Forgot your password?
typodupeerror
Security Operating Systems Software OS X Windows Linux

Top 12 Operating Systems Vulnerability Survey 206

Posted by Zonk
from the just-in-case-you-were-feeling-secure dept.
markmcb writes "Have you ever wondered how vulnerable your computer is from the first bit you write to the hard drive all the way until you have a fully patched system? If so, Matthew Vea has posted a concise summary of security strengths and shortcomings for twelve of the major operating systems of 2006/2007. In his summary, Matt tests each OS with widely available tools like nmap and Nessus, and notes responses at install, pre-patch, and post-patch times for each system. After the tedious job is done, he produces results that will make both the Apple and Windows communities cringe with regards to security. From the article: 'As far as straight-out-of-box conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities ... The UNIX and Linux variants present a much more robust exterior to the outside. Even when the pre-configured server binaries are enabled, each [Linux] system generally maintained its integrity against remote attacks.'"
This discussion has been archived. No new comments can be posted.

Top 12 Operating Systems Vulnerability Survey

Comments Filter:
  • No OpenBSD? (Score:2, Interesting)

    by sunwukong (412560)
    Considering that server OSs were examined, why no OpenBSD? Too "obvious"?
    • Re:No OpenBSD? (Score:5, Informative)

      by soloport (312487) on Thursday March 29, 2007 @02:37PM (#18531871) Homepage
      Considering that server OSs were examined, why no OpenBSD? Too "obvious"?

      Title says, "Top 12"? (Am guessing.)
  • come on... (Score:3, Insightful)

    by cosmocain (1060326) on Thursday March 29, 2007 @02:22PM (#18531575)
    ... i'm no M$-fanboy at all, but testing a 2001-XP against a end-2006 fedora is not actually making any sense. install a 2001-red hat to compare and then tell me the numbers. i'm quite sure that there are no breaches as severe as the lsass or rpc/dcom stuff, but this comparison just doesn't make any sense...
    • Re:come on... (Score:5, Insightful)

      by drinkypoo (153816) <martin.espinoza@gmail.com> on Thursday March 29, 2007 @02:41PM (#18531943) Homepage Journal

      ... i'm no M$-fanboy at all, but testing a 2001-XP against a end-2006 fedora is not actually making any sense. install a 2001-red hat to compare and then tell me the numbers.

      My only complaint is that Windows XP should be tested as installed from SP2, since any XP CD distributed through authorized channels today has SP2 built in.

      But you have to realize that Windows XP is the most common version of Windows in use today, and so it is reasonable to test it today...

    • by dpilot (134227)
      Maybe, maybe not. What do you get today when you buy a Retail copy of XP? Is SP2 slipstreamed, at the very least?

      I recently reinstalled an XP machine for my sister-in-law, and when I was done with the recovery CD, I'm not sure if the system was at base, or at SP1. I had to install a pile of updates with numerous reboots, and THEN I was able to install SP2, plus then I went on to install yet more updates. Maybe I did it the hard way, maybe I'm a noob with Microsoft products, maybe it has something to do with
    • by pembo13 (770295)
      It's not the testers fault that there's no Windows 2006.
    • by melonman (608440)

      Also,

      The UNIX and Linux variants present a much more robust exterior to the outside

      might be true until you install most PHP apps in non-CGI mode, whereupon in most cases you've set up a race condition as to who runs admin.php first, and that's if your end user remembers to turn off execution permissions after running the script, and, if (s)he doesn't, your entire machine is compromised because every single PHP app is running under the same users...

    • So... Red Hat is to blame for a more secure system just because they put out more than a couple of updates a decade?
  • Concise? (Score:4, Insightful)

    by jonknee (522188) * on Thursday March 29, 2007 @02:30PM (#18531743) Homepage

    Matthew Vea has posted a concise summary of security strengths and shortcomings for twelve of the major operating systems of 2006/2007.


