LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 01-20-2008, 05:17 PM   #1
weblog
LQ Newbie
 
Registered: Jan 2008
Posts: 2

Rep: Reputation: 0
Which's More Secure: Vista, Linux, Mac, *BSD & Solaris


hi....

I wanna know your opinion about this matter, which's more secure between Vista, Linux, Mac, *BSD and Solaris?

Anyway, not a little bit of peoples said that Vista more secure than Mac OS, and Linux.

Please give your reason on some aspects (include the default install of each OS).

Last edited by weblog; 01-20-2008 at 05:19 PM. Reason: wrong tags :)
 
Old 01-20-2008, 05:41 PM   #2
PatrickNew
Senior Member
 
Registered: Jan 2006
Location: Charleston, SC, USA
Distribution: Debian, Gentoo, Ubuntu, RHEL
Posts: 1,148
Blog Entries: 1

Rep: Reputation: 48
I think there's a large divide between 'is' and 'could be'. That is, the best Vista setup is better than the worst Linux setup, but let's assume we give each one of these it's own best-case scenario.

Vista is the clear loser. I'm no fan of security through obscurity, but it's Windows - the lightning rod of the OS world. It's huge market share ensures that any insecurities will be found, and Microsoft's history with security and patches ensures that those insecurities will go unfixed for a good while. Also, it depends upon how one defines 'secure'. If, by secure, you mean that the owner of the machine has total control and others cannot gain unauthorized access, then it is impossible to make Vista secure. The DRM and MS spyware is embedded so deep into Vista, you will probably never get it out.

The next worst would be Mac. However, there is a huge gap between Vista and leopard, and a small gap between Leopard and everything else. Macs, being based on BSD, have a sane set of permissions and access control. The only thing that puts this behind BSD/Solaris is that a Mac install contains a lot more closed-source software running in a sensitive security context, so although we haven't caught them, there can be no proof that no funny-business is going on there.

Above Mac would be Solaris. Since we're discussing best-case scenarios, I'll assume that 'Solaris' refers to OpenSolaris, to which source can be reviewed. This has all the benefits of the Mac, but with source code, which adds that layer of security.

Above Solaris would be BSD. Since we're discussing best-case scenarios, I'll assume that by 'BSD', we mean the security-centric OpenBSD. OpenBSD has all the UNIX and open-source benefits, plus the added benefit of having an intensely security-conscious core development team. They have made great inroads into proactive security.

And, at the top of the security totem-pole is Linux. Since we are discussing best-case scenarios, I'll assume that by Linux, we are referring to a 'GNU/Linux properly patched up and properly using SELinux'. This Linux setup can lose to OpenBSD in a number of ways, but the addition of powerful MAC in the form of SELinux provides the best security. By enforcing this MAC, particularly on sensitive applications, Linux can achieve some protection against even 0-day attacks.

Please note that this comparison really discussed the best-case scenarios for each. If we were to discuss average-case scenarios, OpenBSD would probably overtake Linux. This is because SELinux is hard to get right, and many just turn it off. If we discussed worst-case scenarios, the order would be drastically different, with Mac taking the #1 slot, Windows taking the #2, and all the rest fighting for 3rd. This is because the 'worst case' scenario would be just opening your computer wide up. In Linux/BSD/Solaris, nothing stops you from doing that completely and wholeheartedly. However, in Mac and Windows, you have less control over your computer, and your computer will try to stop you from doing anything *drastically* and obviously stupid.
 
Old 01-20-2008, 07:41 PM   #3
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,397

Rep: Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114
I think that this is more-or-less a trick question.

"Security" is not something that computer software, by itself, can provide. Security is a process.

Right now, Windows has had a black-face because by default its security has been turned off. For years and years, people ran their computers with all the security effectively disabled and with Mr. McAfee's little gatekeeper at the front door ... the latter being to tell you when your prize race-horse got out of the barn again.

This curious state of affairs is a prize illustration of the difference between security ability and security reality. 32-bit Windows has always had a well-designed security model ... but if the security isn't being used it isn't worth squat. If the user is never told anything about the security, but is instead taught to "live in fear" because that's more profitable to some, then that's worse.

No matter what kind of system you have:
  1. Do not use the system as an administrative user.
  2. Use strong backup software (like the stuff Microsoft has shipped for years, free of charge...).
  3. Think. Be conscious about how you manage your computer and about what sort of software each user runs. If the software demands too many privileges, don't run that software.
  4. Keep the software on the system reasonably up-to-date, accepting it only from the established software-update systems provided by each vendor. For instance, if you're running Windows-XP, you should be running Service Pack 2.
  5. Don't put your faith in "anti-virus software." It is worse than useless. Turn it off, leave it off, remove it if you can.
 
