Top 12 Operating Systems Vulnerability Survey

markmcb writes "Have you ever wondered how vulnerable your computer is from the first bit you write to the hard drive all the way until you have a fully patched system? If so, Matthew Vea has posted a concise summary of security strengths and shortcomings for twelve of the major operating systems of 2006/2007. In his summary, Matt tests each OS with widely available tools like nmap and Nessus, and notes responses at install, pre-patch, and post-patch times for each system. After the tedious job is done, he produces results that will make both the Apple and Windows communities cringe with regards to security. From the article: 'As far as straight-out-of-box conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities ... The UNIX and Linux variants present a much more robust exterior to the outside. Even when the pre-configured server binaries are enabled, each [Linux] system generally maintained its integrity against remote attacks.'"

Nessus and Nmap

[demonbug]

It seems that this "analysis" is rather over-dependent on Nessus. The article even points out that the tools used couldn't actually see any vulnerabilities (at least for the most up do date versions of the OSes), rather those listed were based on the "database" of vulnerabilities from Nessus. Seems like it would have been equally useful just to look in the Nessus database in the first place.

Re:No OpenBSD?

[soloport]

Considering that server OSs were examined, why no OpenBSD? Too "obvious"?

Title says, "Top 12"? (Am guessing.)

Re:come on...

[cosmocain]

for sure it should be tested. and as you said: at least as shipped by now with SP2 pre-installed. that's what comparisons are for: take the available product and compare it to another available product. XP really HAS a bad security record, there's no point in arguing that, but this is no news, it's widely known.

Re:Macs Still Safe in Default State

[Anonymous Coward]

The guaranteed-to-be-overlooked key point: all the Mac vulnerabilities exist in services that are off by default.

On the other hand, so is the firewall. Thus if any of those services do get turned on (e.g. CUPS because you installed a printer which requires it -- and note that Apple patched a CUPS remote DoS vulnerability this very month), then you may have a problem. Although I agree that this particular overview was unfair, I also think that in a more "real world" scenario people will end up opening ports (tcp 3689 anyone?) to the world, so OS X isn't completely off the hook either.

Re:What about 10.4.9?

[drinkypoo]

I ran nessus 2.2.8 (on Ubuntu Feisty) with all included plugins active, against an up-to-date MacOSX 10.4.9 system which is sitting just to my right. The system has Windows Sharing, Remote Login, and FTP Access turned on. The closest it came to a vulnerability was with netbios-ns (137/udp) and it said "If you do not want to allow everyone to find the NetBios name of your computer, you should filter incoming traffic to this port." Hope this is something like what you wanted to know.

Re:Macs Still Safe in Default State

[Anonymous Coward]

Um...Yes. That's exactly what is being said. RTFA! or RRTFA. Machines have been infected in as little as 20 SECONDS!

Re:Macs Still Safe in Default State

[Mister Whirly]

XP SP2 comes with built-in firewall turned on by default, the XP CDs out now are slipstreamed XP2 version. So, to answer your (albeit facetious)question, the firewall is already enabled before you go online to get the rest of the patches. Not bulletproof but better than nothing.

Open port |service!= vulnerability

[Anonymous Coward]

Test "tests" run are plain silly. Open ports do not mean vulnerabilities. Open services do not mean vulnerabilities as long as the authorization functions of the services work. In other words: Using completely patched systems all of the systems had 0 vulnerabilities.

This was the most stupid and moot article in ages on /.

Re:Where's BeOS?

[Anonymous Coward]

Wikipedia knows. [wikipedia.org]

He should have tested the mouse as a security risk

[Locutus]

News out today is that Windows( including Vista ) has another security risk in the animated mouse code. That's right, another one. The previous one was in early 2005 and I guess their Trustworthy Computing people forgot to look at the rest of the animated mouse code cause they moved it right into Windows Vista.

I did see where McAfee said that Firefox on Windows blocked this so I'm only guessing that it's yet another Windows w/Internet Explorer flaw since one of the temp fixes is to turn off html rendering in MS Outlook and that's probably the MS IE code there too.

pretty sad when a mouse can open security holes so far into the system. Supposedly, MS Vista does somewhat contain this but I'm not sure if that is with a standard install.

So tell your friends to watch where their mouse has been.

http://www.microsoft.com/technet/security/advisory /935423.mspx [microsoft.com]

LoB

Re:Macs Still Safe in Default State

[Ingerod]

True, but as far as I can tell the only vulnerability even with the services specified switched on is the possibility to gather usernames by guessing them. See http://www.vnutz.com/content/exploit/Nessus_Apple_ OSX_Tiger_10.4.8_Vulnerabilities.html [vnutz.com]. Nessus ranks them as low at worst. Nothing to be too excited about.

Windows XP SP2 is a bit worse with one high risk allowing for remote code execution. All in all, not too bad compared to Win XP SP1. Both OSes are secure enough for desktop use. (As long as you don't use Outlook or IE...)