    Concise? Forgive me, but I was expecting a table or something that makes it easy to see the results. Instead it's 20 printed pages. I'd hate to see the expanded version!
    • Re:Concise? (Score:4, Insightful)

      by solevita (967690) on Thursday March 29, 2007 @02:41PM (#18531957)
      Who reads printed pages anyway? Just scroll down and read the relevant test results for every OS. No need to read all the blurb about when XP was first released or in what university BSD first came about; just scroll down and read every bit that starts "Nmap". You'll get through it very quickly.

      It was much nicer than most stories that make it to the front page; I didn't have to keep clicking the next page button every 50 words. It was good stuff, there were no ads (although I do run adblock) and a great deal of easy to read information.

      Let's just hope that /. provides us with more of these.
      • by jonknee (522188) *
        I just used printed pages to measure the length, I didn't actually print it out. By your logic everything is concise, just skip to the end.
  • Okay, We all know that 2001 version of XP, totally unpatched is vulnerable. Duh

    I update all my WinXP installs OFFLINE, making sure that they are FULLY patched and running the latest AV before putting them on the wire. The issue is that Microsoft doesn't make it easy to do this, and I have to use third party products to properly secure their systems before they go online. (90+ Patches from SP2?????)

    To me, that is the greatest of all faults.
    • The reason it is not a stupid comparison is that Microsoft doesn't make it easy to do, so most people do it online. Granted, most of us do it from behind a firewall, but a compromised machine on your network listening to DHCP requests and responses might very well hack your ass in moments.
      • Re: (Score:2, Insightful)

        Parent makes an important point. I think the MS automatic updates are a great help to Joe Average User, but if they wanted to do things right, MS would lock down almost all networking other than HTTP connections to update.microsoft.com until the fresh install was fully patched.

  • by MonGuSE (798397) on Thursday March 29, 2007 @02:30PM (#18531755)
    Since when does throwing up 12 boxes and running a quick nessus scan over them count as a security survey?
    • THAT is what I was thinking.

      "I ran Nessus and then nmap, and this is what it said." Ooo, let me bow to your geekdom. And then he picks a raw version of XP...that's so unfair there aren't even words...Seriously, most of those flaws were fixed years ago, and you can't even buy XP like that anymore.

    • If Windows had come out as the worst.

      Since it did not, we here at /. must do our best to totally discredit the survey.
    • This does not make it good - Nessus is hardly the top-of-the-line in security scanners, for a start - but the alternative methods being used are no better. The counting method (add up all of the announcements made) tends to lead to Linux getting the same flaw counted once per distribution, not once per package, resulting in gross overcounting. The Open Source community is also generally better at announcing flaws, whereas commercial vendors won't necessarily report a flaw if it gets covered by a patch or up
    • by Bert64 (520050)
      Some of those nessus issues identified are false positives... Like the rpc.cmsd hole on solaris etc, this is a really old vulnerability that existed in solaris versions 7 and earlier.
      Also, they missed the recent solaris telnet vulnerability (telnet -l -froot host).
      Finally, they say that OSX was insecure out of the box, even tho it had no services turned on by default and they had to explicitely enable them.
  • by adavies42 (746183) on Thursday March 29, 2007 @02:30PM (#18531757)
    The guaranteed-to-be-overlooked key point: all the Mac vulnerabilities exist in services that are off by default. Yes, it's annoying that Apple isn't faster at patching them (and other known local holes), but it still beats the hell out of XP's default state on first boot.
    • Yea, but what's the very first thing you do after the first boot? Right, get latest updates. So 1hr after first boot Mac is not beating the hell out of XP.
      • Re: (Score:3, Insightful)

        by dpilot (134227)
        But unless you're already behind a firewall of some sort, 1 hour is more than long enough to be compromised, BEFORE the updates are done.
        • unless you're already behind a firewall of some sort

          Exactly, and how are you going to get that firewall installed on XP SP2 before you are able...to...uh, never mind.

