Slashdot Mirror

← Back to Stories (view on slashdot.org)

Study Recommends Mac OS X as Safest OS

Posted by michael on from the safety-first dept.

rocketjam writes "The British security firm mi2g has concluded a comprehensive 12-month study to identify the safest 24/7 computing environment. In the end, the open source BSD and Mac OS X came out on top with the fewest security breaches against permanently connected machines worldwide in homes, small businesses, large enterprises and governments. The study found Linux to be the most breached environment 'in terms of manual hacker attacks overall and accounts for 65.64% of all breaches recorded'. Windows was the most breached environment in government computing and led Linux, BSD and Mac OS X by far in economic damage caused by breaches." We mentioned their previous study too. As before, the study ignores the thousands of automatically-spreading viruses for Windows.

8 of 370 comments (clear)

  1. Before people go nuts... by daveschroeder · · Score: 5, Informative

    ...this study is talking about manual exploits, and says as much:

    The study also reveals that Linux has become the most breached 24/7 online computing environment in terms of manual hacker attacks overall and accounts for 65.64% of all breaches recorded, with 154,846 successfully compromised Linux 24/7 online computers of all flavours.

    This is likely because of the great number of Linux servers, and the wide variety of network services and ports open to the world on such servers.

    And it does, in fact, make distinct reference to Windows malware (self-propagating worms, viruses, etc.):

    Malware proliferation

    The recent global malware epidemics have primarily targeted the Windows computing environment and have not caused any significant economic damage to environments running Open Source including Linux, BSD and Mac OS X. When taking the economic damage from malware into account over the last twelve months, including the impact of MyDoom, NetSky, SoBig, Klez and Sasser, Windows has become the most breached computing environment in the world accounting for most of the productivity losses associated with malware - virus, worm and trojan - proliferation. This is directly the result of very insignificant quantities of highly damaging mass-spreading malware being written for other computing environments like Linux, BSD and Mac OS X.

    Also interesting:

    For the record, neither mi2g Ltd nor the mi2g Intelligence Unit have a business relationship with Apple Computers and we do not own any shares in that corporation. Previously, the mi2g data for one month was considered to be too small a sample and not representative of the global environment within which different types of entities - micro, small, medium and large - exist. We have addressed those concerns in the new study. The critics were against the previous study which also came out in favour of Apple and BSD, because the entrenched supporters of Linux and Windows felt that mi2g was guilty of 'computing blasphemy'. In subsequent months, mi2g's reputation was damaged on search engines and bulletin boards. We would urge caution when reading negative commentary against mi2g, which may have been clandestinely funded, aided or abetted by a vendor or a special interest group.

    There are a wide variety of reasons to expect that Mac OS X is a significantly more secure computing platform than Windows in a non-server/desktop setting; this study only further confirms that.

  2. Re:Why isn't BSD in the title? by Rosyna · · Score: 4, Informative

    DUH! Everyone knows that BSD is the safest kind of like how everyone knows the earth isn't a square (however, most of its inhabitants are) yet most people don't realized that OS X can be categorized as a BSD Variant for most intents and purposes. Apple even often makes a point to list what version of BSD any given cat is based on.

  3. Re:Sure, but... by friendscallmelenny · · Score: 5, Informative
    I couldn't agree LESS.

    I think mac users are a very bimodal group. There are lots of pros, comfortable with various OS's. However, there are tons of totally clueless folks.

    I cleaned up a lot of macs in the pre-OSX days when a handful of annoyances like macro-viruses were common.

  4. You have been trolled by Mi2G by Anonymous Coward · · Score: 5, Informative


    Mi2G are about as expert in computer security as your local nursery school, they are basically a fraud outfit that decieve companies by using FUD in order to transfer cash from company accounts to the chairmans pocket, and slashdot linked them up
    and you wonder why no one subscribes and blocks slashdots adverts

    in the security scene they are worthless

    Register article

  5. Mac OS X default security settings by MrMartini · · Score: 5, Informative

    One important factor with Mac OS X security is its default security settings; when someone buys a new Mac, takes it home and starts it up, their firewall is enabled, all of their sharing/webserving services are turned off, and their root account is disabled.

  6. Re:Manual breaches... by jschottm · · Score: 4, Informative

    It's not like people go looking for Linux boxes randomly.

    I have many, many sshd/firewall logs that disagree with that. See here for some details of what people do if they can get in.

    Crackers look specifically for Linux because your chances of finding an amateur administrator are far greater with Linux than BSD, Solaris, etc. I'd say it's also true of OS X, except Apple does a pretty good job of forcing updates down users throats which helps keep them fairly secure. There's tons of RedHat boxes out there that haven't been updated since RH EOLed the product line. And there's some pretty juicy tidbits to be found on them. I contacted a company that had been compromised in the afore mentioned group of attacks. Their box had their customers' credit card numbers on it, and with the keylogger installed in the rootkit, they were facing having other boxes that had been exposed.

    crackers might not know what operating system the site is running until they attempt to infiltrate it.

