They are still using the OS itself, which by all reports is simply unaltered Linux (not sure of the actual "flavor" though), complete with any risks or flaws you or I would encounter. Some individual applications might be like Mac's bastardized BSD (i.e. started open but are now closed), but not all of them are.
And how would that really be any different than a UK government agency using Open Source software? I sure the UK gov has just as many layers of security between their systems and the outside world as our gov does. Given that, how could using Open Source software really be any riskier than closed source?

I highly doubt it's an "unaltered linux" updates are necessary no matter where you go, I would imagine they probably have their own proprietary formats to coincide with their security measures.
not only should a file be encrypted, but it shouldn't allow the user to actually decompile the file because it uses an unknown format. :D

Oh sorry, I was speaking more of pure software differences & trying to illustrate that its the admin that makes the real difference, you can be shit with linux, brilliant with windows or the other way around and produce radically different results.

Well yes. So let's just sign this thing and be off yeah?
=D

aren't all the world's governments trying to pump money into the economy to help keep companies alive right now?
I'm not sure taking all that cash from the private companies is a good way to improve the economy and stop unemployment rising.
Personally I love open source, and I use it quite a bit. But I also partly make a living from programming, and having open source undercut all the small startups out there can cause problems. It sure aint easy selling software these days when free alternatives abound.

also, change is hard.
In Hans story, he didn't relate also that continued use of Novell and Microsoft would result in none of their staff requiring additional training because of it. Even if his services for training the staff was cheap, the school district would also have to pay the teachers for attending the sessions. :(
Now throughout this, I may have seemed like an anti-open source kind of guy, but I am not anti-open source. I'm just being reasonable.
in the long run, yes, running open source might be cheaper, but updating everything, changing formats of files, years old, and the training, it all is costly, whether it's time or money that's being spent. sometimes it's easier to use just what works, rather than what's "cheaper"

Thats true, user resistance is one of the biggest problems with new software & procedures.

Thing is, putting potentially harmful code into an actual program isn't the only way to attack. Anyone could deliver a harmful script as part of an external package, and, if many many more people used Linux, you'd have the kind of people that just blindly double click anything that looks like it should be run.
Sometimes, the reasons spyware/trojans/viruses get onto someone's computer is because they don't know better. If my parents were to open up any Bash script or program code, they wouldn't know what they're looking at, so they wouldn't know whether any given line could wipe out everything they have or just print out "Hello World" on the screen. Many people wouldn't, so they wouldn't know what to look for.
Many exploits are aimed at and used against people that are unaware. Even if you change the platform from Windows to Linux, that wouldn't change.

And this would mean very little, as the malicious script could only affect things at the user level. Since Linux actually handles privileges correctly something malicious being run at the user level simply isn't capable of hosing the entire system. Contrast this to Windows where most people run as Admin (out of necessity to actually do anything), and so if a malicious script is run it's given free reign on the entire system.

it's not out of necessity to do anything, it's the exact same. Vista's UAC asks you if you want to run things even if you are signed in as admin. And if you aren't signed in as admin, it'll simply ask you for the pw. Windows has improved that since XP thankfully. :D

Don't mix up entreprises world and geeks world. Informing everybody and their dog about a security flaw for which no fix exists is actually a very stupid and dangerous idea in the professional world.
Companies have a long tunrover time, you will never find anybody who is going to download a "hourly build" from a SVN and put it on of it's production server, even for companies which use OSS. Likewise no IT manager with half a braid is ever going to install a patch made by some "dude" on the internet, they will wait for the official patch comming from the one providing them support for their OS/Application (be it MS, Redhar, Novel, etc...)
And if you have a gold partnership, Ms is usually extremely responsive.
And yet the SSL bug was unnoticed for years...
Just because there are millions that can looks at the code doesn't means million will do, an even among those who do only very few have the time and the competence to locate a serious issue. Even for OSS you usualy have a limited team that's really works on the code and corrects flaws.

Again, I'm stating that the problem isn't in lack of security in the system. In this case, the problem would be between the chair and the keyboard. Trying to push everyone from Windows to Linux will just move people who don't really know what they're doing in Windows to people who don't really know what they're doing in Linux.
No matter what security is put in place, if the person can win you over with a smile and some fancy words, making you believe it's something that is needed, they'll get in and do their damage to the full system. If they don't need to go that far, they'll be fine messing with the data of whoever is running the malicious code or script, and for many users, that is just as bad or worse than having their system compromised.
And if someone runs as root and accidentally allows a malicious script to run, or a security breach is found (which I don't believe to be likely, but that doesn't mean impossible), the same thing happens. There's no difference between running as admin in Windows or Linux.

Have you ever tried running as user with any Win9x or WinXP? A lot of programs simply won't work right without admin privileges. Vista improved on this a bit, although since I haven't used it I can't comment much on just how viable running as a user is. Also not sure just to what extent Vista segregates privileges, so if anyone wants to chime in I'd be happy to listen to any additional info (e.g. can users write to system files?). UAC was a bit of a step in the right direction, from a security perspective, but MS went overkill on it and as a result a lot of people were just conditioned to always click "Allow." Users shouldn't be prompted much for the escalation of privileges in normal activities. I'm aware it's been improved since SP1, so maybe MS is actually slowly getting things right.

While PEBKAC will always be an issue the design of the OS can still mitigate the damage that a clueless user can do.
The key difference is that with Windows for the past decade running as admin has been the default, while with Linux running as user with only the occasional escalation to superuser is the default. This is not just a difference in culture between the two user-groups, but rather what the OS design encourages.

They werent, I used Vista on my dev machine nearly since day one and the only time I had the UAC firing up was when I was starting Visual Studio or VMWare which is understandable as those programs needs extra privilege.
Even pre-SP1 the UAC wasn't firing up for normal activities, the issue with it was that you sometimes had more than one UAC approval screen for the same action.

Personally I'd consider needing to escalate privileges every time certain programs were run to be conditioning users to always allow, but that's just me. And out of curiosity, just why would simply running those programs require an escalation of privileges?