          • Re: (Score:2, Funny)

            by crayiii (679161)
            come on, you're saying that in 1 friggen hour, while I'm downloading SP2 on a new XP box that I'm going to be "infected?" Sounds a little far fetched to me...
            • Re: (Score:3, Informative)

              by Anonymous Coward
              Um...Yes. That's exactly what is being said. RTFA! or RRTFA. Machines have been infected in as little as 20 SECONDS!
          • Re: (Score:3, Informative)

            by Mister Whirly (964219)
            XP SP2 comes with built-in firewall turned on by default, the XP CDs out now are slipstreamed XP2 version. So, to answer your (albeit facetious)question, the firewall is already enabled before you go online to get the rest of the patches. Not bulletproof but better than nothing.
          • Run your Windows in a virtual environment, behind a firewall in the virtual server. Then use the updated OS image as your canonical installation image.

            This would work better if it were easier to register the license keys remotely, but it's workable.
    • by Cheefachi (970662) on Thursday March 29, 2007 @03:12PM (#18532603)
      I think what the parent poster was saying was that by default OS X has many services that can be compromised turned off and they remain turned off no matter how many times you perform an update or reboot. The article mentioned that all these services were manually turned on to perform the test so out of the box OS X is so secure they didn't even bother to test it out of the box.
      • by vux984 (928602) on Thursday March 29, 2007 @03:20PM (#18532755)
        The article mentioned that all these services were manually turned on to perform the test so out of the box OS X is so secure they didn't even bother to test it out of the box.

        But then they conclude OSX is rife with vulnerabilty during the patching process, which is pretty misleading if you ask me.
        • by NateTech (50881)
          Yeah, his testing was rife with this kind of inconsistency. If you're looking to see if things are hackable during the install, you can't pick and choose the services you turn on after the install and then run your scans.

          Definitely biased. Loved that FreeBSD had nothing at all turned on... and got perfect goo-goo-gah-gah wonderful text.

          Whatever. He's a tard. Moving right along...
    • Re: (Score:2, Informative)

      by Ingerod (82705)

      True, but as far as I can tell the only vulnerability even with the services specified switched on is the possibility to gather usernames by guessing them. See http://www.vnutz.com/content/exploit/Nessus_Apple_ OSX_Tiger_10.4.8_Vulnerabilities.html [vnutz.com]. Nessus ranks them as low at worst. Nothing to be too excited about.

      Windows XP SP2 is a bit worse with one high risk allowing for remote code execution. All in all, not too bad compared to Win XP SP1. Both OSes are secure enough for desktop use. (As long as you

  • Nessus and Nmap (Score:5, Informative)

    by demonbug (309515) on Thursday March 29, 2007 @02:31PM (#18531775) Journal
    It seems that this "analysis" is rather over-dependent on Nessus. The article even points out that the tools used couldn't actually see any vulnerabilities (at least for the most up do date versions of the OSes), rather those listed were based on the "database" of vulnerabilities from Nessus. Seems like it would have been equally useful just to look in the Nessus database in the first place.
    • by jimicus (737525)
      The only realistic alternative (if you want to do such a scan without spending thousands on commercial software) is to start testing for vulnerabilities by hand.

      Granted, this can, in the right hands, be a means of finding new vulnerabilities. But it's a hell of a lot more work and if you're only interested in known problems - why bother when someone else has already scripted the lot?

      IMO, a well-maintained server's weakest link these days is stuff like weak passwords (for anything which requires user authen
  • by Dusty (10872) on Thursday March 29, 2007 @02:33PM (#18531811) Homepage

    What no OpenVMS [hp.com] analysis?

  • As far as straight-out-of-box conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities ... The UNIX and Linux variants present a much more robust exterior to the outside.

    Hmm... MacOS X bad... UNIX good.

