Top 12 Operating Systems Vulnerability Survey

markmcb writes "Have you ever wondered how vulnerable your computer is from the first bit you write to the hard drive all the way until you have a fully patched system? If so, Matthew Vea has posted a concise summary of security strengths and shortcomings for twelve of the major operating systems of 2006/2007. In his summary, Matt tests each OS with widely available tools like nmap and Nessus, and notes responses at install, pre-patch, and post-patch times for each system. After the tedious job is done, he produces results that will make both the Apple and Windows communities cringe with regards to security. From the article: 'As far as straight-out-of-box conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities ... The UNIX and Linux variants present a much more robust exterior to the outside. Even when the pre-configured server binaries are enabled, each [Linux] system generally maintained its integrity against remote attacks.'"

No OpenBSD?

[sunwukong]

Considering that server OSs were examined, why no OpenBSD? Too "obvious"?

This is a survey of security?

[MonGuSE]

Since when does throwing up 12 boxes and running a quick nessus scan over them count as a security survey?

Wait, why am I cringing?

[Onan]

I'll admit that I've only looked through the macosx vulnerability section in any detail, but I'm certainly not experiencing anything like the cringing promised by the writeup.

The upshot seemed to be that even when the examiner intentionally turned on every service and did not enable the firewall, the only vulnerabilities found were two timing-based user-enumeration attacks.

That's... that's the big shocking secret? That if I go out of my way to ask my system to be considerably less secure than its default configuration, Mallory out there can find out the names of accounts on my system? Quick, somebody get me some smelling salts!

We need a comparison of pro-active security

[twistah]

I would like to see something different: a breakdown of proactive security measures taken by OS (or available in the OS) as a way of mitigating security issues. Security problems will pop up no matter what (whether in the OS or third-party software), and I'd like to see what OS do to prevent or reduce the impact of exploitation.

For example, WinXP SP2 introduced stack randomization and various other enhancements. Solaris has an option to mark parts of the stack non-executable. Third-party extensions like grsec and Bastille allow Linux to be hardened in a way which prevents race conditions, buffer overflows and more. This is a very much simplified list -- but that's exactly why I'd like to see a better breakdown.

Re:MS makes installing SPs offline easy

Now the individual post-last-SP patches, those are a pain to do offline mainly because there are so many of them.

This can be minimized by using a combination of nLite and RyanVM's update pack to build your install ISO. Again, these are both third party, non M$ approved apps.

Vista?

[MSFanBoi2]

Ok so let me get this correct, in order for his scanners to even detect Vista on the network he had to totally disable the built in firewall.

The list of open ports was THREE.

No vulnerablities were detected even with the firewall totally OFF.

Seems like (for now) Vista wins this one.

Re:Calm your self...

[howlingmadhowie]

a friend of mine calls himself a network-technician and works freelance for small companies. he uses windows 2000 as a server platform. he told me about a year ago, that he hasn't installed a single patch on any of the servers he looks after, because he's worring about breaking something. (i wonder what he actually does then?)