Study Recommends Mac OS X as Safest OS
rocketjam writes "The British security firm mi2g has concluded a comprehensive 12-month study to identify the safest 24/7 computing environment. In the end, the open source BSD and Mac OS X came out on top with the fewest security breaches against permanently connected machines worldwide in homes, small businesses, large enterprises and governments. The study found Linux to be the most breached environment 'in terms of manual hacker attacks overall and accounts for 65.64% of all breaches recorded'. Windows was the most breached environment in government computing and led Linux, BSD and Mac OS X by far in economic damage caused by breaches." We mentioned their previous study too. As before, the study ignores the thousands of automatically-spreading viruses for Windows.
As a Mac user and Linux guy, I have to say that this kind of study is a little tilted... how many Mac users and Windows users really know how to record a breach into their machine? Neither ships with process accounting on out of the box, to my knowledge.
I recently had some puke engage in comment spamming my website. Traceback revealed he was using a Windows XP machine infected with the Subseven trojan. I'd be willing to bet that breach was not recorded.
My own anecdotal experience would be roughly the same (sans OS X experience). I have known someone whose Linux box was rooted, but it, too, was a manual attack. Windows goes without saying. OpenBSD goes without saying, too (oppositely, of course).
Linux is a very good general purpose OS, but it's development is volatile enough that it requires a conservative approach with respect to security. I would use an older more mature kernel along with manually paring down the rc directories and inetd.conf, among other things. OpenBSD, on the other hand, is stripped out of the box, and the user must add services. I generally feel that Solaris ranks more with Linux, in that a manual hardening effort really is necessary. Never would I put Windows on the Internet--it would be like swimming in the ocean with steaks tied to my legs.
-- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
The sad thing is that they apparently went through a lot of effort to collect data, but at least as they've presented it the data makes it impossible for anyone to draw any conclusions. The whole thing was wasted effort unless they've got some more data they didn't bother putting into the study, that can show successful attacks as they relate to attempted attacks against each platform, or at least related to how many of each platform are actually installed and meet their criteria.
Don't blame me; I'm never given mod points.