Top 12 Operating Systems Vulnerability Survey

markmcb writes "Have you ever wondered how vulnerable your computer is from the first bit you write to the hard drive all the way until you have a fully patched system? If so, Matthew Vea has posted a concise summary of security strengths and shortcomings for twelve of the major operating systems of 2006/2007. In his summary, Matt tests each OS with widely available tools like nmap and Nessus, and notes responses at install, pre-patch, and post-patch times for each system. After the tedious job is done, he produces results that will make both the Apple and Windows communities cringe with regards to security. From the article: 'As far as straight-out-of-box conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities ... The UNIX and Linux variants present a much more robust exterior to the outside. Even when the pre-configured server binaries are enabled, each [Linux] system generally maintained its integrity against remote attacks.'"

Nessus and Nmap

[demonbug]

It seems that this "analysis" is rather over-dependent on Nessus. The article even points out that the tools used couldn't actually see any vulnerabilities (at least for the most up do date versions of the OSes), rather those listed were based on the "database" of vulnerabilities from Nessus. Seems like it would have been equally useful just to look in the Nessus database in the first place.

Re:No OpenBSD?

[soloport]

Considering that server OSs were examined, why no OpenBSD? Too "obvious"?

Title says, "Top 12"? (Am guessing.)

Re:What about 10.4.9?

[drinkypoo]

I ran nessus 2.2.8 (on Ubuntu Feisty) with all included plugins active, against an up-to-date MacOSX 10.4.9 system which is sitting just to my right. The system has Windows Sharing, Remote Login, and FTP Access turned on. The closest it came to a vulnerability was with netbios-ns (137/udp) and it said "If you do not want to allow everyone to find the NetBios name of your computer, you should filter incoming traffic to this port." Hope this is something like what you wanted to know.

Re:Macs Still Safe in Default State

Um...Yes. That's exactly what is being said. RTFA! or RRTFA. Machines have been infected in as little as 20 SECONDS!

Re:Macs Still Safe in Default State

[Mister+Whirly]

XP SP2 comes with built-in firewall turned on by default, the XP CDs out now are slipstreamed XP2 version. So, to answer your (albeit facetious)question, the firewall is already enabled before you go online to get the rest of the patches. Not bulletproof but better than nothing.

Open port |service!= vulnerability

Test "tests" run are plain silly. Open ports do not mean vulnerabilities. Open services do not mean vulnerabilities as long as the authorization functions of the services work. In other words: Using completely patched systems all of the systems had 0 vulnerabilities.

This was the most stupid and moot article in ages on /.

Re:Macs Still Safe in Default State

[Ingerod]

True, but as far as I can tell the only vulnerability even with the services specified switched on is the possibility to gather usernames by guessing them. See http://www.vnutz.com/content/exploit/Nessus_Apple_ OSX_Tiger_10.4.8_Vulnerabilities.html. Nessus ranks them as low at worst. Nothing to be too excited about.

Windows XP SP2 is a bit worse with one high risk allowing for remote code execution. All in all, not too bad compared to Win XP SP1. Both OSes are secure enough for desktop use. (As long as you don't use Outlook or IE...)