Study Recommends Mac OS X as Safest OS 370
rocketjam writes "The British security firm mi2g has concluded a comprehensive 12-month study to identify the safest 24/7 computing environment. In the end, the open source BSD and Mac OS X came out on top with the fewest security breaches against permanently connected machines worldwide in homes, small businesses, large enterprises and governments. The study found Linux to be the most breached environment 'in terms of manual hacker attacks overall and accounts for 65.64% of all breaches recorded'. Windows was the most breached environment in government computing and led Linux, BSD and Mac OS X by far in economic damage caused by breaches." We mentioned their previous study too. As before, the study ignores the thousands of automatically-spreading viruses for Windows.
Isn't it the least used? (Score:1, Interesting)
Am I wrong to think this?
Previous Slashdot article contradicts this one? (Score:1, Interesting)
Re:Isn't it the least used? (Score:3, Interesting)
Re:less users = less exploits (Score:3, Interesting)
You don't know the lineage of Apple II OSes, do you?
ProDOS is the Apple II port of SOS (essentially - a disk can actually have an SOS.SYSTEM and a PRODOS.SYSTEM, along with A2 AND A3 versions of programs). GS/OS is the 65816 port of ProDOS, with a GUI added.
Breaches Recorded (Score:5, Interesting)
I recently had some puke engage in comment spamming my website. Traceback revealed he was using a Windows XP machine infected with the Subseven trojan. I'd be willing to bet that breach was not recorded.
"safest", not "most secure" (Score:3, Interesting)
They didn't say it was "most secure", they said it was "safest". That adjective takes security-through-obscurity into account.
It's kind of analogous to buying a home in a rural town vs. a downtown metropolitan area -- your neighbors leave their house unlocked all day, but since there's only about zero-point-two reported burglaries in a ten-mile radius every year, who really cares?
Both ways (Score:3, Interesting)
I'm not arguing that a hacking attempt is as bad as a worm. The article does state that the economic impact of worms is much greater. However, worms are written because of known vulnerabilities in systems, which is the same reason for manual security intrusions.
Sources? (Score:4, Interesting)
Security by obscurity? (Score:3, Interesting)
Not only safe but fun! (Score:4, Interesting)
Not that this matters. But it's also good to know its safe. But how many people actually direct connect to the internet? Doesn't it make sense to have some sort of cheap firewall/router box to protect you?
Re:Before people go nuts... (Score:4, Interesting)
The response to the 'popularity' point for Linux vs Windows is that the popularity of Windows does not come close to explaining the statistical difference... Counterexamples include considering that Linux is a fer more popular internet server than Windows is, but still gets fewer total exploits in that field.
For Linux Vs Mac, It's harder to say that the difference is or isn't due to the market share, and the authors are simply acknowledging that. Perhaps, in time, someone will do a study to attempt to distinguish that difference (and we can then bash and/or praise that to our hearts' content)
Re:Logical fallacy (Score:1, Interesting)
IIS v6 has had no security vulnerabilities since it's release over 1.5 years ago that affect the default installation (there has been one exploit found and patched in WebDAV, an optional component). IIS v6 was completely rewritten from the ground up to be secure; and it seems that undertaking paid off.
Apache has had dozens in that time.
For older versions, they're pretty close.
The argument you could have made would regard the exploitation of systems running IIS "accidentally" or in non-server situations. It is systems like these that were most exploited by Code Red, as they were not patched or properly firewalled.
My conclusion, too (Score:5, Interesting)
My own anecdotal experience would be roughly the same (sans OS X experience). I have known someone whose Linux box was rooted, but it, too, was a manual attack. Windows goes without saying. OpenBSD goes without saying, too (oppositely, of course).
Linux is a very good general purpose OS, but it's development is volatile enough that it requires a conservative approach with respect to security. I would use an older more mature kernel along with manually paring down the rc directories and inetd.conf, among other things. OpenBSD, on the other hand, is stripped out of the box, and the user must add services. I generally feel that Solaris ranks more with Linux, in that a manual hardening effort really is necessary. Never would I put Windows on the Internet--it would be like swimming in the ocean with steaks tied to my legs.
Vague (Score:2, Interesting)
The commercial "BSD" is not open source.
If they mean an 'open source' BSD, which one are they recommending? NetBSD, OpenBSD, FreeBSD?
Re:Before people go nuts... (Score:5, Interesting)
The sad thing is that they apparently went through a lot of effort to collect data, but at least as they've presented it the data makes it impossible for anyone to draw any conclusions. The whole thing was wasted effort unless they've got some more data they didn't bother putting into the study, that can show successful attacks as they relate to attempted attacks against each platform, or at least related to how many of each platform are actually installed and meet their criteria.