Top 12 Operating Systems Vulnerability Survey 206
markmcb writes "Have you ever wondered how vulnerable your computer is from the first bit you write to the hard drive all the way until you have a fully patched system? If so, Matthew Vea has posted a concise summary of security strengths and shortcomings for twelve of the major operating systems of 2006/2007. In his summary, Matt tests each OS with widely available tools like nmap and Nessus, and notes responses at install, pre-patch, and post-patch times for each system. After the tedious job is done, he produces results that will make both the Apple and Windows communities cringe with regards to security. From the article: 'As far as straight-out-of-box conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities ... The UNIX and Linux variants present a much more robust exterior to the outside. Even when the pre-configured server binaries are enabled, each [Linux] system generally maintained its integrity against remote attacks.'"
Nessus and Nmap (Score:5, Informative)
Re:No OpenBSD? (Score:5, Informative)
Title says, "Top 12"? (Am guessing.)
Re:come on... (Score:1, Informative)
Re:Macs Still Safe in Default State (Score:1, Informative)
On the other hand, so is the firewall. Thus if any of those services do get turned on (e.g. CUPS because you installed a printer which requires it -- and note that Apple patched a CUPS remote DoS vulnerability this very month), then you may have a problem. Although I agree that this particular overview was unfair, I also think that in a more "real world" scenario people will end up opening ports (tcp 3689 anyone?) to the world, so OS X isn't completely off the hook either.
Re:What about 10.4.9? (Score:4, Informative)
I ran nessus 2.2.8 (on Ubuntu Feisty) with all included plugins active, against an up-to-date MacOSX 10.4.9 system which is sitting just to my right. The system has Windows Sharing, Remote Login, and FTP Access turned on. The closest it came to a vulnerability was with netbios-ns (137/udp) and it said "If you do not want to allow everyone to find the NetBios name of your computer, you should filter incoming traffic to this port." Hope this is something like what you wanted to know.
Re:Macs Still Safe in Default State (Score:3, Informative)
Re:Macs Still Safe in Default State (Score:3, Informative)
Open port |service!= vulnerability (Score:2, Informative)
This was the most stupid and moot article in ages on
Re:Where's BeOS? (Score:1, Informative)
He should have tested the mouse as a security risk (Score:2, Informative)
I did see where McAfee said that Firefox on Windows blocked this so I'm only guessing that it's yet another Windows w/Internet Explorer flaw since one of the temp fixes is to turn off html rendering in MS Outlook and that's probably the MS IE code there too.
pretty sad when a mouse can open security holes so far into the system. Supposedly, MS Vista does somewhat contain this but I'm not sure if that is with a standard install.
So tell your friends to watch where their mouse has been.
http://www.microsoft.com/technet/security/advisor
LoB
Re:Macs Still Safe in Default State (Score:2, Informative)
True, but as far as I can tell the only vulnerability even with the services specified switched on is the possibility to gather usernames by guessing them. See http://www.vnutz.com/content/exploit/Nessus_Apple_ OSX_Tiger_10.4.8_Vulnerabilities.html [vnutz.com]. Nessus ranks them as low at worst. Nothing to be too excited about.
Windows XP SP2 is a bit worse with one high risk allowing for remote code execution. All in all, not too bad compared to Win XP SP1. Both OSes are secure enough for desktop use. (As long as you don't use Outlook or IE...)