    Presumably this contradiction is resolved by noting that on MacOS X, the vulnerable services are off by default, so MacOS X is in fact ripe with vulnerabilities out of the box, yet still presenting a robust exterior?

  • Nice Cherrypicking (Score:5, Insightful)

    by AKAImBatman (238306) * <akaimbatman@gUUU ... inus threevowels> on Thursday March 29, 2007 @02:34PM (#18531831) Homepage Journal

    As far as straight-out-of-box conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities ... The UNIX and Linux variants present a much more robust exterior to the outside.

    The article also says:

    By default, Apple OS X does not have its built-in servers enabled. For testing the standard binaries, [available services] were all enabled through the Preferences tool. After enabling the services, Nmap identified the freshly opened ports and Nessus found only a user enumeration vulnerability in the HTTP server.

    Out of the box, OS X is highly secure. You make the active decision to risk remote exploits when you enable these services.

    For OS X Server, they had this to say for it, "Out of the box":

    During installation, Nmap fingerprinted the setup TCP/IP stack as OS X 10.3 or 10.4 and identified an open SSH port. Nessus did not identify any external vulnerabilities.

    The lesson to be learned here is that an open connection is a potentially exploitable one. So don't open connections unless you're sure you want to do so. The second part of that lesson is if you're going to enable a remote port, make sure your security patches are up to date. "Out of the box" software is only secure for a short period of time.
    • by SCHecklerX (229973) <thecaptain@captaincodo.net> on Thursday March 29, 2007 @02:46PM (#18532055) Homepage

      The lesson to be learned here is that an open connection is a potentially exploitable one. So don't open connections unless you're sure you want to do so. The second part of that lesson is if you're going to enable a remote port, make sure your security patches are up to date. "Out of the box" software is only secure for a short period of time.


      Which is one reason it's so hard to secure a windows system. Who knows what half of those listening services actually do and what depends on them.

      Also, you missed the third part, which is to configure the services you do need conservatively (ie, configure apache to not allow methods you do not use for your site, disable anonymouse FTP, or if needed lock its permissions and probably chroot it, etc).

      Security isn't *too* hard if you have admins that actually listen to their lead security guy:

      1. Run only the services that you need
      2. Configure those services securely
      3. Keep those services patched


      Yes, there is a lot more to security, and how services are used factors into your response in how to mitigate any known problems, but the sysadmin security stuff boils down to the above list.
      • Re: (Score:2, Insightful)

        by stratjakt (596332)
        Who knows what half of those listening services actually do and what depends on them.

        I do, lots of people do.

        Which one do you have a question about?

        It's not that hard to learn Windows.
      • Re: (Score:3, Insightful)

        by Mister Whirly (964219)
        "Who knows what half of those listening services actually do and what depends on them."

        People that are serious about security and don't want their boxes compromised.... For instance, me.
        An OS service is an OS service - figuring out *nix services is no easier or harder than figuring out Windows services.
    • Reading this strange blurb, I couldn't figure out how they'd arrive at the conclusion that OS X had more remotely exploitable vulnerabilities active before patching than say Linux or other UNIX variants, since it doesn't even expose any services to the outside by default!

      Reading this, though, where they say they just "enabled all the services" shows that the methodology in this analysis is pretty bad. Did they also enable SMB and AFP file sharing services on the other systems? Enable Apache/IIS?
    • Re: (Score:2, Insightful)

      by fazookus (770354) *
      "Although OS X features a robust implementation of IPFW (Internet Protocol FireWall), it was not enabled."

      So they take a secure machine and start services to make it less secure, but they can't be bothered to turn on the firewall?

      Odd...
      • by mhall119 (1035984)
        They disabled the firewall on Windows XP SP2 and Vista Ultimate, and opened up ports on the Fedora and Suse firewalls for the services they were testing, the point was to test the binaries as well, not just the firewall. So stop acting like they treated OS X unfairly.
    • If they'd installed Solaris correctly, they'd have had the same out-of-box results - The Solaris 10 installer asks if you want to enable all of the services that were enabled by default on previous Solaris versions, or if you'd like to lock the box down and only have SSH enabled.

