>if windows has a prob with its OS (cough *vista*) they are stuck with it...Linux can easily be
>changed or patched.
Completely wrong. Windows has security updates, just like most modern operating systems nowadays (both closed- and open-source).

>the OS itself is a good enough anti-virus/firewall/etc
Um, no. Any sufficiently-advanced operating system will be prone to viruses, Trojans, and other nasties. While Linux doesn't seem to be too bad in this respect, it could be attributed to the fact that it has a very small portion of the operating system market (and thus, virus writers wouldn't be targeting Linux). Finally, Linux does need a firewall to protect itself from hackers, like most operating systems. You seem to think that simply because the operating system is open source it's invulnerable to attack.

vista and linux are the same in terms of security. The only reason vista has a higjer incidence is because users are TOTAL RETARDS as they run as administrators, not limited accounts. UAC goes some way to fixing this. If everyone on linux operated as root then it would be just as virus prone

Linux has kernel packet filtering and 90% of distributions come with an iptables firewall

They're not neceseraly stuck with it. MS has thousands of people who work on just windows. And they all try to come up with solutions. Vista is a great operating system, and people should stop complaining about it. However, I prefer linux over windows for most day to day tasks. And linux security is not as big and a vulnerability with windows, because more people use it. The only reason linux doesn't need an antivirus is because not enough people use it(consumers), so there's not need to attack it.

I've had the displeasure of using Vista and getting those infuriating pop-ups. And those pop-ups make absolutely no sense whatever. The pop-up requires no password if one is already an administrator. This means that Vista already knows whether or not one is an administrator. So why does it badger the user?

Only rarely does GNU/Linux ask for a password if the user does not have adequate privileges. Nearly always it will report an error message saying the user does not have the necessary privileges and then abort. And creating security-hostile GUIs that prompt the user for root password is almost the same as merrily skipping down the primrose path. After all, what's the visual difference between a legitimate package requesting privileges and malware doing the same? If I try to install software without adequate privileges, the install should FAIL. Period. If I really want to install it, I should be required to explicitly run a shell and explicitly acquire the necessary privileges. THEN I can execute the install. To do so otherwise will merely bring GNU/Linux right to the current state of security in Windows: little-to-none.

I think '60%' may be a bit of an overstatement.

I have *some* experience managing email and spam. In the past couple years, 80-90% of all email arriving at my few domains comes from IP addresses of *known spammers*; it doesn't come from hijacked PCs. 3-10% is legitimate email. The rest is found to be spam or fails other anti-spam measures. The sites I manage typically receive 600-1200 legitimate emails each month. The total incoming volume at each site has ranged from 10,000 to 35,000 each month. It spiked up last summer and tapered off to previous levels last fall. Apparently the FBI has done some good work in this regard: IC3.gov message. If y'all'd like, I can post the summary info.

And, to return to the thread's topic, GNU/Linux really *do* need anti-virus software. Because there are a great many Windows PCs that get their email from Linux servers, linux email system operators need a rock-solid anti-virus system. Clam is good, but it isn't quite good enough; it's slow and far too CPU-intensive. And I know of at least one http-downloadable virus/trojan that Clam doesn't/didn't see; that's one too many.

any thoughts on solairs??

just thought I would open the debate to unix!! ps i love vista think its a good o/s for everyday users and i love linux/unix too but you need to have a lot more knowledge then most everyday users have to make it work the way u want to.

i think unix has linux binary compatibility libaries (at least freebsd does, dont know about real unix (tm) ) , which would make it just as succeptible

i use solaris well at work anyway find it very stable but not sure how vulnerable it is.

oh and has anyone seen about these new firewire attacks that leave any system with any os vunerable to attack

yeah but the fact is that you need physical access

physical access makes any pc vulnerable

Yes, Solaris has the lxrun utility.