    Only the dumbest of script kiddies doesn't know what OS they are getting attacking.

  7. I Recommend Mac OS X as One of the Best OSes. by $criptah · · Score: 4, Informative

    I did not think of using a Mac until my last year in college when my FreeBSD box crapped out numerous time during my final software engineering project. I spent all my graduation money on a Mac and I still think that it was a good move because I get the power of Unix and Open Source with a nice interface and a system that does not crash and accepts almost anything I choose to stick in the USB port.

    My primary reasons for using a Mac are:

    I still can use all my office applications without problems. Office for Mac is not bad at all!

    As a Unix dude who runs several boxes at home, I find it almost impossible to use windows because I am am glued to Terminal from time to time. I tried Cygwin and I do use it at work; however, I do not like it as much due to the lack of complete intergration into my box.

    Mac has been secure for me. Although I consider myself to be a power user, I do have a girlfriend who likes to download all sorts of crap and click on everything that flashes. I haven't had problems with viruses so far.

    Mac OS 10.3 has never crashed on me. I do not remember a single time when something went wrong to the point where I had to do cold boot.

    Darwinports rule. Open Source programs just the way I like them :)

    Mac is based on Unix and that is a key because I like maintaining all my systems in the same way. For example, I can run the same backup scripts with almost the same variables across all my boxes.

    Plug-n-Play, as opposed to Plug-n-Pray on Windows. So far, I had no problems with digital cameras, USB keys, scanners, printers, etc. Plug it in and it works.

    Human-Computer Interaction and Mac GUI. I cannot stress this enough: details are important! Natural things, like dragging an image from Safari browser or to iChat's icon, make our lives easier. Smooth fonts appeal greater. Software applications, just like people, will be taken more seriously if they are well polished. Thankfully, Apple spent an enormous amount of time and money on HCI research and then turned the results into something productive. I like OS X because it feels more natural than any Windows edition I've used so far.

    This is a small one, but CD burning works with OS X without any problems right out of the box. No additional software installations needed. This list was enough to convince me :)

  8. Numbers show: Windows not more secure than Linux by Morganth · · Score: 5, Informative

    According to Netcraft, Apache outnumbers IIS 3:1, and I'm making the (valid) assumption that most Apache web servers run on Linux. Let's also make the other assumption that most 24/7 machines are web servers (that most servers accessible on the net are web servers).

    So, Netcraft has 37,620,349 Apache servers on-file, compared to 11,679,222 IIS servers. Mi2G has reported 235,907 successful breaches. First of all, to give you an idea of the sample size, that's 0.5% of all servers recorded by Netcraft! But let's give them that, since this is a sample of breaches occuring in a relatively short time period.

    Now here comes the real news. 59,419 of computers recorded as breached are Windows, whereas 154,846 of computers recorded as breached are Linux (mi2g's numbers). Let's take those as percentages of all Linux [*nix] servers, and of all Windows servers. Looks like 0.4% of Linux servers have been breached, whereas 0.5% of Windows servers have been breached. So Windows is a little less secure, by my metric.

    Now, this is a little unfair, because my assumption above (that Apache servers run Linux) is wrong. Many Apache servers that Netcraft picks up run BSD and could even run Mac OS X Server, I guess. Even taking this into account, the breach rate would be about the same for the two OSes (probably a little bit better for Linux).

    What this doesn't take into account in terms of the Windows/UNIX debate are the hidden costs of an IIS server in terms of administration, virii, stability, reboot requirements, etc. the list goes on and on. It also doesn't take into account SOME hidden costs of Linux/BSD servers, but those are minor compared to the Windows annoyances (trust me, I know: I administer a Windows server, unfortunately).

    That said, I do think BSD probably is more secure, and I use Netcraft's "longest uptime" as one of my metrics. To me, it seems the longer a site is on the Internet, the more statistical chance it has to get attacked. That ALL of the top uptime sites on Netcraft's list run BSD shows me that BSD is a pretty rock-solid OS for servers, that you can leave them out there in the wild for years without worry.

    The real bottom line is that software that runs on UNIX-like OSes tends to be more secure, and this usually has not too much to do with the OS. For your box to have real security, the system administrator has to be smart (or the distro has to come with Smart Defaults, like I believe Debian does in the Linux world). The only real way to prevent security breaches is to be a smart administrator: to think ahead and secure your boxen before it's too late.

    All this study shows me is that no OS is a "magic bullet," that breaches occur on unprotected machines regardless of your OS. No one blames car manufacturers/designers for stolen in-dash CD players if you stupidly forget to lock your doors.