      Relying on Nessus alone isn't much use anyway - basically all it does is compare banner output to what's in it's database. If you apply a patch that doesn't update the banner (say a patch backported to a previous version), Nessus w
      • If they'd installed Solaris correctly, they'd have had the same out-of-box results

        Well, it's not their fault the Solaris installer works correctly. Maybe if it had a defective one like Fedora...

        (From TFA, describing the Fedora testing):

        Despite the previous configuration prompts, the chosen servers [FTP, Mail, NFS, SSH, Samba, HTTPS, telnet and HTTP] were still not enabled.

        Fedora's so security-conscious, it won't start services that might get compromised! Next release, they may improve security by simply not shipping any network drivers... ;)

        Did anyone else find it odd that they went out of their way to load the entire Solaris distribution, but cherry-picked the Fedora options they loaded? No, I guess I'm not either...

  • I can run Nessus too!
  • by david.emery (127135) on Thursday March 29, 2007 @02:37PM (#18531861)
    Note that on both MacOS X and MacOS X Server, there was a clean installation, followed by specific USER ACTIONS to ENABLE services. Thus it should not be a surprise if you turn on the Web service, for example, you now respond on port 80.

    Now once you enable a service, it's legitimate to then analyze the exposed service for vulnerabilities, and I found that information interesting.

    But it should have been clearly established that the vulnerabilities noted in Mac OS X are for services that the user specifically enabled. The general description does not call this out, and I think that the conclusions are flawed because of this.

              dave
    • by drinkypoo (153816)

      But it should have been clearly established that the vulnerabilities noted in Mac OS X are for services that the user specifically enabled. The general description does not call this out, and I think that the conclusions are flawed because of this.

      The FA is quite explicit in telling you that they enabled various services.

      Are you complaining about the summary?

      • by pammon (831694)
        No, he's complaining about the article's conclusions. For example:

        As far as "straight-out-of-box" conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities.

        To most people, "straight out of box" means "without screwing around with things." That is not the sense in which they are using it. In fact, they plainly state about OS X that "the issues were not remotely accessible" earlier in the article.

        And to most people, "straight out of the box" doesn't mean "a box you bought a year ago." There was no excuse for testing a pre-10.4.8 version of Mac OS X Server, but no equally old versions of L

    • by samkass (174571) on Thursday March 29, 2007 @03:21PM (#18532779) Homepage Journal
      I think their analysis is fundamentally flawed once they put MacOS X and UNIX into separate buckets. Almost everything they tested on MacOS X is based on the UNIX underpinnings of MacOS X, and at that level MacOS X *is* UNIX (with 10.5, they even went through the trouble of getting it certified as such). It's not like they were testing Cocoa or the GUI.

      Any remote network vulnerability that treats MacOS X as anything other than another UNIX distro has built-in bias.
    • by Mr.Ned (79679)
      "But it should have been clearly established that the vulnerabilities noted in Mac OS X are for services that the user specifically enabled. The general description does not call this out, and I think that the conclusions are flawed because of this."

      They applied the same standard and procedure to FreeBSD. Nessus revealed *zero* vulnerabilities. It's all great and fine to disable services by default, but what happens when you want to use those services?
    • p.s. Consistent with the "in 2006" methodology, all available patches at the time of the experiment were applied, resulting in MacOS X.4.8. Since then Apple has released X.4.9.

      It would be an interesting follow-up to see if these vulnerabilities are fixed. This would establish that

      (a) if you're up-to-date for OS X, you are or are not still at risk, and

      (b) Apple is slower than the Linux alternatives in patching known vulnerabilities (but does fix them)

      Since many of the tested services are built on Open Sou
    • by mhall119 (1035984)
      I believe every system tested, except Windows XP and Vista, included specific user actions to enable services. OS X was not treated unfairly and I don't see how the conclusions are flawed because of this.

