Quote - Linux - my brother has had to track down some specific patches for a leak in Apache, then he foud out that this particular patch required another patch, he had to hunt down that one too, he had to make sure he had the correct patch for the distro he's running. in short, it took almost a day before he had patched the Linux servers, while the Windows and UX machines were patched in minutes. 

Tell him to install YUM if he uses RedHat. Problem solved (seriously). I've had zero problems w/ updating RHEL and Fedora Core machinery that way... it's fully automatic and covers any dependencies found (the only time I really did anything with 'em is to update the JDK, which was custom-compiled). Oh, and SuSE can be updated easily via YaST. As for Windows, yes, putting patches in is easy (rebooting aside) - the problems arise when the patches undo the security measures put into place. For instance, the example I posted originally involved my previous employer... we had well over 100 servers, with two of them running Windows (the rest running a combination of RHEL, Solaris, and FreeBSD). ALL of them had to maintain Department of Defense Security Technical Implementation Guideline requirements ( see these for details). Every time a round of patches went in, odds were very good that the Windows machines would fail their STIG audits immediately afterwards. Audits of RHEL machinery post-patch were always good, with no potential compromises. Same story with FreeBSD and CVSup pushes, as well as Solaris. Systems Administration is a lot more than simply sticking in patches... they have to work w/o compromising or deteriorating what you have in place. > Quote - I've run a Windows server OS permanently connected to the Internet for over 5 years now. My logs tell me they're regularly scanned, and sometimes an automatic attack is tried. Nothing has ever broken through. 

Then again, nobody will really spend time to break into a simple home network. If your defenses are good enough to withstand automated attacks, you're fine.

That's a rather dangerous stance to take, IMHO, for many reasons: 1) Security Through Obscurity doesn't work. Bot Herders want numbers, not value. 2) With the advent of rootkits and some rather primitive logging capabilities that Windows has (compared to other OSes, they are primitive), I wouldn't trust them - external logs are more reliable in Windows' case. 3) One word: Rootkits. In any other OS but Windows, processes cannot hide themselves from view. > Quote - Big companies is another matter, of course. Hackers WILL spend time and effort to break in, so you need better defenses.

While I agree that there have been trends of targeted hacking, I'm still very confident that the bot-herders are more prevalent, and they really don't care what they hit, as long as it has an IP address. > Quote - Penguinisto I can imagine that. I've never had to hunt down a driver. If I do update a driver, it's taken me all of 2 minutes to find it and another 2 to run it. Also, as to security, I don't spend a lot of time running anti-anything. Those things run in the middle of the night while I'm asleep, so I don't much notice them.

Like I said - you've been lucky. Ask anyone who does anything serious with a computer, and you'll find a far different story (or even not-so-serious, if recent NVIDIA driver troubles on Vista are any indication). > Quote - Keep in mind, if Macs ever become really popular, then you too will be running all those programs.

That's not much more than an urban legend, and here's why: OSX (like any other *nix derivative) has a completely different internal architecture which doesn't allow a binary (program) to gain system-wide reach without explicit permission from root. Apache on Linux outnumbers IIS on Windows in the Web Server industry for years on end... and yet nearly all Linux installs run just fine w/o any sort of A/V software. PHP could certainly use some improvements in that arena (or rather, people who write PHP pages need to know how to write a secure app), but the OS itself w/ reasonable security measures in place (and no A/V software) is in no danger that I'm aware of. The whole 'market share = vulnerable!' argument is merely a smokescreen, IMHO... mostly perpetuated in various tech forums by Microsoft fans and actual MSFT astroturfers (folks literally paid or bloggers who have been bribed by Microsoft to comment favorably for Windows). Now, I'll be the absolute last human being to tell you that any OS is immune, but as far as operating systems go, there is at least one line that sits on the bottom of the list of "secure". Oh, BTW: Linux can and does run on Mac hardware, both PPC and Intel. Has had that ability for years. (Google for "Yellow Dog Linux" :) ) It also runs comfortably on CPU's such as Sparc, RISC, ARM (PDA's ranging from PocketPCs to Palms to Treos), mobile phone sets, and even IBM z-Series mainframes. The whole Apple commercial thing isn't really Macs Vs. PC, but OSX vs. Windows, if that helps. There... had my say, no need for anyone to go further down the rabbit hole, I suspect. I refuse to make anything degenerate into some sort of religious flamewar. If you manage to escape being turned into some script kiddie's bot, great. I wish you luck. Me, I'm only looking at odds here, and I find them to be better on non-Microsoft products. Cheers, /P