The World's Safest Operating System

fredrikr writes "UK-based security firm mi2g has analyzed 17,074 successful digital attacks against servers and networks. The results are a bit surprising. The BSD OSes (including FreeBSD and Mac OS X) proved to be the systems least likely to be successfully cracked, while Linux servers were the most vulnerable. Linux machines suffered 13,654 successful attacks, or 80 percent of the survey total. Windows based servers enjoyed a sharp decline in successful breaches, with only 2,005 attacks."

bad admins

[mastergoon]

Linux, being a free OS, ends up with newbie admins all over the place. The defaults arent too safe. How many of these servers surveyed were admined with something like cpanel?

Exactly what I was thinking

[empaler]

I don't understand why anyone would publish a study that is so loosely and poorly substantiated; that would be like looking at a Syrian prison and count the number of syrians imprisoned, and then on that basis summise that "Syrians are more criminal than south africans, since there are hundreds of syrians and not a single south african." /Paven

Re:Microsoft?

[taped2thedesk]

Yeah, right after MS made the switch from ASP to PHP :-p

Re:Fun and games with statistics

[Safety+Cap]

Windows users are less likely to run a webserver ~.

Huh? If you install Windows Server, it has IIS and FTP server turned on by default. I believe Redmond finally got a clue with XP and disabled that "out of the box" feature. Go to your average company and http to any of the file servers. Nine times out of ten, you'll get the default IIS page.

be default

[UID500]

bsd systems are more secure than *most* linux systems by having most services turned off at install. a box is only as secure as it's admin makes it. but this comes with more ease on a bsd system.

Re:Fun and games with statistics

[RockClimbingFool]

You should disreguard the latest round of EMAIL worms and viruses. Those programs are installed through sheer human stupidity, NOT because of inherent flaws in Windows.

Re:Overexaggerated

[Afrosheen]

Who was it that said no box is ever really secure? I believe that. However, like you say, some OS's are inherently more secure based on models, default configurations, etc.

However, generally when Linux or BSD has a security flaw, it's announced and fixed in a timely manner. Windows isn't the same. Sometimes serious security holes are discovered, reported, then Microsoft sits on the fix. Meanwhile your server keeps getting owned and there's nothing you can do about it. Then they eventually release the fix in a massive service pack update 5 months from now.

There's only so much you can do to secure a windows server, and alot of the time you must depend on Microsoft to help you. If they don't help, you don't get the security you've paid through the nose for.

another interesting read off of attrition

[thomas_klopf]

Some more reading (doesn't look like it was posted here yet)

http://www.attrition.org/errata/sec-co/mi2g-01.htm l

study is BS

[saitl]

the study is BS, of course there are less successfull OSX hacks than Windows or Linux - barely anyone tries to hack OSX! Linux is gaining popular so more hackers are turning their eyes to it. The way they ran that study, whichever is the most popular OS will be the 'least secure', cuz that is the one all the hackers are focusing their attentions on.

moron conclusion

[DunbarTheInept]

Fact: Out of a sample of N attacts on servers, chosen by some (presumably) fair technique, only a tiny fraction were on MacOS.
Moron Conclusion: That must be because MacOS is very secure.
Smart Conclusion: Wait, how does that compare against the number of servers actually running MacOS in the first place? If MacOS is less commonly installed as a server, those numbers might not mean anything.