      Note that the article didn't call services listening on their appropriate port a vulnerability.
  • When it comes to prepatched or out-of-the-box configurations, be very careful jumping to conclusions.

    An OS that was shipped in 2006 SHOULD have far fewer out-of-the-box holes than one that was shipped 6 years ago *coughXPcough*.

    The "interesting" releases are the releases most likely to be installed by someone doing a fresh install today.

    This usually means what he buys at the store, downloads as an ISO, or installs from the network plus any patches he can easily download, put on a CD or USB stick, and instal
  • From TFA:

    In order to identify any Vista services present, it was necessary to disable the default firewall after booting into the system for the first time. After disabling Vista's firewall, Nmap was able to identify three open ports for Windows networking and correctly fingerprinted the system Windows Vista.

    Sorry, but what's the point in doing this? Out of the box, vista comes with no open ports. Deal!

    It's just like saying "your-favorite-distro was not detected until telnetd was installed and root password was set to 'password'". Stupid.

    And yes, I am a Vista user.

    • by evought (709897) <evought.pobox@com> on Thursday March 29, 2007 @03:08PM (#18532519) Homepage Journal
      Agreed. The premise of the article all around was rather foolish. They deliberately and rather randomly made adjustments to lower security but none to raise them, including turning on some legacy services on some platforms that have not been used since people threw sharpened sticks at each other and their only test was the vulnerability database of one product. Obviously Vista wouldn't show up because it is rather new and no exploits have had time to develop, and obviously the UNIX variants would come up with mostly the same results because they share source code.

      Disabling the firewall on Vista was rather foolish and not enabling it on OS X, while making other changes equally so. That being said, Apple is still nuts for not enabling the firewall by default (technically it is enabled and running, but its configuration is empty).
      • by toadlife (301863)

        That being said, Apple is still nuts for not enabling the firewall by default (technically it is enabled and running, but its configuration is empty).
        It is my understanding that OSX comes with no daemons listening by default. If this is the case, the firewall being enabled by default only adds to the attackable surface area of the OS.

        Also, (I'm just being curious here) can you define "empty configuration"? Is ipfw in OSX set up to "default to allow" by default?o

        • by evought (709897)

          Also, (I'm just being curious here) can you define "empty configuration"? Is ipfw in OSX set up to "default to allow" by default?o

          Yep. This is what 10.4.x has it set to when the firewall is 'off':

          00010 divert 8668 ip from any to any via en0
          65535 allow ip from any to any
          • by toadlife (301863)
            Thanks. Though your answer and the AC's answer above contradict each other I get the feeling that yours is correct.

            From the first rule, I assume that OSX also uses natd and has it on but doing nothing by default too?

            It seems weird to me to have both the ipfw and natd on by default...and doing nothing. In FreeBSD, I can load them up and shut them down on the fly after boot-up. Can you not do this in OSX?

            Forgive my stupid questions. I really need to get a hold of one of the G5s we have here and work and play
            • by evought (709897)

              Thanks. Though your answer and the AC's answer above contradict each other I get the feeling that yours is correct. From the first rule, I assume that OSX also uses natd and has it on but doing nothing by default too? It seems weird to me to have both the ipfw and natd on by default...and doing nothing. In FreeBSD, I can load them up and shut them down on the fly after boot-up. Can you not do this in OSX? Forgive my stupid questions. I really need to get a hold of one of the G5s we have here and work and play with it.

              natd is running on this system, but I also have Internet Sharing enabled. I don't know if turning it off actually disables natd or just adjusts the settings (have to try it some time). I do know that if I enable the firewall, Internet Sharing stops functioning, so the firewall rules are not modified by the presence of Internet Sharing. I am working on a custom ipfw config to correct this. To me, this is a big Apple screwup, since their is no mention anywhere in the settings that the firewall does not or s

  • by Onan (25162) on Thursday March 29, 2007 @02:45PM (#18532023)
    I'll admit that I've only looked through the macosx vulnerability section in any detail, but I'm certainly not experiencing anything like the cringing promised by the writeup.

