Top 12 Operating Systems Vulnerability Survey 206
markmcb writes "Have you ever wondered how vulnerable your computer is from the first bit you write to the hard drive all the way until you have a fully patched system? If so, Matthew Vea has posted a concise summary of security strengths and shortcomings for twelve of the major operating systems of 2006/2007. In his summary, Matt tests each OS with widely available tools like nmap and Nessus, and notes responses at install, pre-patch, and post-patch times for each system. After the tedious job is done, he produces results that will make both the Apple and Windows communities cringe with regards to security. From the article: 'As far as straight-out-of-box conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities ... The UNIX and Linux variants present a much more robust exterior to the outside. Even when the pre-configured server binaries are enabled, each [Linux] system generally maintained its integrity against remote attacks.'"
No OpenBSD? (Score:2, Interesting)
This is a survey of security? (Score:5, Interesting)
Wait, why am I cringing? (Score:4, Interesting)
The upshot seemed to be that even when the examiner intentionally turned on every service and did not enable the firewall, the only vulnerabilities found were two timing-based user-enumeration attacks.
That's... that's the big shocking secret? That if I go out of my way to ask my system to be considerably less secure than its default configuration, Mallory out there can find out the names of accounts on my system? Quick, somebody get me some smelling salts!
We need a comparison of pro-active security (Score:2, Interesting)
For example, WinXP SP2 introduced stack randomization and various other enhancements. Solaris has an option to mark parts of the stack non-executable. Third-party extensions like grsec and Bastille allow Linux to be hardened in a way which prevents race conditions, buffer overflows and more. This is a very much simplified list -- but that's exactly why I'd like to see a better breakdown.
Re:MS makes installing SPs offline easy (Score:1, Interesting)
This can be minimized by using a combination of nLite [nliteos.com] and RyanVM's update pack [ryanvm.net] to build your install ISO. Again, these are both third party, non M$ approved apps.
Vista? (Score:3, Interesting)
The list of open ports was THREE.
No vulnerablities were detected even with the firewall totally OFF.
Seems like (for now) Vista wins this one.
Re:Calm your self... (Score:2, Interesting)