point that I made elsewhere - that the chief factor in security for GNU/Linux vs. Windows is that GNU/Linux has a more tech-savvy user base. That's not a quality of the OS itself and as I also wrote elsewhere, if GNU/Linux suddenly had the same userbase that Windows has, you would see the same problems of malware.
Central package management is the one advantage on your list that I agree with, and have said so myself on previous occasions. Unfortunately it's also the most problematic from a freedom point of view.