Slashdot Mirror

← Back to Stories (view on slashdot.org)

Top 12 Operating Systems Vulnerability Survey

Posted by Zonk on from the just-in-case-you-were-feeling-secure dept.

markmcb writes "Have you ever wondered how vulnerable your computer is from the first bit you write to the hard drive all the way until you have a fully patched system? If so, Matthew Vea has posted a concise summary of security strengths and shortcomings for twelve of the major operating systems of 2006/2007. In his summary, Matt tests each OS with widely available tools like nmap and Nessus, and notes responses at install, pre-patch, and post-patch times for each system. After the tedious job is done, he produces results that will make both the Apple and Windows communities cringe with regards to security. From the article: 'As far as straight-out-of-box conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities ... The UNIX and Linux variants present a much more robust exterior to the outside. Even when the pre-configured server binaries are enabled, each [Linux] system generally maintained its integrity against remote attacks.'"

6 of 206 comments (clear)

  1. This is a survey of security? by MonGuSE · · Score: 5, Interesting

    Since when does throwing up 12 boxes and running a quick nessus scan over them count as a security survey?

  2. Macs Still Safe in Default State by adavies42 · · Score: 5, Insightful

    The guaranteed-to-be-overlooked key point: all the Mac vulnerabilities exist in services that are off by default. Yes, it's annoying that Apple isn't faster at patching them (and other known local holes), but it still beats the hell out of XP's default state on first boot.

    --
    Media that can be recorded and distributed can be recorded and distributed.
    -kfg
  3. Nessus and Nmap by demonbug · · Score: 5, Informative

    It seems that this "analysis" is rather over-dependent on Nessus. The article even points out that the tools used couldn't actually see any vulnerabilities (at least for the most up do date versions of the OSes), rather those listed were based on the "database" of vulnerabilities from Nessus. Seems like it would have been equally useful just to look in the Nessus database in the first place.

  4. Nice Cherrypicking by AKAImBatman · · Score: 5, Insightful

    As far as straight-out-of-box conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities ... The UNIX and Linux variants present a much more robust exterior to the outside.

    The article also says:

    By default, Apple OS X does not have its built-in servers enabled. For testing the standard binaries, [available services] were all enabled through the Preferences tool. After enabling the services, Nmap identified the freshly opened ports and Nessus found only a user enumeration vulnerability in the HTTP server.

    Out of the box, OS X is highly secure. You make the active decision to risk remote exploits when you enable these services.

    For OS X Server, they had this to say for it, "Out of the box":

    During installation, Nmap fingerprinted the setup TCP/IP stack as OS X 10.3 or 10.4 and identified an open SSH port. Nessus did not identify any external vulnerabilities.

    The lesson to be learned here is that an open connection is a potentially exploitable one. So don't open connections unless you're sure you want to do so. The second part of that lesson is if you're going to enable a remote port, make sure your security patches are up to date. "Out of the box" software is only secure for a short period of time.
    --
    Javascript + Nintendo DSi = DSiCade
    1. Re:Nice Cherrypicking by SCHecklerX · · Score: 5, Insightful

      The lesson to be learned here is that an open connection is a potentially exploitable one. So don't open connections unless you're sure you want to do so. The second part of that lesson is if you're going to enable a remote port, make sure your security patches are up to date. "Out of the box" software is only secure for a short period of time.


      Which is one reason it's so hard to secure a windows system. Who knows what half of those listening services actually do and what depends on them.

      Also, you missed the third part, which is to configure the services you do need conservatively (ie, configure apache to not allow methods you do not use for your site, disable anonymouse FTP, or if needed lock its permissions and probably chroot it, etc).

      Security isn't *too* hard if you have admins that actually listen to their lead security guy:

      1. Run only the services that you need
      2. Configure those services securely
      3. Keep those services patched


      Yes, there is a lot more to security, and how services are used factors into your response in how to mitigate any known problems, but the sysadmin security stuff boils down to the above list.
  5. Read carefully what was done on MacOS X by david.emery · · Score: 5, Insightful

    Note that on both MacOS X and MacOS X Server, there was a clean installation, followed by specific USER ACTIONS to ENABLE services. Thus it should not be a surprise if you turn on the Web service, for example, you now respond on port 80.

    Now once you enable a service, it's legitimate to then analyze the exposed service for vulnerabilities, and I found that information interesting.

    But it should have been clearly established that the vulnerabilities noted in Mac OS X are for services that the user specifically enabled. The general description does not call this out, and I think that the conclusions are flawed because of this.

              dave