    The upshot seemed to be that even when the examiner intentionally turned on every service and did not enable the firewall, the only vulnerabilities found were two timing-based user-enumeration attacks.

    That's... that's the big shocking secret? That if I go out of my way to ask my system to be considerably less secure than its default configuration, Mallory out there can find out the names of accounts on my system? Quick, somebody get me some smelling salts!

  • Cringe? (Score:5, Insightful)

    by CODiNE (27417) on Thursday March 29, 2007 @02:48PM (#18532079) Homepage
    Hardly.

    By default, Apple OS X does not have its built-in servers enabled. For testing the standard binaries, Personal File Sharing, Windows Sharing, Personal Web Server, Remote Login, FTP Access, Apple Remote Desktop, Remote Apple Events and Printer Sharing were all enabled through the Preferences tool. Although OS X features a robust implementation of IPFW (Internet Protocol FireWall), it was not enabled.53 After enabling the services, Nmap identified the freshly opened ports and Nessus found only a user enumeration vulnerability in the HTTP server.


    Then somehow this :

    As far as straight-out-of-box conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities

    The immediately following sentence :

    Even before enabling the servers, Windows based machines contain numerous exploitable holes allowing attackers to not only access the system but also execute arbitrary code. Both OS X and Windows were susceptible to additional vulnerabilities after enabling the built-in services.


    So how does "straight-out-of-box vulnerable" and "after enabling built-in services" make any sense?
    Sure there's pre-patch vulnerabilities for all 2 year old OS' out there... hardly makes me cringe however.
    • by _Sharp'r_ (649297)
      One thing to note is that they followed this same install-then-turn-on-common-services approach with all the OSes.

      For example, the result after they did that on FreeBSD 6.2 was "None of the service binaries exhibited any vulnerabilities to remote exploits."

      So while its not a valid part of a "default-install-only" test, it is an interesting benchmark of what if you then run some common services.

      In general, however, you're right, there are methodology changes they could have made to make the testing much more
  • The reality today is most home and small business non-dialup users have a NAT firewall. Most larger businesses have a regular firewall.

    Either way, if you configure it to block incoming connections to the new machine and the rest of your network is uninfected and well-protected, you can almost always download patches safely.

    Some OSes even come with inbound ports turned off by default using the built-in firewall.

    If this is you, then "remotely exploitable vulnerability on an unpatched system" is pretty meanin
    • by raddan (519638)
      All "hardware" firewalls run software. Most of them run some variant of BSD or Linux. E.g., of the two "hardware" firewalls we bought at work ("enterprise-grade"), both were actually modified versions of FreeBSD.

      You can skip the hardware firewall if you use a better OS.
      • by thewils (463314)
        When someone ships a hardware firewall solution based on Windows, I'll start to feel comfortable running it as an OS. I'm not holding my breath though. Until that time, I feel more comfortable running my Fedora Core 6 at home.
      • "Hardware" firewall means the firewall is a different piece of hardware than the one it is trying to protect.

        So-called 'software' firewalls that run on the same machine they are protecting are crap.

        A properly configured bsd or linux box doesnt need a seperate firewall.

        No comptetent person with any clue whatsoever would ever consider putting a Windows box on the net without a seperate ("hardware") firewall protecting it, assuming they have any reason to run a Windows box to begin with. (Eg their boss/spouse/
  • I would like to see something different: a breakdown of proactive security measures taken by OS (or available in the OS) as a way of mitigating security issues. Security problems will pop up no matter what (whether in the OS or third-party software), and I'd like to see what OS do to prevent or reduce the impact of exploitation.