Old 01-20-2008, 07:48 PM   #4
paulsm4
Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Hi -

I use Vista daily - and I can tell you it's *not* necessarily any more "secure" than Linux or MacOS.

Furthermore, many of the highly touted "security" features in Vista (I'm thinking especially of "UAC", but it's not the only culprit), are so downright ANNOYING that many users simply DISABLE them (defeating any possible "benefits")(which were dubious in the first place) and bringing Vista back down to the crappy, insecure level of your standard pre-Vista/pre-Longhorn Windows OS.

IMHO .. PSM

PS:
http://blogs.msdn.com/tims/archive/2...20/763275.aspx
http://blogs.zdnet.com/security/?p=29
 
Old 01-20-2008, 09:11 PM   #5
dv502
Member
 
Registered: Sep 2006
Location: USA - NYC
Distribution: Whatever icon you see!
Posts: 642

Rep: Reputation: 57
There is no such thing as a perfect secure system. Any system can be hack or crack. It's a matter of system configuration, purpose, userlevel and other factors. Comments from a video on computer security I seen.

I'm not a security expert, all I do follow some guidelines I read from books and other places to keep my linux secure as possible. For example

I used my root account only for system updates and software installation and other tasks that requires you to be root.

Turn on/off any unnecessary daemons.

For example, if you need to transfer files using samba, turn on the samba daemon, and once you've done with it, you can then turn it off.

Use strong passwords. A mix of letters, number and symbols.

etc..

No matter which OS you use, each will have their own security guidelines whether the system is used as a desktop or server or both.

Happy computing!

Last edited by dv502; 01-20-2008 at 09:23 PM.
 
Old 01-20-2008, 09:16 PM   #6
AceofSpades19
Senior Member
 
Registered: Feb 2007
Location: Chilliwack,BC.Canada
Distribution: Slackware64 -current
Posts: 2,079

Rep: Reputation: 57
From what I read of it, its just a comparison of security bugs which mean nothing when comparing proprietary software and OSS because MS can just not tell anybody about the bugs and OSS can't lie about security bugs so its just basically a pile of FUD.
 
Old 01-20-2008, 09:25 PM   #7
PatrickNew
Senior Member
 
Registered: Jan 2006
Location: Charleston, SC, USA
Distribution: Debian, Gentoo, Ubuntu, RHEL
Posts: 1,148
Blog Entries: 1

Rep: Reputation: 48
Quote:
Originally Posted by AceofSpades19 View Post
From what I read of it, its just a comparison of security bugs which mean nothing when comparing proprietary software and OSS because MS can just not tell anybody about the bugs and OSS can't lie about security bugs so its just basically a pile of FUD.
I have to agree with AceofSpades on this one. I read the article linked, and I must agree that "disclosed vulnerabilities" as a metric of security is shady at best. The article is, by its very nature, skewed. A more practical metric of how secure a system is in the real world might be the quantity of exploit code which exists. But then, that would probably skew it the other way, giving Linux the advantage merely through obscurity.

Point is, there is no good metric of "security". If I had to choose a measure, it would be the preferences of systems administrators. I think that it's folly to try to rate security on just one measure, and who better than the sysadmins to decide?

Rule of thumb: If anyone has a graph or table of numbers showing one OS more "secure" than another, unless you see *drastic* differences (orders of magnitude), then they're probably full of it.
 
Old 01-20-2008, 10:16 PM   #8
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
None of them unless they are unplugged and powered off. That is the only right answer, I am God, give me money now or something like that. Stop asking silly questions. The only secure computer in the world is the one in Mission Impossible and even then, they still got the list from it..
 
Old 01-20-2008, 11:30 PM   #9
armanox
Member
 
Registered: Sep 2005
Location: Baltimore, MD, USA
Distribution: Fedora, Gentoo, Debian, Slackware, IRIX, OS X
Posts: 192

Rep: Reputation: 32
OpenBSD is more secure for the default install, but, only because everything is turned off. Meaning, if the system can boot without it, forget it. Although...if memory serves, SSH is enabled by default, but, it is a secure protocol
 
Old 01-21-2008, 12:27 AM   #10
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,189

Rep: Reputation: 105Reputation: 105
Number of good comments already.

