The DSL people say that they're putting a terminal (or whatever you call it) in at the end of our block, so we should be able to have 6 megabit DSL soon. We have also just bought a fast new computer (an Apple G5), so I was thinking about using it as a server.

However, I have always thought that if I were going to have a public website, I would run a very stripped down version of OpenBSD behind one or more firewall computers. OS X is hardly stripped down, and there will be no firewall computer.

I guess I don't understand what makes a computer vulnerable. It's leaving a door open like a bug in some program or a weak password, right? If there are no "doors open" in OS X, it should be as secure as a bunker.

Am I missing something here?

Sure, if there were no bugs in any programs on OS X it would be totally secure. That goes for any OS. But programs have bugs and some of those bugs create security holes.

OS X can be made very secure if you know how to configure it properly. It can also be left wide open. You have to determine what kind of risks you're dealing with based on what you use the server for, and go from there.

Hope this helps you...

We have a new *NIX forum where this might be a more appropriate question. Moving this thread there.

Well OS X is really a BSD (and has nothing to do with Linux), so really this question should have been posted in the *BSD forum.

That being said, OS X is used for web servers at some sites (but OS X Server, not the normal version). Interestingly, some government agencies that are customers of the company I work for use OS X Server instead of Windows Server because they consider it more secure.

OS X *does* have a firewall built in, it's just turned off by default (look in Systems Preferences -> Sharing). The default OS X firewall configuration is unfortunately not very strict (it could allow spoofing and it's unnecessarily open to UDP traffic), but you can download third-party plugins that allow for much more granular control over the firewall. Incidentally, the OS X firewall is built on IPFW from FreeBSD, so if you read the FreeBSD documentation for IPFW you'll know how to configure the OS X firewall from the command line (you can use the sudo command to execute commands as root to setup modify the firewall).

As to what makes an OS or an application vulnerable, you pretty much hit it on the head. It's bugs in the code, weak authentication methods, poor input checking, etc.

So far, not many vulnerabilities have been found in OS X compared to other major operating systems. This probably has a little more to do with the fact that OS X is fairly obsucre and doesn't get a lot of scrutiny, rather than it being in some way phenominally more secure.

You can make sure you're up to date by always running the Software Update utility when new patches are released by Apple. You can access this from the Apple menu. It will also run automatically by default (I think once a week?) and alert you if there are new updates to download. You can change the preferences for Software Update to run daily, and download updates in the background so when you're notified they're all ready to be installed.

It's true that OpenBSD is considered by many to be the most secure commonly available operating system and it would be an excellent choice for a secure web server, but if you're more comfortable with OS X I don't think it would be a problem to use it for a web server. Just make sure you turn on the firewall and you keep the software up to date.

OS X the operating system is perfectly capable of running a server (speed, security). However, with the GUI which can't be shut off, AFAIK, it would probably be a lot slower than running *BSD and shutting X off.

The only resource the UI really takes is RAM, unless you have something animated on the screen. With the display turned off there should be very little overhead. In that respect it's rather similar to the WinNT (2K, 2K3) line that all have GUIs but don't really impact performance.

I would not use OS X for a server. From just a totally general sort of viewpoint, the less services and programs and processes you have running, the less chance one of those processes will have some vulnerability that allows someone to crack into your server. If you want to run a web server... then that should be it. Its just a webserver with the minimum installed and running programs necessary to support that.

OS X is bloated. To me, its like Darwin and NeXT and BSD, and Mac OS 9, its like a bunch of operating systems all kludged together. Regardless of whether I know what I'm talking about here, it is indisputable that something like OpenBSD would have less garbage running around, cluttering things up. In fact, I would say almost any other operating system in the world would have less junk running even Windows, although Windows seems in practice to be less secure than OS X.

Also, to lessen my credibility, I have never used OS X Server, only OS X; however, I can't imagine why someone would CHOOSE to have less control over their server. Though an OS X server will be initally easier to set up, later on you will be sorry when you try to add apache modules or setup interesting things. OS X is smooth and attractive on the surface, but right below that its kind of ugly.

A Linux or BSD server will be cleaner and more secure, almost by definition, than an OS X system. It will initially be slightly harder to configure but well worth it. And since the hardware is the same either way...(though I'm not sure OpenBSD has SMP support yet??)

Just to add a contrasting point of view here, my employer runs their entire website off Xservers and I have to say it is remarkably rock-solid in terms of dependability and security. They liked it so much that they replaced an aging Sun cluster running Redhat and went with a 125 node (250 proc) G5 Xserve cluster that will likely be on the next top 500 list. Personally I'm not a big Apple/OSX fan, but from my experience they do make excellent servers.

Although I'm a great advocate of Linux and *BSD, I must disagree with the overall tone of your post.

Certainly OS X has some things that are unnecessary for a server, and a bare-minimum Linux or FreeBSD installation like I use on my own servers would be slightly more efficient and possibly more secure. But OS X has many advantages, and if it allows you to run a secure server where otherwise you would not be able to without hiring a sysadmin, then I say it's an excellent choice. Certainly a far more secure choice than Windows, and much easier for the average person than Linux.

You or I might not choose OS X for a server, but that doesn't mean it isn't a perfectly valid choice for someone whose skills might lie in different areas.

I think the site didn't recognize that I came back to look at the first reply, so it didn't e-mail me about the rest of the posts.

Thanks for the advice. I have pretty much decided that this isn't a good idea. This is my personal computer and I have valuable data that I really don't want to lose. That's not the sort of computer you would want to use as a server.

I've never used OS X Server either, but from what I can tell, it's really, really simple and fast (in a administration sense). It's really just all the open-source programs that a normal server would run, but with management software. You could probably get under the hood if you wanted to.