I am sure some of you are thinking “oh god not this tired old argument again!”  I understand, but I thought I would discuss it from the hackers perspective and without any emotions like “I like Linux more because if you take the name Bill Gates and convert it to ancient Sanskrit and then to Latin and then convert to numerals it equals 666, which must mean he is the anti Christ!  I thought it might be interesting to some of the younger people on the forum that don’t really know the history of the linux vs windows issue.

    I am more about getting the job done and I don’t care what OS I use.  I remember reading some place that a person’s preference for an OS reveals more about that person than the OS.  As cold as computer people are supposed to be as displayed in movies, I actually find them the opposite. I am surprised how passionate about technology many are and often their allegiance to an OS is sometimes emotional based.

   Linux was embraced as the OS of choice by the underground for the longest time, but why was that?  Several reasons existed.  Back in the days of when windows 98 had just come out, linux was definably ahead.  Windows 98 was a “wanna be” 32 bit overlay gui struggling on a 16 bit DOS underbelly.  Not the most stable environment and was prone to crashing. It was said that Microsoft was worried about legal problems from Apple if they created a pure 32 bit OS since they “borrowed” the windows idea from Apple during there brief association together.  So they were stuck with pushing something not as efficient or stable.  Also, the underground seems to attract some very paranoid people and I remember a lot of people being worried that Gates had hidden some kind of spy ware deep inside windows and because everyone from the government to financial institutions used it, Gates was set up to be the next Lex Luther  or Dr. Evil !

    Early on many of the hacking tools were written only for linux, making it difficult to do much without at least some knowledge of that OS.  Linux stood out, a powerful 32 bit OS that you could open up and look at the source code and you could tweak it so many ways to what your preference might be.  Windows was seen as closed and hidden and being pushed by one greedy man on the entire world!  If you have never been exposed to this kind of thinking, perhaps now you can see why the underground embraced linux so feverishly! 

    What about the tools available today?  Is one platform favored above another?  This is difficult to answer because each pen tester favors certain apps and therefore might lean more towards one OS over another.  However, if we were to analyze the Top 100 Network Security Tools that are listed on Insecure.org and use that list as a standard, we find some interesting facts. If you were a linux only user there are 22 exclusive windows apps you could not use on that list.  If you were a windows only user, there are 25 linux apps that would be unavailable to you.  It’s so close to being even that you could not say one OS is more important than the other.
 

    As for me, I can’t say one is better than the other at this point in time and I am referring to its use in the art and science of hacking. I am certainly not referring to the OS I would recommend to my grandma!  That OS would be a very obvious choice indeed, lol!  When XP was introduced for everyone, being a truer 32 bit structure, things really changed, although you would still see people that were loyal to linux calling it windoze. Its just too hard to let go of your prejudice sometimes. Now windows was fast and more stable. It actually started to feel like it had the power of linux or unix.  By the way, if you wanted to get flamed back in those days, just go to a hacker forum and post that your favorite ISP was AOL and you ran windows!  Actually, all you had to do was say something nice about windows !

   I have done some very efficient hacking with windows and I can’t say that the reverse shell I get is in any way less stable.  There have been times I felt I had better results with nmap using linux.  Exploits if they are ported correctly work just fine with windows. Ok, so where am I headed with all of this?  Yes, you guessed it, for me the best set up is using both!  Both have their strong and weak points. They really compliment each other.  I run linux on one laptop and windows on another.  Right now I am using XP pro and Fedora Core 5.
 
    Say for instance I want to crack WEP.  I will run airodump on my windows machine and at the same time, I will run aireplay on my linux laptop.  I do all my reconnaissance work with windows.  Scanning is 90% a linux operation for me.    If I want to use a bootable cd, well I better know my linux!  Anyway, I hope you see how I jump from one to the other and I find this really works well.   

    So, is one easier to hack than the other?  That’s a loaded question because it depends on the set up.  For many years the cry was linux was more secure because you could turn off services and customize the installation more so than windows, etc… However, it was an embarrassing statistic to the linux aficionados that the most hacked servers in the world were linux!  I can testify to the fact that both windows and linux, if properly configured, have the ability to be nearly impenetrable! 
 
   That’s my perspective on it and I try to be as objective as I can, because as I stated before,  I am more interested in getting the job done!

while not disagreeing with either one of you.  my for example is what was the last good exploit for the linux 2.6 kernel?  we just had a great local root exploit but how about the last remote exploit for 2.6?

is that a result of security professionals not focusing on linux for exploits or its open source philosphy?

   I think you see less new exploits for linux for a number of reasons.  Certainly one reason is because of the open source policy.  You have a lot of really great programmers inspecting the source code for flaws.  Also, linux has less lines of code to exploit.   
     
     I spoke to a former Microsoft programmer once and he said some of the reasons windows exploits seemed to abound were do to misguided thinking that was prevalent at Microsoft early on.    So much of it was spaghetti code being pieced together and programmers were under tremendous pressure to make deadlines to write code that would be compatible with everything out there. Most of the hope was that by making the source code closed, that alone would prevent exploitation. Well, that proved to be wrong!

     In some hacker circles it was considered wrong to exploit linux. You should only target the evil greedy empire of Microsoft. However, it’s funny how it was ok to exploit linux servers because many of these were evil greedy capitalists taking advantage of a free OS for their personal profits. I guess you can rationalize just about anything if you try hard enough.

    If someone told me I had to choose only one OS to hack with,  I would have to pick linux.  However, I would say it would be sad to not have access to these windows only programs, Cain and Abel, Netstumbler, GFI languard, Superscan, L0phtCrack, Sam Spade, Core Impact, SolarWinds, Pwdump, Angry IP Scanner, Brutus, etc…

  Interesting thoughts.  I wonder if every admin that has had extensive experience with both platforms would agree windows is easier. Not an Admin that has had a large windows background and just a little linux pushed on them. That might be an interesting poll.
   
   My feeling is with the exception of Redhat, windows is easier to administer. Of course if you subscribe to the Redhat tech support, its not really a free OS. If you go through all the Redhat training , it can cost a small fortune! 

   My liking for linux is based on the fact that I can “tinker” with it and do some customization. I consider it the OS for the hobbyist so to speak.  After all, hacking really meant the ability to alter things to run in a different way. Based on that definition, it could be called the true “hackers” OS.

Just a quick update.  If you want to hack with windows, you should not have SP2.  Windows with SP2 is not hacker friendly!

i'd say the current 2.6.x kernel is fairly secure. 

From an general admin point of view, (and i do hate to say this because I love my open source) I prefer Windows. Although that may be down to the lack of enterprise linux experience.

But from a more hacker point of view, use the right tools for the job, windows, linux OS X whatever. At home I use all of them but tend to use OS X more than others. Why? It does *nearly* everything I could do on a Linux machine, but I don't have to worry about will I have to reinstall a bunch of stuff next time there's a gcc update (I had bad experience with gentoo) AND my wife thinks it's pretty enough to get her email on (and I don't have to worry about the state of it when she's done with it). That might not be the best business case for moving to mac if you due a technology refresh soon though.