    For example, WinXP SP2 introduced stack randomization and various other enhancements. Solaris has an option to mark parts of the stack non-executable. Third-party extensions like grs
  • I love how people tend to think Computers are simple machines, like a potato peeler or something. They're complex machines, and there's people who do not take that into account. The minute you do anything with a computer (even after it's "secured") you run the risk of lowering your security.

    I bet if I went and bought a nice new shiny sports car, and drove 200 mph into a brick wall, I would die. Geez! How insecure is that? I mean after all I have to engage the seatbelt? It wasn't engaged when I bought
  • by argent (18001) <peter AT slashdo ... taronga DOT com> on Thursday March 29, 2007 @04:33PM (#18534163) Homepage Journal
    To determine the security of the systems out of the box, he changed almost every system from the out-of-the-box configuration.

    He also included classic Mac OS in the test, even though this isn't even installed out of the box on any Mac, and won't run on any Mac shipped in at least three years. Why didn't he include Windows 98 and NT4 in his collection as well?

    While there are an enormous variety of operating systems to choose from, only four "core" lineages exist in the mainstream - Windows, OS X, Linux and UNIX.

    There's six mainstream lineages left, and they're NT5, 4BSD, Linux, System V, VMS, and whatever IBM's calling their systems architecture this week.
    • [other agreeable/worthwhile comments skipped]

      There's six mainstream lineages left, and they're NT5, 4BSD, Linux, System V, VMS, and whatever IBM's calling their systems architecture this week.

      IBM kinda has two, right? You probably mean z/OS [wikipedia.org] IBM's mainframe OS successor to MVS, but there's also i5/OS aka OS/400 [wikipedia.org] which has a unique and interesting (imho) object-oriented system architecture. Last I checked IBM sold $1 billion of the latter every year (OS+hardware). Oh, and there's VM/CMS [wikipedia.org] which is what all th
  • Vista? (Score:3, Interesting)

    by MSFanBoi2 (930319) on Thursday March 29, 2007 @04:56PM (#18534631)
    Ok so let me get this correct, in order for his scanners to even detect Vista on the network he had to totally disable the built in firewall.

    The list of open ports was THREE.

    No vulnerablities were detected even with the firewall totally OFF.

    Seems like (for now) Vista wins this one.
    • by mhall119 (1035984)

      Ok so let me get this correct, in order for his scanners to even detect Vista on the network he had to totally disable the built in firewall.

      The list of open ports was THREE.

      No vulnerablities were detected even with the firewall totally OFF.

      Seems like (for now) Vista wins this one.

      Vista wins?
      How exactly did Vista do better than the desktop setup of OSX, Fedora, Suse or Ubuntu? Heck, even FreeBSD with all it's 12+ services running and no firewall had no vulnerabilities. If you consider being as good as eve

  • News out today is that Windows( including Vista ) has another security risk in the animated mouse code. That's right, another one. The previous one was in early 2005 and I guess their Trustworthy Computing people forgot to look at the rest of the animated mouse code cause they moved it right into Windows Vista.

    I did see where McAfee said that Firefox on Windows blocked this so I'm only guessing that it's yet another Windows w/Internet Explorer flaw since one of the temp fixes is to turn off html rendering i
  • by ckd (72611) on Friday March 30, 2007 @12:22AM (#18539435) Homepage
    Nessus "found" that the Mac OS 9.2.2 box had a vulnerability [nessus.org] that would allow an attacker to crash, or run code in, the Oracle 9i application server?

    Since Oracle 9i doesn't even run on Mac OS 9.2.2, I don't think this is likely to be a big concern.
  • So, they had to explicitly enable all of ftp, samba, afp etc for OS X to get something to show, yet didn't even notice MDNS/Rendzejour (port 5353) open out of the box? Mongs.

A freelance is one who gets paid by the word -- per piece or perhaps. -- Robert Benchley

Working...