I'm a longtime sysadmin with years of Solaris experience and training as well as being a Mac user since 1985 and on two jobs a sysadmin for a Novell network. I rely on Solaris for my servers, OpenBSD for my firewalls, routers and bridges, and Mac OS X for my desktop and home computers. I have had jobs where I was responsible for networks of Windows computers (NT era), and I have a mix of Mac, Windows, and Linux in my user community now.

From a security perspective, we recommend against Windows when we can have a say. Most of our security headaches come from Windows. Most of our breaches of security come from Windows users. That's in spite of the fact that we have more desktops that are not Windows.

Out of the box, default install, I would claim that Mac OS X is the most secure. It is based on BSD, and by default it has services turned off and all security turned on. Historically, Apple has taken this approach and Microsoft has taken the opposite approach. I would also argue that Microsoft has traditionally taken the design driven by marketing and implemented by an army of low paid programmers, whereas Apple has paid more attention to the system design and security and has had a smaller group of more highly skilled programmers. I'm sure that has the potential for starting a flame war, but it's my firm belief and observation.

Of the other platforms, I think OpenBSD is probably the most secure, followed by Solaris and Linux. However, the security is going to be based on the sysadmin. I never, ever, take a default install. For a Solaris 9 installation on a Sun server, I spend a couple of days trimming, adjusting and locking down the install before adding application software. Some of that is review and searching for new information that might have come up since last time I did it. I keep a notebook on each server, and I review those when building a new server. A good sysadmin ought to spend a reasonable percentage of their time on security on an ongoing basis.

If you are working on any of these platforms and are interested in security, you should at least stop by at http://www.nsa.gov/snac/ and pick out the security guidelines for your platform. There is lots of reading there and a tremendous depth of detail. It assumes you know the platform reasonably well to begin with. For Solaris, I also have a collection of resources from other places, including Sun's security guide for Solaris, and a guide I found from Northern Telecom which turns out to be quite good.

Last edited by choogendyk; 01-21-2008 at 12:31 AM.
 
Old 01-21-2008, 10:50 AM   #11
Acron_0248
Member
 
Registered: Feb 2006
Location: Venezuela
Distribution: Gentoo
Posts: 453

Rep: Reputation: 33
Hi,


The question is too open, almost impossible to answer...

Security is mostly defined by several factors, everyone of then could give more points to one OS than other. I havn't used solaris or mac so I can't talk of those, I've read a lot, but not always everythin published on internet it's true :P, as for the others...

a) Do you mean "secure by default after install"?

In this case I will say that OpenBSD or some hardened Linux wins.

b) Do you mean "secure by having less bugs compromising security"?

If this is the case, then, any system with a minimal install base is most secure than the same system with a lot of apps, servers and the like. Is simple, Linux w/o apache installed is most secure than Linux with apache installed since apache will bring its own vulnerabilities to the system adding in the OS more ways to be xploited. This is just an example since there are distribution's developers who audit the code before releasing it to the tree.

The same goes for Windows, if you've installed firefox, then there's the possibility that someone use some xss that let him play with firefox's chrome, the same could happen if you configure IIS, now you've Windows' vulnerabilities and IIS' vulnerabilities to deal with.

However, in many ways Windows will loose, first is badly designed, second the "patch-cycle" is a big disadvantage and third it's popular, popularity not only brings attention of new customers, also brings the attention of the bad guys

c) Do you mean "secure by creators approach"?

In this case, Windows and most Linux will fail, one of the big problems regarding security is that it depends on the user

Oh...but there's a problem, there's this new user who doesn't know anything about security, isn't being educated by anyone so this new user doesn't know how to protect it's own system. This is mostly where the real "security problem" begins, you're a sysadmin working on a company, you're supposed to take care of the security matter and do whatever you can to protect the systems, but you've just find out that someone working at one of the workstation has activated a virus while browsing its emails, the problem was that he find this email, doesn't know who send it, the email subject doesn't seem to be helpful in know what's on the email and it seems that it's written in klingon, but, "could be important" the employee said and he opened the email

So, the point is that when the creators of any OS let the user be in charge of the security, is when you see "there's a virus running in our lan!", "someone has triggered some script from the /tmp folder! D=" and so on...

d) The systems is connected to the internet?

Any networkless system will be more secure...

So, IMHO:

Which could be considered most secure based in the above factors?

1) OpenBSD or Hardened Linux flavor
2) Linux (No Hardened)
3) Windoze

Hmmm....but this is my little brother PC, he doesn't know much about computers, only like to play, which will be more secure?

1) None

Are you sure?

Well well....

