Head to head: Linux vs Windows 7

One of the biggest criticisms levelled at Windows over the years has been its lack of proper user access control. Despite the last few versions featuring user accounts with different levels of authority and control, nearly everyone simply created an administrator's account and neatly side-stepped any attempt to rein in what the average user could and couldn't do.

Windows 7 attempts to do things differently, upgrading Vista's User Access Control to finally achieve what Microsoft must hope is a major feature in an age where thousands of Windows machines run as zombies on the internet.

The idea behind UAC will be familiar to users of Ubuntu and OS X. When a user's application requires a higher set of privileges, a password requester asks for authentication. In Windows Vista, this password requester could be a little overzealous, appearing every other minute if you weren't careful, especially if you were configuring hardware.

Family controls

FAMILY SAFETY: User Access Control can limit what a user sees on the internet as well as the configuration options they have access to

This annoyance was even seen as an advantage by some, as it forced software developers to avoid asking the user to elevate their privileges though UAC if they wanted to remain usable. By default, a standard user will have no administrative control over their system, and neither will any viruses or trojans may have been inadvertently run by that user.

Of course, this is nothing new for Linux users, as this feature is embedded within Linux thanks to its use of groups and permissions to restrict users and processes. It's our main defence against wayward applications wreaking havoc on our systems.

Even if a user's account is compromised and a virus is able to run on that user's desktop, a utility with limited privileges can do very little system-wide and network facing damage, although your personal data isn't likely to be so safe. This is part of the reason why there are so few Linux viruses, and why so few of us consider it any kind of threat.

PolicyKit

But the truth is that there's plenty of potential on the average desktop for any malevolent coder with enough motivation. How many of us install third-party binary packages on our desktops? And how many of us could check the source code if we had to?

Even riskier is the number of times we resort to typing sudo or launching a shell with administrator privileges, effectively bypassing the security inherent in the normal/root user system.

Many distributions and developers think there needs to be an extra level of security, and the closest we can get to the technology behind Microsoft's UAC is PolicyKit, originally developed by Red Hat but now shipped as standard in Fedora, OpenSUSE and Ubuntu.

PolicyKit gives application developers (and distribution builders) a finer degree of control over what an application can and can't do while it's running. It could enable a user to mount portable storage, for instance, but not allow the same user to mount a local filesystem, avoiding the potential hazard of sudo completely.

The impending KDE 4.3 includes PolicyKit integration, which means that many system administration applications for the KDE desktop will be able to take advantage of PolicyKit's finer-grained privilege control in much the same way that certain applications request authentication on the OS X desktop.

Gnome has had this functionality since the beginning of last year, and its inclusion in KDE brings us a step closer to a unified desktop on the Linux platform and a unified system for accessing administrative tasks.

Online security

Despite all these improvements to User Access Control, Windows is still going to be the main target for hackers, and as such, a virus checker is always going to be necessary. For the first time, Microsoft is going to bundle a virus checker and spyware detector with the operating system.

Linux forewall

PC DEFENSE: You can access a lot more of your firewall options in Linux than you can in Windows 7

This is likely to raise considerable protest from manufacturers who sell competing products, such as Symantec and McAfee, as they're making a tidy living from plugging this lucrative hole in current Windows security. But bundling a free virus checker with the operating system is a great step forward for the rest of us who have to endure a constant stream of attacks from compromised Windows systems.

Microsoft's checker is going to be part of the Security Essentials download package, and it replaces Windows Live OneCare, a similar package that Microsoft previously charged for on XP and Vista.

Microsoft's Security Essentials covers only the basics of online security: real-time virus checking, system monitoring and download scanning. This should leave plenty of room for the commercial solutions to fight over more advanced features and neurotic Windows users.

As Linux users, we don't need to run a virus-checker unless you're receiving files from, and sending them to, Windows users. It avoids the extra CPU and memory load of constantly running a checker and keeping it up to date. But there are several checkers that are up to the task if you need them, including tools from BitDefender and AVG, as well as the excellent ClamAV.