17 November 2006

Linux is more secure... isn't it?

Something the advocates of linux are always telling me. Linux has far fewer holes than Windows. Well I'm not so sure.

The true test is when you go back to a machine you haven't used for some months (or years) and discover you can't remember your admin password. Yesterday was the first time this has happened to me with a linux machine and I was a little shocked at how easy it was to remove the root password.

To reset the root user password in slackware you just need to boot the machine using ANY linux live cd, mount your slack installation drive and edit the \etc\passwd file with a text editor. Remove any characters between the root: and the following : and save the file. Viola, now when you reboot the machine you can login as root without a password.

Of course you can reset the administrator password in a windows installation using one of the linux-based password hacker floppy disks, or make yourself a UBCD4win disk which is the windows equivalent of a live cd. The thing about these tools though is that you need to know what you are doing when using them. Any monkey can edit a text file so I have to conclude that if you have physical access to the machine then Linux (or at least Slackware) is less secure than windows.