1) Linux networkless
2) Windows networkless (he could still get a virus loading a flash drive)




Regards
 
Old 01-21-2008, 10:56 AM   #12
Mega Man X
Guru
 
Registered: Apr 2003
Location: ~
Distribution: Ubuntu, FreeBSD, Solaris, DSL
Posts: 5,339

Rep: Reputation: 63
Out of the box? Windows XP for me... it does not recognize my Intel Network card. Linux and Vista does, but not XP. So there, out of the box, security-wise: XP >> Linux | Vista.
 
Old 01-21-2008, 11:01 AM   #13
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
Whichever you make. The whole "more secure" is a little unclear; how do you tell which is "less secure", a system that is very vulnerable to thousands or millions of computer viruses (for example), or a system that has a flaw that allows others to breach it with relative easiness?

If you don't chop the question down to more specific areas, I'd say you can't answer it straightforwardly. All operating systems (and not just those mentioned) have their vulnerabilities, both out of the box and despite updates. If every possibility is considered, both known and unknown, there are no secure operating systems at all. Or if you only consider major "holes", then the only one you should be worried about is another human, and that's a big deal.

You could just as well ask which is safer, a nuclear bomb (note: an "atom bomb" is very different thing from a "nuclear bomb", considered the differences between a whole atom and it's nucleus) or a deadly virus. It's not the thing as such, but who drives it and how it spreads it's effects - and how you estimate it.
 
Old 01-22-2008, 03:53 PM   #14
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,189

Rep: Reputation: 105Reputation: 105
It's still a legitimate question, it just doesn't have a simple answer.

The security of a system is a function of several variables, including the OS, the sysadmin, the user, the network environment, the extent to which it is targeted, and so on. That said, those who develop, sell and/or distribute OSes share a significant responsibility and culpability. They should all learn to be more careful and write code that is more secure. Sometimes market forces can make that more difficult and sometimes its just in the attitude and lack of culture in the companies responsible.

An important nuance to OS security concerns is targeted audience. Macintosh and Windows were originally aimed at end users. They both have server versions, but the vast majority are end user systems. The creators of these systems have a responsibility to assume that there may not be a computer geek or sysadmin overseeing the security and to recognize that they are not servers but rather clients. By default they should have all services turned off and all security on. This is the way Apple has always done it. I haven't looked at Vista, so I can't say, except anecdotally, whether Microsoft has learned this lesson. However, one reason you have so much spam in your mail is the vast armies of bot Windows machines out there.

Unix is typically intended to be a server, or to be used by knowledgeable users. It typically provides services, has them running, and expects people to be connecting. It is assumed that there will be a knowledgeable sysadmin responsible for configuring, reviewing and securing these systems.

Linux is sort of in the middle of all this. It's Unix like, has server implementations and end user implementations, but is typically used by people who are more likely to be computer knowledgeable. In situations where it is distributed to real end users, there are typically sysadmins responsible for configuring and securing it before giving it to the end user.

Being aware that computer security is never complete, and is a moving target, those of us who manage networks spend (or should spend) a fair amount of time securing the perimeter, monitoring the network, securing our servers, reading log files, trying to educate our users, etc. One piece of education is to encourage our end users to choose a Mac rather than running Windows. It makes our jobs easier. While we've discussed the possibility of distributing linux to our end users, we don't really have the manpower to properly configure it for ease of use and also secure it.
 
Old 01-22-2008, 05:26 PM   #15
secretlydead
Member
 
Registered: Sep 2003
Location: Qingdao, China
Distribution: mandriva, slack, red flag
Posts: 248

Rep: Reputation: 31
The reason Vista (I'm guessing) was made was to get contracts from studio's to license their movies, etc, to be distributed over the Internet and still be secure.

So, (I'm guessing), the answer is that Vista has a many great security features aimed at the security of copyrighted information from studio's and other publishers.

And this is exactly why Vista will catch on in a few years. It lays the basis for Microsoft to get distributor contracts. No one will be able to rent a movie without it.

Just some meandering thoughts...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Remote Server Setup between Linux(Cent os (BSD)) & Sun Solaris vishalimpact Linux - Newbie 3 09-19-2007 02:55 AM
LXer: Defending Against New Rootkits That Beat BSD, Linux, Mac, Vista, AMD and Intel LXer Syndicated Linux News 0 08-09-2006 07:21 PM
I BSD is more secure them linux? maginotjr *BSD 8 08-04-2005 04:23 PM
Do you run *BSD & Mac OS X? carboncopy *BSD 4 12-12-2004 09:41 PM
BSD more secure than Linux? maxut Linux - Enterprise 1 09-09-2004 04:27 PM


All times are GMT -5. The time now is 12:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration